Merge branch 'master' of https://git.bukova.info/repos/git/isspst
commit
3ad8cfbe3f
@ -0,0 +1,76 @@
|
||||
package info.bukova.isspst.security;
|
||||
|
||||
import info.bukova.isspst.Constants;
|
||||
import info.bukova.isspst.data.Role;
|
||||
import info.bukova.isspst.data.User;
|
||||
import info.bukova.isspst.services.users.RoleService;
|
||||
import info.bukova.isspst.services.users.UserService;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
import javax.naming.NamingException;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
|
||||
|
||||
public class AuthPopulator implements LdapAuthoritiesPopulator {
|
||||
|
||||
private UserService userService;
|
||||
private RoleService roleService;
|
||||
|
||||
public AuthPopulator(UserService userService, RoleService roleService) {
|
||||
this.userService = userService;
|
||||
this.roleService = roleService;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getGrantedAuthorities(
|
||||
DirContextOperations userData, String login) {
|
||||
|
||||
User user = null;
|
||||
try {
|
||||
user = (User) userService.loadUserByUsername(login);
|
||||
} catch (UsernameNotFoundException e) {
|
||||
Logger logger = LoggerFactory.getLogger(AuthPopulator.class);
|
||||
logger.info("Importing user from LDAP");
|
||||
|
||||
user = new User();
|
||||
user.setUsername(login);
|
||||
Role role = roleService.getRoleByAuthority(Constants.ROLE_USER);
|
||||
user.addAuthority(role);
|
||||
|
||||
if (userData.attributeExists("givenName")) {
|
||||
try {
|
||||
user.setFirstName(userData.getAttributes().get("givenName").get().toString());
|
||||
} catch (NamingException e1) {
|
||||
logger.info("LDAP object has no 'givenName' attribute");
|
||||
}
|
||||
}
|
||||
if (userData.attributeExists("sn")) {
|
||||
try {
|
||||
user.setLastName(userData.getAttributes().get("sn").get().toString());
|
||||
} catch (NamingException e1) {
|
||||
logger.info("LDAP object has no 'sn' attribute");
|
||||
}
|
||||
}
|
||||
if (userData.attributeExists("mail")) {
|
||||
try {
|
||||
user.setEmail(userData.getAttributes().get("mail").get().toString());
|
||||
} catch (NamingException e1) {
|
||||
logger.info("LDAP object has no 'mail' attribute");
|
||||
}
|
||||
}
|
||||
|
||||
userService.grantAdmin();
|
||||
userService.add(user);
|
||||
userService.removeAccess();
|
||||
}
|
||||
|
||||
return user != null ? user.getAuthorities() : null;
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,5 +1,7 @@
|
||||
package info.bukova.isspst;
|
||||
package info.bukova.isspst.security;
|
||||
|
||||
import info.bukova.isspst.Constants;
|
||||
import info.bukova.isspst.Module;
|
||||
import info.bukova.isspst.data.Role;
|
||||
import info.bukova.isspst.services.Service;
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
package info.bukova.isspst;
|
||||
package info.bukova.isspst.security;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@ -0,0 +1,54 @@
|
||||
package info.bukova.isspst.ui;
|
||||
|
||||
import info.bukova.isspst.data.DataModel;
|
||||
import info.bukova.isspst.services.Service;
|
||||
import info.bukova.isspst.services.ValidationException;
|
||||
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.commons.beanutils.BeanUtils;
|
||||
import org.zkoss.zk.ui.Component;
|
||||
import org.zkoss.zk.ui.WrongValueException;
|
||||
import org.zkoss.zul.Constraint;
|
||||
|
||||
public class ServiceConstraint<T extends DataModel> implements Constraint {
|
||||
|
||||
private Service<T> service;
|
||||
private T dataBean;
|
||||
|
||||
@Override
|
||||
public void validate(Component component, Object value)
|
||||
throws WrongValueException {
|
||||
|
||||
String id = component.getId();
|
||||
if (id == null || id.isEmpty()) {
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
BeanUtils.setProperty(dataBean, id, value);
|
||||
service.validate(dataBean);
|
||||
} catch (ValidationException e) {
|
||||
Map<String, String> errMessages = e.getMessages();
|
||||
|
||||
if (errMessages != null && errMessages.get(id) != null && !errMessages.get(id).isEmpty()) {
|
||||
WrongValueException ex = new WrongValueException(component, errMessages.get(id));
|
||||
throw ex;
|
||||
}
|
||||
} catch (IllegalAccessException e) {
|
||||
|
||||
} catch (InvocationTargetException e) {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
public void setService(Service<T> service) {
|
||||
this.service = service;
|
||||
}
|
||||
|
||||
public void setDataBean(T dataBean) {
|
||||
this.dataBean = dataBean;
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,71 @@
|
||||
dn: ou=groups,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: organizationalUnit
|
||||
ou: groups
|
||||
|
||||
dn: ou=people,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: organizationalUnit
|
||||
ou: people
|
||||
|
||||
dn: uid=kadel,ou=people,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: person
|
||||
objectclass: organizationalPerson
|
||||
objectclass: inetOrgPerson
|
||||
cn: Kadel Pohlavnik
|
||||
sn: Pohlavnik
|
||||
givenName: Kadel
|
||||
uid: kadel
|
||||
userPassword: pokus
|
||||
|
||||
dn: uid=admin,ou=people,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: person
|
||||
objectclass: organizationalPerson
|
||||
objectclass: inetOrgPerson
|
||||
cn: Administrator
|
||||
sn: admin
|
||||
uid: admin
|
||||
userPassword: xsacfgd
|
||||
|
||||
dn: uid=dianne,ou=people,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: person
|
||||
objectclass: organizationalPerson
|
||||
objectclass: inetOrgPerson
|
||||
cn: Dianne Emu
|
||||
sn: Emu
|
||||
uid: dianne
|
||||
userPassword: emu
|
||||
|
||||
dn: uid=scott,ou=people,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: person
|
||||
objectclass: organizationalPerson
|
||||
objectclass: inetOrgPerson
|
||||
cn: Scott
|
||||
sn: Wombat
|
||||
uid: scott
|
||||
userPassword: wombat
|
||||
|
||||
dn: cn=user,ou=groups,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: groupOfNames
|
||||
cn: user
|
||||
member: uid=rod,ou=people,dc=bukova,dc=info
|
||||
member: uid=dianne,ou=people,dc=bukova,dc=info
|
||||
member: uid=scott,ou=people,dc=bukova,dc=info
|
||||
|
||||
dn: cn=teller,ou=groups,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: groupOfNames
|
||||
cn: teller
|
||||
member: uid=rod,ou=people,dc=bukova,dc=info
|
||||
member: dianne=rod,ou=people,dc=bukova,dc=info
|
||||
|
||||
dn: cn=supervisor,ou=groups,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: groupOfNames
|
||||
cn: supervisor
|
||||
member: uid=rod,ou=people,dc=bukova,dc=info
|
||||
@ -0,0 +1,2 @@
|
||||
ldap.server=ldap://localhost:3089
|
||||
ldap.userDNPattern=uid=\{0\},OU=people,DC=bukova,DC=info
|
||||
@ -0,0 +1,17 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
|
||||
|
||||
|
||||
<security:authentication-manager>
|
||||
<security:authentication-provider user-service-ref="userService">
|
||||
<security:password-encoder ref="passwordEncoder">
|
||||
<security:salt-source user-property="username" />
|
||||
</security:password-encoder>
|
||||
</security:authentication-provider>
|
||||
</security:authentication-manager>
|
||||
|
||||
</beans>
|
||||
@ -0,0 +1,46 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
|
||||
|
||||
<!-- LDAP -->
|
||||
|
||||
<!-- embedded server only for testing -->
|
||||
<security:ldap-server root="dc=bukova,dc=info" ldif="classpath:users.ldif" port="3089"/>
|
||||
|
||||
<security:authentication-manager>
|
||||
<security:authentication-provider ref="ldapAuthProvider"/>
|
||||
</security:authentication-manager>
|
||||
|
||||
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
|
||||
<constructor-arg value="${ldap.server}"/>
|
||||
</bean>
|
||||
|
||||
<bean id="authenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
|
||||
<constructor-arg ref="contextSource"/>
|
||||
<property name="userDnPatterns">
|
||||
<list>
|
||||
<value>${ldap.userDNPattern}</value>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="populator" class="info.bukova.isspst.security.AuthPopulator">
|
||||
<constructor-arg>
|
||||
<ref local="userService"/>
|
||||
</constructor-arg>
|
||||
<constructor-arg>
|
||||
<ref local="roleService"/>
|
||||
</constructor-arg>
|
||||
</bean>
|
||||
|
||||
<bean id="ldapAuthProvider"
|
||||
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
|
||||
<constructor-arg ref="authenticator"/>
|
||||
<constructor-arg ref="populator"/>
|
||||
</bean>
|
||||
|
||||
|
||||
</beans>
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 2.6 KiB |
Loading…
Reference in New Issue