Merge branch 'master' of https://git.bukova.info/repos/git/isspst
commit
6835dd2f7c
@ -0,0 +1,59 @@
|
||||
package info.bukova.isspst.services.users;
|
||||
|
||||
import info.bukova.isspst.Constants;
|
||||
import info.bukova.isspst.data.User;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.ldap.core.DirContextAdapter;
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
|
||||
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
|
||||
|
||||
/**
|
||||
* Mapovač doménových uživatelů Active Directory na uživatele aplikace. Pokud uživatel není v aplikační databází,
|
||||
* importu je se tam pomoci {@link LdapUserImporter}. Tento objekt se předává do {@link ActiveDirectoryLdapAuthenticationProvider}.
|
||||
*
|
||||
* @author pepa
|
||||
*
|
||||
*/
|
||||
public class AdUserCtxMapper implements UserDetailsContextMapper {
|
||||
|
||||
private UserService userService;
|
||||
private RoleService roleService;
|
||||
|
||||
private final static Logger logger = LoggerFactory.getLogger(AdUserCtxMapper.class);
|
||||
|
||||
public AdUserCtxMapper(UserService userService, RoleService roleService) {
|
||||
this.userService = userService;
|
||||
this.roleService = roleService;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserDetails mapUserFromContext(DirContextOperations userData,
|
||||
String username, Collection<? extends GrantedAuthority> authorities) {
|
||||
|
||||
try {
|
||||
User user = (User) userService.loadUserByUsername(username);
|
||||
return user;
|
||||
} catch (UsernameNotFoundException e) {
|
||||
logger.info("Importing user from Active Directory");
|
||||
LdapUserImporter importer = new LdapUserImporter(userService);
|
||||
importer.importUser(username, userData, roleService.getRoleByAuthority(Constants.ROLE_USER));
|
||||
|
||||
return userService.loadUserByUsername(username);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
|
||||
throw new UnsupportedOperationException("LdapUserDetailsMapper only supports reading from a context. Please" +
|
||||
"use a subclass if mapUserToContext() is required.");
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,90 @@
|
||||
package info.bukova.isspst.services.users;
|
||||
|
||||
import info.bukova.isspst.data.Role;
|
||||
import info.bukova.isspst.data.User;
|
||||
import info.bukova.isspst.data.UsersAddress;
|
||||
|
||||
import javax.naming.NamingException;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
|
||||
/**
|
||||
* Pomocná třída pro import uživatele z LDAP serveru (nebo Active Directory) do databáze aplikace
|
||||
*
|
||||
* @author pepa
|
||||
*
|
||||
*/
|
||||
public class LdapUserImporter {
|
||||
|
||||
private UserService userService;
|
||||
private final static Logger logger = LoggerFactory.getLogger(LdapUserImporter.class);
|
||||
|
||||
public LdapUserImporter(UserService userService) {
|
||||
this.userService = userService;
|
||||
}
|
||||
|
||||
/**
|
||||
* Provede import uživatele z LDAP do aplikační databáze
|
||||
*
|
||||
* @param login - login uživatele
|
||||
* @param userData - objekt reprezentujízí data z LDAP
|
||||
* @param defaultRole - role, která má být přidělena novému uživateli
|
||||
*/
|
||||
public void importUser(String login, DirContextOperations userData, Role defaultRole) {
|
||||
User user = new User();
|
||||
user.setUsername(login);
|
||||
user.addAuthority(defaultRole);
|
||||
|
||||
if (userData.attributeExists("givenName")) {
|
||||
try {
|
||||
user.setFirstName(userData.getAttributes().get("givenName").get().toString());
|
||||
} catch (NamingException e1) {
|
||||
logger.info("LDAP object has no 'givenName' attribute");
|
||||
}
|
||||
}
|
||||
if (userData.attributeExists("sn")) {
|
||||
try {
|
||||
user.setLastName(userData.getAttributes().get("sn").get().toString());
|
||||
} catch (NamingException e1) {
|
||||
logger.info("LDAP object has no 'sn' attribute");
|
||||
}
|
||||
}
|
||||
if (userData.attributeExists("mail")) {
|
||||
try {
|
||||
user.setEmail(userData.getAttributes().get("mail").get().toString());
|
||||
user.setNotify(true);
|
||||
} catch (NamingException e1) {
|
||||
logger.info("LDAP object has no 'mail' attribute");
|
||||
}
|
||||
}
|
||||
|
||||
UsersAddress address = new UsersAddress();
|
||||
boolean hasAddress = false;
|
||||
|
||||
if (userData.attributeExists("streetAddress")) {
|
||||
address.setStreet(userData.getStringAttribute("streetAddress"));
|
||||
hasAddress = true;
|
||||
}
|
||||
if (userData.attributeExists("l")) {
|
||||
address.setCity(userData.getStringAttribute("l"));
|
||||
hasAddress = true;
|
||||
}
|
||||
if (userData.attributeExists("postalCode")) {
|
||||
address.setZipCode(userData.getStringAttribute("postalCode"));
|
||||
hasAddress = true;
|
||||
}
|
||||
|
||||
if (hasAddress) {
|
||||
user.setAddress(address);
|
||||
}
|
||||
|
||||
user.setEnabled(true);
|
||||
|
||||
userService.grantAdmin(); // povýšit práva pro toto vlákno
|
||||
userService.add(user);
|
||||
userService.removeAccess();
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,2 @@
|
||||
ad.domain=bukova.net
|
||||
ad.ldapUrl=ldap://192.168.25.110/
|
@ -0,0 +1,23 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
|
||||
|
||||
<security:authentication-manager>
|
||||
<security:authentication-provider ref="adAuthProvider"/>
|
||||
</security:authentication-manager>
|
||||
|
||||
<bean id="adAuthProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
|
||||
<constructor-arg name="domain" value="${ad.domain}"/>
|
||||
<constructor-arg name="url" value="${ad.ldapUrl}"/>
|
||||
<property name="userDetailsContextMapper" ref="adUserMapper"/>
|
||||
</bean>
|
||||
|
||||
<bean id="adUserMapper" class="info.bukova.isspst.services.users.AdUserCtxMapper">
|
||||
<constructor-arg name="userService" ref="userService"/>
|
||||
<constructor-arg name="roleService" ref="roleService"/>
|
||||
</bean>
|
||||
|
||||
</beans>
|
Loading…
Reference in New Issue