Přihlašování proti LDAP serveru- integrace s Active Directory

src/main/java/info/bukova/isspst/DbInitListener.java

@@ -12,8 +12,6 @@ import javax.servlet.ServletContextListener;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
@@ -34,23 +32,16 @@ public class DbInitListener implements ServletContextListener {
 		Logger logger = LoggerFactory.getLogger(DbInitListener.class);
 		logger.info("Initializing database");
 		
-		User tmpAdmin = new User();
-		Role tmpRole = new Role();
-		tmpRole.setAuthority(Constants.ROLE_ADMIN);
-		tmpAdmin.setUsername(Constants.DEF_ADMIN);
-		tmpAdmin.addAuthority(tmpRole);
-		SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(tmpAdmin, null, tmpAdmin.getAuthorities()));
-		
 		WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(evt.getServletContext());
 		roleService = ctx.getBean(RoleService.class);
 		userService = ctx.getBean(UserService.class);
 		permService = ctx.getBean(PermissionService.class);
 		
+		userService.grantAdmin();
 		checkRoles();
 		checkUsers();
 		checkPermissions();
-		
-		SecurityContextHolder.getContext().setAuthentication(null);
+		userService.removeAccess();
 	}
 	
 	private void checkRoles() {

src/main/java/info/bukova/isspst/data/User.java

@@ -49,12 +49,15 @@ public class User extends BaseSimpleData implements UserDetails, DataModel {
 	@Override
 	public List<Role> getAuthorities() {
 		List<Role> roles = new ArrayList<Role>();
+		int i = 10000000;
 		for (Role r : authorities) {
 			roles.add(r);
 			for (Permission p : r.getPermissions()) {
 				Role role = new Role();
 				boolean addRole = true;
 				role.setAuthority(p.getAuthority() + "_" + p.getModule());
+				role.setId(i);
+				++i;
 				
 				for (Role chRole : roles) {
 					if (chRole.getAuthority().equals(role.getAuthority())) {

src/main/java/info/bukova/isspst/security/AuthPopulator.java

@@ -0,0 +1,76 @@
+package info.bukova.isspst.security;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.data.Role;
+import info.bukova.isspst.data.User;
+import info.bukova.isspst.services.users.RoleService;
+import info.bukova.isspst.services.users.UserService;
+
+import java.util.Collection;
+
+import javax.naming.NamingException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
+
+public class AuthPopulator implements LdapAuthoritiesPopulator {
+
+	private UserService userService;
+	private RoleService roleService;
+
+	public AuthPopulator(UserService userService, RoleService roleService) {
+		this.userService = userService;
+		this.roleService = roleService;
+	}
+
+	@Override
+	public Collection<? extends GrantedAuthority> getGrantedAuthorities(
+			DirContextOperations userData, String login) {
+
+		User user = null;
+		try {
+			user = (User) userService.loadUserByUsername(login);
+		} catch (UsernameNotFoundException e) {
+			Logger logger = LoggerFactory.getLogger(AuthPopulator.class);
+			logger.info("Importing user from LDAP");
+			
+			user = new User();
+			user.setUsername(login);
+			Role role = roleService.getRoleByAuthority(Constants.ROLE_USER);
+			user.addAuthority(role);
+			
+			if (userData.attributeExists("givenName")) {
+				try {
+					user.setFirstName(userData.getAttributes().get("givenName").get().toString());
+				} catch (NamingException e1) {
+					logger.info("LDAP object has no 'givenName' attribute");
+				}
+			}
+			if (userData.attributeExists("sn")) {
+				try {
+					user.setLastName(userData.getAttributes().get("sn").get().toString());
+				} catch (NamingException e1) {
+					logger.info("LDAP object has no 'sn' attribute");
+				}
+			}
+			if (userData.attributeExists("mail")) {
+				try {
+					user.setEmail(userData.getAttributes().get("mail").get().toString());
+				} catch (NamingException e1) {
+					logger.info("LDAP object has no 'mail' attribute");
+				}
+			}
+			
+			userService.grantAdmin();
+			userService.add(user);
+			userService.removeAccess();
+		}
+
+		return user != null ? user.getAuthorities() : null;
+	}
+
+}

src/main/java/info/bukova/isspst/security/IsspstPermissionEvaluator.java

@@ -1,5 +1,7 @@
-package info.bukova.isspst;
+package info.bukova.isspst.security;
 
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.Module;
 import info.bukova.isspst.data.Role;
 import info.bukova.isspst.services.Service;
 

src/main/java/info/bukova/isspst/security/LoginFailHandler.java

@@ -1,4 +1,4 @@
-package info.bukova.isspst;
+package info.bukova.isspst.security;
 
 import java.io.IOException;
 

src/main/java/info/bukova/isspst/services/AbstractOwnedService.java

@@ -6,6 +6,7 @@ import org.hibernate.NonUniqueResultException;
 import org.hibernate.Query;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.transaction.annotation.Transactional;
 
 import info.bukova.isspst.data.OwnedDataModel;
@@ -36,7 +37,7 @@ public class AbstractOwnedService<T extends OwnedDataModel> extends AbstractServ
 	@Transactional
 	protected User getLoggedInUser() {
 		try {
-			String query = "from User where ID = " + ((User)SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getId();
+			String query = "from User where USERNAME = '" + ((UserDetails)SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername() + "'";
 			Query q = dao.getQuery(query);
 			return (User) q.uniqueResult();
 		} catch (NonUniqueResultException e) {

src/main/java/info/bukova/isspst/services/users/UserService.java

@@ -12,5 +12,7 @@ public interface UserService extends UserDetailsService, Service<User> {
 	public void saveWithPwd(User user, String password);
 	public User getCurrent();
 	public String encodePassword(User user, String plain);
+	public void grantAdmin();
+	public void removeAccess();
 
 }

src/main/java/info/bukova/isspst/services/users/UserServiceImpl.java

@@ -1,6 +1,7 @@
 package info.bukova.isspst.services.users;
 
 import org.hibernate.Query;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authentication.encoding.PasswordEncoder;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -8,6 +9,7 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.transaction.annotation.Transactional;
 
+import info.bukova.isspst.Constants;
 import info.bukova.isspst.data.Role;
 import info.bukova.isspst.data.User;
 import info.bukova.isspst.services.AbstractService;
@@ -58,11 +60,16 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
 	}
 
 	@Override
+	@Transactional
 	public User getCurrent() {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 		
 		if (auth != null && auth.getPrincipal() != null) {
-			return (User)auth.getPrincipal();
+			try {
+				return (User)loadUserByUsername(((UserDetails)auth.getPrincipal()).getUsername());
+			} catch(UsernameNotFoundException e) {
+				return null;
+			}
 		}
 		
 		return null;
@@ -73,5 +80,20 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
 		return encoder.encodePassword(plain, user.getUsername());
 	}
 
+	@Override
+	public void grantAdmin() {
+		User tmpAdmin = new User();
+		Role tmpRole = new Role();
+		tmpRole.setAuthority(Constants.ROLE_ADMIN);
+		tmpAdmin.setUsername(Constants.DEF_ADMIN);
+		tmpAdmin.addAuthority(tmpRole);
+		SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(tmpAdmin, null, tmpAdmin.getAuthorities()));
+	}
+
+	@Override
+	public void removeAccess() {
+		SecurityContextHolder.getContext().setAuthentication(null);
+	}
+
 
 }

src/main/java/info/bukova/isspst/ui/ListViewModel.java

@@ -131,7 +131,7 @@ public class ListViewModel<T extends DataModel> {
 		try {
 			newRecMode();
 			editBean = service.create();
-			if (dataBean == null) {
+			if (editBean == null) {
 				editBean = dataClass.newInstance();
 			}
 			showForm();