Přihlašování proti LDAP serveru- integrace s Active Directory
parent
7d4537f332
commit
d381a5ac26
@ -0,0 +1,76 @@
|
||||
package info.bukova.isspst.security;
|
||||
|
||||
import info.bukova.isspst.Constants;
|
||||
import info.bukova.isspst.data.Role;
|
||||
import info.bukova.isspst.data.User;
|
||||
import info.bukova.isspst.services.users.RoleService;
|
||||
import info.bukova.isspst.services.users.UserService;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
import javax.naming.NamingException;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
|
||||
|
||||
public class AuthPopulator implements LdapAuthoritiesPopulator {
|
||||
|
||||
private UserService userService;
|
||||
private RoleService roleService;
|
||||
|
||||
public AuthPopulator(UserService userService, RoleService roleService) {
|
||||
this.userService = userService;
|
||||
this.roleService = roleService;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getGrantedAuthorities(
|
||||
DirContextOperations userData, String login) {
|
||||
|
||||
User user = null;
|
||||
try {
|
||||
user = (User) userService.loadUserByUsername(login);
|
||||
} catch (UsernameNotFoundException e) {
|
||||
Logger logger = LoggerFactory.getLogger(AuthPopulator.class);
|
||||
logger.info("Importing user from LDAP");
|
||||
|
||||
user = new User();
|
||||
user.setUsername(login);
|
||||
Role role = roleService.getRoleByAuthority(Constants.ROLE_USER);
|
||||
user.addAuthority(role);
|
||||
|
||||
if (userData.attributeExists("givenName")) {
|
||||
try {
|
||||
user.setFirstName(userData.getAttributes().get("givenName").get().toString());
|
||||
} catch (NamingException e1) {
|
||||
logger.info("LDAP object has no 'givenName' attribute");
|
||||
}
|
||||
}
|
||||
if (userData.attributeExists("sn")) {
|
||||
try {
|
||||
user.setLastName(userData.getAttributes().get("sn").get().toString());
|
||||
} catch (NamingException e1) {
|
||||
logger.info("LDAP object has no 'sn' attribute");
|
||||
}
|
||||
}
|
||||
if (userData.attributeExists("mail")) {
|
||||
try {
|
||||
user.setEmail(userData.getAttributes().get("mail").get().toString());
|
||||
} catch (NamingException e1) {
|
||||
logger.info("LDAP object has no 'mail' attribute");
|
||||
}
|
||||
}
|
||||
|
||||
userService.grantAdmin();
|
||||
userService.add(user);
|
||||
userService.removeAccess();
|
||||
}
|
||||
|
||||
return user != null ? user.getAuthorities() : null;
|
||||
}
|
||||
|
||||
}
|
@ -1,5 +1,7 @@
|
||||
package info.bukova.isspst;
|
||||
package info.bukova.isspst.security;
|
||||
|
||||
import info.bukova.isspst.Constants;
|
||||
import info.bukova.isspst.Module;
|
||||
import info.bukova.isspst.data.Role;
|
||||
import info.bukova.isspst.services.Service;
|
||||
|
@ -1,4 +1,4 @@
|
||||
package info.bukova.isspst;
|
||||
package info.bukova.isspst.security;
|
||||
|
||||
import java.io.IOException;
|
||||
|
@ -0,0 +1,71 @@
|
||||
dn: ou=groups,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: organizationalUnit
|
||||
ou: groups
|
||||
|
||||
dn: ou=people,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: organizationalUnit
|
||||
ou: people
|
||||
|
||||
dn: uid=kadel,ou=people,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: person
|
||||
objectclass: organizationalPerson
|
||||
objectclass: inetOrgPerson
|
||||
cn: Kadel Pohlavnik
|
||||
sn: Pohlavnik
|
||||
givenName: Kadel
|
||||
uid: kadel
|
||||
userPassword: pokus
|
||||
|
||||
dn: uid=admin,ou=people,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: person
|
||||
objectclass: organizationalPerson
|
||||
objectclass: inetOrgPerson
|
||||
cn: Administrator
|
||||
sn: admin
|
||||
uid: admin
|
||||
userPassword: xsacfgd
|
||||
|
||||
dn: uid=dianne,ou=people,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: person
|
||||
objectclass: organizationalPerson
|
||||
objectclass: inetOrgPerson
|
||||
cn: Dianne Emu
|
||||
sn: Emu
|
||||
uid: dianne
|
||||
userPassword: emu
|
||||
|
||||
dn: uid=scott,ou=people,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: person
|
||||
objectclass: organizationalPerson
|
||||
objectclass: inetOrgPerson
|
||||
cn: Scott
|
||||
sn: Wombat
|
||||
uid: scott
|
||||
userPassword: wombat
|
||||
|
||||
dn: cn=user,ou=groups,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: groupOfNames
|
||||
cn: user
|
||||
member: uid=rod,ou=people,dc=bukova,dc=info
|
||||
member: uid=dianne,ou=people,dc=bukova,dc=info
|
||||
member: uid=scott,ou=people,dc=bukova,dc=info
|
||||
|
||||
dn: cn=teller,ou=groups,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: groupOfNames
|
||||
cn: teller
|
||||
member: uid=rod,ou=people,dc=bukova,dc=info
|
||||
member: dianne=rod,ou=people,dc=bukova,dc=info
|
||||
|
||||
dn: cn=supervisor,ou=groups,dc=bukova,dc=info
|
||||
objectclass: top
|
||||
objectclass: groupOfNames
|
||||
cn: supervisor
|
||||
member: uid=rod,ou=people,dc=bukova,dc=info
|
@ -0,0 +1,2 @@
|
||||
ldap.server=ldap://localhost:3089
|
||||
ldap.userDNPattern=uid=\{0\},OU=people,DC=bukova,DC=info
|
@ -0,0 +1,17 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
|
||||
|
||||
|
||||
<security:authentication-manager>
|
||||
<security:authentication-provider user-service-ref="userService">
|
||||
<security:password-encoder ref="passwordEncoder">
|
||||
<security:salt-source user-property="username" />
|
||||
</security:password-encoder>
|
||||
</security:authentication-provider>
|
||||
</security:authentication-manager>
|
||||
|
||||
</beans>
|
@ -0,0 +1,46 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
|
||||
|
||||
<!-- LDAP -->
|
||||
|
||||
<!-- embedded server only for testing -->
|
||||
<security:ldap-server root="dc=bukova,dc=info" ldif="classpath:users.ldif" port="3089"/>
|
||||
|
||||
<security:authentication-manager>
|
||||
<security:authentication-provider ref="ldapAuthProvider"/>
|
||||
</security:authentication-manager>
|
||||
|
||||
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
|
||||
<constructor-arg value="${ldap.server}"/>
|
||||
</bean>
|
||||
|
||||
<bean id="authenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
|
||||
<constructor-arg ref="contextSource"/>
|
||||
<property name="userDnPatterns">
|
||||
<list>
|
||||
<value>${ldap.userDNPattern}</value>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="populator" class="info.bukova.isspst.security.AuthPopulator">
|
||||
<constructor-arg>
|
||||
<ref local="userService"/>
|
||||
</constructor-arg>
|
||||
<constructor-arg>
|
||||
<ref local="roleService"/>
|
||||
</constructor-arg>
|
||||
</bean>
|
||||
|
||||
<bean id="ldapAuthProvider"
|
||||
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
|
||||
<constructor-arg ref="authenticator"/>
|
||||
<constructor-arg ref="populator"/>
|
||||
</bean>
|
||||
|
||||
|
||||
</beans>
|
Binary file not shown.
After Width: | Height: | Size: 2.6 KiB |
Loading…
Reference in New Issue