Integrace s google apps- přihlašování účtem google.

2014-08-26 12:44:05 +02:00
parent d886e1e4f4
commit 17deee8b21
9 changed files with 156 additions and 9 deletions
@@ -80,6 +80,11 @@
    		<artifactId>spring-security-ldap</artifactId>
    		<version>${org.springframework-version}</version>
  		</dependency>
  		<dependency>
        	<groupId>org.springframework.security</groupId>
        	<artifactId>spring-security-openid</artifactId>
        	<version>${org.springframework-version}</version>
    	</dependency>
  		<dependency>
    		<groupId>org.springframework</groupId>
    		<artifactId>spring-test</artifactId>
@@ -0,0 +1,93 @@
 package info.bukova.isspst.services.users;
 import info.bukova.isspst.Constants;
 import info.bukova.isspst.data.Role;
 import info.bukova.isspst.data.User;
 import java.util.List;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.openid.OpenIDAttribute;
 import org.springframework.security.openid.OpenIDAuthenticationToken;
 public class GmailUserService implements AuthenticationUserDetailsService<OpenIDAuthenticationToken> {
 	private static final Logger logger = LoggerFactory.getLogger(GmailUserService.class); 
 	private UserService userService;
 	private RoleService roleService;
 	private String restrictDomain;
 	public GmailUserService(UserService userService, RoleService roleService) {
 		this.userService = userService;
 		this.roleService = roleService;
 	}
 	@Override
 	public UserDetails loadUserDetails(OpenIDAuthenticationToken token)
 			throws UsernameNotFoundException {
 		String email = null;
 		String firstName = null;
 		String lastName = null;
 		List<OpenIDAttribute> attributes = token.getAttributes();
 		for (OpenIDAttribute attribute : attributes) {
 			if (attribute.getName().equals("email")) {
 				email = attribute.getValues().get(0);
 			}
 			if (attribute.getName().equals("firstName")) {
 				firstName = attribute.getValues().get(0);
 			}
 			if (attribute.getName().equals("lastName")) {
 				lastName = attribute.getValues().get(0);
 			}
 		}
 		String userAndDomain[] = email.split("@");
 		String username = userAndDomain[0];
 		String domain = userAndDomain[1];
 		if (restrictDomain != null && !restrictDomain.isEmpty() && !restrictDomain.equals(domain)) {
 			logger.warn("Try to login from foreign domain");
 			throw new UsernameNotFoundException("Email from foreign domain");
 		}
 		UserDetails user;
 		try {
 			user = userService.loadUserByUsername(username);
 		} catch (UsernameNotFoundException e) {
 			logger.info("Username not found in database. Creating one");
 			User usr = new User();
 			usr.setUsername(username);
 			usr.setFirstName(firstName);
 			usr.setLastName(lastName);
 			usr.setEmail(email);
 			usr.setEnabled(true);
 			usr.setNotify(true);
 			Role role = roleService.getRoleByAuthority(Constants.ROLE_USER);
 			usr.addAuthority(role);
 			userService.grantAdmin();
 			userService.add(usr);
 			userService.removeAccess();
 			user = userService.loadUserByUsername(username);
 		}
 		return user;
 	}
 	public void setRestrictDomain(String restrictDomain) {
 		this.restrictDomain = restrictDomain;
 	}
 }
@@ -0,0 +1 @@
 gmail.restrictDomain=
@@ -272,6 +272,7 @@ Login=Přihlásit
 Loggingin=Přihlášení
 Logout=Odhlásit
 WrongNameOrPassword=Špatné jméno nebo heslo
 LoginViaGoogle=Přihlásit účtem Google
 DateFormat=dd. MM. yyyy
@@ -0,0 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns="http://www.springframework.org/schema/beans"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xmlns:security="http://www.springframework.org/schema/security"
 	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 	<bean id="gmailUserService" class="info.bukova.isspst.services.users.GmailUserService">
 		<constructor-arg ref="userService"/>
 		<constructor-arg ref="roleService"/>
 		<property name="restrictDomain" value="${gmail.restrictDomain}"/>
 	</bean>
 </beans>
@@ -19,12 +19,8 @@
 	</bean>
 	<bean id="authenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
-	            <constructor-arg ref="contextSource"/>
+		<constructor-arg ref="contextSource"/>
-	            <property name="userDnPatterns">
+		<property name="userDnPatterns" value="#{'${ldap.userDNPattern}'.split(';')}"/>
 	                <list>
 	                    <value>${ldap.userDNPattern}</value>
 	                </list>
 	            </property>
 	</bean>
 	<bean id="populator" class="info.bukova.isspst.security.AuthPopulator">
@@ -27,6 +27,7 @@
 				<value>/WEB-INF/jdbc.properties</value>
 				<value>/WEB-INF/ldap.properties</value>
 				<value>/WEB-INF/mail.properties</value>
 				<value>/WEB-INF/gmail.properties</value>
 			</list>
 		</property>
 	</bean>
@@ -36,7 +37,10 @@
        class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"
        p:driverClassName="${jdbc.driverClassName}"
        p:url="${jdbc.databaseurl}" p:username="${jdbc.username}"
-        p:password="${jdbc.password}"></bean>
+        p:password="${jdbc.password}">
        	<property name="validationQuery" value="SELECT 1"/>
        	<property name="testOnBorrow" value="true"/>
        </bean>
 	<bean id="sessionFactory"
        class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
@@ -81,14 +85,26 @@
 		<security:intercept-url pattern="/admin/permissions/**" access="hasRole('PERM_READ_PERMISSIONS')"/>
 		<security:intercept-url pattern="/admin/addressbook/**" access="hasRole('PERM_READ_ADDRESSBOOK')"/>
 		<security:intercept-url pattern="/munits/**" access="hasRole('PERM_READ_MUNITS')"/>
-		<security:form-login login-page="/login.zhtml"
+		<security:form-login login-page="/login-gmail.zhtml"
 			authentication-failure-handler-ref="loginFail"
 			authentication-success-handler-ref="loginSuccess"/>
 		<security:http-basic/>
 		<security:openid-login authentication-failure-handler-ref="loginFail"
 			authentication-success-handler-ref="loginSuccess" 
 			user-service-ref="gmailUserService">
 			<security:attribute-exchange identifier-match="https://www.google.com/.*">
                <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" />
                <security:openid-attribute name="firstName" type="http://axschema.org/namePerson/first" required="true" />
                <security:openid-attribute name="lastName" type="http://axschema.org/namePerson/last" required="true" />
            </security:attribute-exchange>
 		</security:openid-login>
 		<security:logout invalidate-session="true"/>
 	</security:http>
 	<import resource="database-auth.xml"/>
 	<import resource="gmail-auth.xml"/>
 	<!-- <import resource="ldap-auth.xml"/> --> 
 	<import resource="mail-services.xml"/>
@@ -0,0 +1,21 @@
 <html
 	xmlns="native"
 	xmlns:u="zul"
 	xmlns:zk="zk">
 	<head>
 		<title>${labels.Loggingin}</title>
 	</head>
 	<body style="height: 100%; padding: 0 5px;">
 		<div style="height: 15%" />
 		<div align="center">
 			<u:include src="login.zul" />
 			<br/>
 			<img src="img/google.png" alt="Google"/>
 			<form action="j_spring_openid_security_check" method="post">
 				<input name="openid_identifier" type="hidden" value="https://www.google.com/accounts/o8/id"/>
   				<input type="submit" value="${labels.LoginViaGoogle}" class="nicebutton"/>
 			</form>
 		</div>
 	</body>
 </html>