Integrace s google apps- přihlašování účtem google.

multitenant
Josef Rokos 10 years ago
parent d886e1e4f4
commit 17deee8b21

@ -79,6 +79,11 @@
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId> <artifactId>spring-security-ldap</artifactId>
<version>${org.springframework-version}</version> <version>${org.springframework-version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-openid</artifactId>
<version>${org.springframework-version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework</groupId> <groupId>org.springframework</groupId>

@ -0,0 +1,93 @@
package info.bukova.isspst.services.users;
import info.bukova.isspst.Constants;
import info.bukova.isspst.data.Role;
import info.bukova.isspst.data.User;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.openid.OpenIDAttribute;
import org.springframework.security.openid.OpenIDAuthenticationToken;
public class GmailUserService implements AuthenticationUserDetailsService<OpenIDAuthenticationToken> {
private static final Logger logger = LoggerFactory.getLogger(GmailUserService.class);
private UserService userService;
private RoleService roleService;
private String restrictDomain;
public GmailUserService(UserService userService, RoleService roleService) {
this.userService = userService;
this.roleService = roleService;
}
@Override
public UserDetails loadUserDetails(OpenIDAuthenticationToken token)
throws UsernameNotFoundException {
String email = null;
String firstName = null;
String lastName = null;
List<OpenIDAttribute> attributes = token.getAttributes();
for (OpenIDAttribute attribute : attributes) {
if (attribute.getName().equals("email")) {
email = attribute.getValues().get(0);
}
if (attribute.getName().equals("firstName")) {
firstName = attribute.getValues().get(0);
}
if (attribute.getName().equals("lastName")) {
lastName = attribute.getValues().get(0);
}
}
String userAndDomain[] = email.split("@");
String username = userAndDomain[0];
String domain = userAndDomain[1];
if (restrictDomain != null && !restrictDomain.isEmpty() && !restrictDomain.equals(domain)) {
logger.warn("Try to login from foreign domain");
throw new UsernameNotFoundException("Email from foreign domain");
}
UserDetails user;
try {
user = userService.loadUserByUsername(username);
} catch (UsernameNotFoundException e) {
logger.info("Username not found in database. Creating one");
User usr = new User();
usr.setUsername(username);
usr.setFirstName(firstName);
usr.setLastName(lastName);
usr.setEmail(email);
usr.setEnabled(true);
usr.setNotify(true);
Role role = roleService.getRoleByAuthority(Constants.ROLE_USER);
usr.addAuthority(role);
userService.grantAdmin();
userService.add(usr);
userService.removeAccess();
user = userService.loadUserByUsername(username);
}
return user;
}
public void setRestrictDomain(String restrictDomain) {
this.restrictDomain = restrictDomain;
}
}

@ -272,6 +272,7 @@ Login=Přihlásit
Loggingin=Přihlášení Loggingin=Přihlášení
Logout=Odhlásit Logout=Odhlásit
WrongNameOrPassword=Špatné jméno nebo heslo WrongNameOrPassword=Špatné jméno nebo heslo
LoginViaGoogle=Přihlásit účtem Google
DateFormat=dd. MM. yyyy DateFormat=dd. MM. yyyy

@ -0,0 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<bean id="gmailUserService" class="info.bukova.isspst.services.users.GmailUserService">
<constructor-arg ref="userService"/>
<constructor-arg ref="roleService"/>
<property name="restrictDomain" value="${gmail.restrictDomain}"/>
</bean>
</beans>

@ -20,11 +20,7 @@
<bean id="authenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator"> <bean id="authenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource"/> <constructor-arg ref="contextSource"/>
<property name="userDnPatterns"> <property name="userDnPatterns" value="#{'${ldap.userDNPattern}'.split(';')}"/>
<list>
<value>${ldap.userDNPattern}</value>
</list>
</property>
</bean> </bean>
<bean id="populator" class="info.bukova.isspst.security.AuthPopulator"> <bean id="populator" class="info.bukova.isspst.security.AuthPopulator">

@ -27,6 +27,7 @@
<value>/WEB-INF/jdbc.properties</value> <value>/WEB-INF/jdbc.properties</value>
<value>/WEB-INF/ldap.properties</value> <value>/WEB-INF/ldap.properties</value>
<value>/WEB-INF/mail.properties</value> <value>/WEB-INF/mail.properties</value>
<value>/WEB-INF/gmail.properties</value>
</list> </list>
</property> </property>
</bean> </bean>
@ -36,7 +37,10 @@
class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"
p:driverClassName="${jdbc.driverClassName}" p:driverClassName="${jdbc.driverClassName}"
p:url="${jdbc.databaseurl}" p:username="${jdbc.username}" p:url="${jdbc.databaseurl}" p:username="${jdbc.username}"
p:password="${jdbc.password}"></bean> p:password="${jdbc.password}">
<property name="validationQuery" value="SELECT 1"/>
<property name="testOnBorrow" value="true"/>
</bean>
<bean id="sessionFactory" <bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean"> class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
@ -81,14 +85,26 @@
<security:intercept-url pattern="/admin/permissions/**" access="hasRole('PERM_READ_PERMISSIONS')"/> <security:intercept-url pattern="/admin/permissions/**" access="hasRole('PERM_READ_PERMISSIONS')"/>
<security:intercept-url pattern="/admin/addressbook/**" access="hasRole('PERM_READ_ADDRESSBOOK')"/> <security:intercept-url pattern="/admin/addressbook/**" access="hasRole('PERM_READ_ADDRESSBOOK')"/>
<security:intercept-url pattern="/munits/**" access="hasRole('PERM_READ_MUNITS')"/> <security:intercept-url pattern="/munits/**" access="hasRole('PERM_READ_MUNITS')"/>
<security:form-login login-page="/login.zhtml" <security:form-login login-page="/login-gmail.zhtml"
authentication-failure-handler-ref="loginFail" authentication-failure-handler-ref="loginFail"
authentication-success-handler-ref="loginSuccess"/> authentication-success-handler-ref="loginSuccess"/>
<security:http-basic/> <security:http-basic/>
<security:openid-login authentication-failure-handler-ref="loginFail"
authentication-success-handler-ref="loginSuccess"
user-service-ref="gmailUserService">
<security:attribute-exchange identifier-match="https://www.google.com/.*">
<security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" />
<security:openid-attribute name="firstName" type="http://axschema.org/namePerson/first" required="true" />
<security:openid-attribute name="lastName" type="http://axschema.org/namePerson/last" required="true" />
</security:attribute-exchange>
</security:openid-login>
<security:logout invalidate-session="true"/> <security:logout invalidate-session="true"/>
</security:http> </security:http>
<import resource="database-auth.xml"/> <import resource="database-auth.xml"/>
<import resource="gmail-auth.xml"/>
<!-- <import resource="ldap-auth.xml"/> --> <!-- <import resource="ldap-auth.xml"/> -->
<import resource="mail-services.xml"/> <import resource="mail-services.xml"/>

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.6 KiB

@ -0,0 +1,21 @@
<html
xmlns="native"
xmlns:u="zul"
xmlns:zk="zk">
<head>
<title>${labels.Loggingin}</title>
</head>
<body style="height: 100%; padding: 0 5px;">
<div style="height: 15%" />
<div align="center">
<u:include src="login.zul" />
<br/>
<img src="img/google.png" alt="Google"/>
<form action="j_spring_openid_security_check" method="post">
<input name="openid_identifier" type="hidden" value="https://www.google.com/accounts/o8/id"/>
<input type="submit" value="${labels.LoginViaGoogle}" class="nicebutton"/>
</form>
</div>
</body>
</html>
Loading…
Cancel
Save