Add LDAP support.
parent
51f531f6b4
commit
3ff67910c9
|
@ -77,6 +77,12 @@
|
|||
<version>${org.springframework.version}</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-ldap</artifactId>
|
||||
<version>${org.springframework.version}</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-beans</artifactId>
|
||||
|
|
|
@ -85,7 +85,7 @@ public class AdminController extends BaseController {
|
|||
}
|
||||
|
||||
// Finally create the user ...
|
||||
userService.createUser(delegated, false);
|
||||
userService.createUser(delegated, false,true);
|
||||
response.setHeader("Location", "/service/admin/users/" + user.getId());
|
||||
}
|
||||
|
||||
|
|
|
@ -27,10 +27,10 @@ import java.util.ArrayList;
|
|||
import java.util.Collection;
|
||||
|
||||
public class UserDetails implements org.springframework.security.core.userdetails.UserDetails {
|
||||
private com.wisemapping.model.User user;
|
||||
private com.wisemapping.model.User user;
|
||||
private boolean isAdmin;
|
||||
|
||||
public UserDetails(@NotNull final com.wisemapping.model.User user, boolean isAdmin) {
|
||||
public UserDetails(@NotNull final com.wisemapping.model.User user, boolean isAdmin) {
|
||||
this.user = user;
|
||||
this.isAdmin = isAdmin;
|
||||
}
|
||||
|
|
|
@ -18,13 +18,12 @@
|
|||
|
||||
package com.wisemapping.security;
|
||||
|
||||
import com.wisemapping.dao.UserManager;
|
||||
|
||||
import com.wisemapping.model.User;
|
||||
import com.wisemapping.service.UserService;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.jetbrains.annotations.Nullable;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
|
||||
import org.springframework.dao.DataAccessException;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
|
||||
|
@ -37,7 +36,7 @@ public class UserDetailsService
|
|||
@Override
|
||||
public UserDetails loadUserByUsername(@NotNull String email) throws UsernameNotFoundException, DataAccessException {
|
||||
final User user = userService.getUserBy(email);
|
||||
|
||||
|
||||
if (user != null) {
|
||||
return new UserDetails(user, isAdmin(email));
|
||||
} else {
|
||||
|
|
|
@ -0,0 +1,79 @@
|
|||
package com.wisemapping.security.ldap;
|
||||
|
||||
|
||||
import com.wisemapping.exceptions.WiseMappingException;
|
||||
import com.wisemapping.model.User;
|
||||
import com.wisemapping.security.UserDetails;
|
||||
import com.wisemapping.service.UserService;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.jetbrains.annotations.Nullable;
|
||||
import org.springframework.ldap.core.DirContextAdapter;
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
|
||||
|
||||
import java.util.Calendar;
|
||||
import java.util.Collection;
|
||||
|
||||
public class LdapUserDetailsContextMapper implements UserDetailsContextMapper {
|
||||
|
||||
private UserService userService;
|
||||
private String adminUser;
|
||||
|
||||
|
||||
public UserService getUserService() {
|
||||
return userService;
|
||||
}
|
||||
|
||||
public void setUserService(UserService userService) {
|
||||
this.userService = userService;
|
||||
}
|
||||
|
||||
|
||||
private boolean isAdmin(@Nullable String email) {
|
||||
return email != null && adminUser != null && email.trim().endsWith(adminUser);
|
||||
}
|
||||
|
||||
public String getAdminUser() {
|
||||
return adminUser;
|
||||
}
|
||||
|
||||
public void setAdminUser(String adminUser) {
|
||||
this.adminUser = adminUser;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserDetails mapUserFromContext(@NotNull DirContextOperations userData,
|
||||
String email, Collection<? extends GrantedAuthority> arg2) {
|
||||
User user = userService.getUserBy(email);
|
||||
if (user == null) {
|
||||
// If the user was not found in the database, create a new one ...
|
||||
user = new User();
|
||||
user.setEmail(email);
|
||||
|
||||
final String firstName = userData.getStringAttribute("givenName");
|
||||
user.setFirstname(firstName);
|
||||
|
||||
final String lastName = userData.getStringAttribute("sn");
|
||||
user.setLastname(lastName);
|
||||
|
||||
user.setPassword(email);
|
||||
final Calendar now = Calendar.getInstance();
|
||||
user.setActivationDate(now);
|
||||
|
||||
try {
|
||||
userService.createUser(user, false,false);
|
||||
} catch (WiseMappingException e) {
|
||||
throw new IllegalStateException(e);
|
||||
}
|
||||
}
|
||||
return new UserDetails(user, isAdmin(email));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void mapUserToContext(org.springframework.security.core.userdetails.UserDetails userDetails, DirContextAdapter dirContextAdapter) {
|
||||
// To be implemented ...
|
||||
}
|
||||
|
||||
|
||||
}
|
|
@ -26,7 +26,7 @@ public interface UserService {
|
|||
|
||||
public void activateAccount(long code) throws InvalidActivationCodeException;
|
||||
|
||||
public User createUser(@NotNull User user, boolean emailConfirmEnabled) throws WiseMappingException;
|
||||
public User createUser(@NotNull User user, boolean emailConfirmEnabled,boolean welcomeEmail) throws WiseMappingException;
|
||||
|
||||
public void changePassword(@NotNull User user);
|
||||
|
||||
|
@ -41,4 +41,6 @@ public interface UserService {
|
|||
public void deleteUser(@NotNull User user);
|
||||
|
||||
public void auditLogin(@NotNull User user);
|
||||
|
||||
public User getCasUserBy(String uid);
|
||||
}
|
||||
|
|
|
@ -107,7 +107,7 @@ public class UserServiceImpl
|
|||
userManager.auditLogin(accessAuditory);
|
||||
}
|
||||
|
||||
public User createUser(@NotNull User user, boolean emailConfirmEnabled) throws WiseMappingException {
|
||||
public User createUser(@NotNull User user, boolean emailConfirmEnabled, boolean welcomeEmail) throws WiseMappingException {
|
||||
final UUID uuid = UUID.randomUUID();
|
||||
user.setCreationDate(Calendar.getInstance());
|
||||
user.setActivationCode(uuid.getLeastSignificantBits());
|
||||
|
@ -120,6 +120,7 @@ public class UserServiceImpl
|
|||
}
|
||||
|
||||
Collaborator col = userManager.getCollaboratorBy(user.getEmail());
|
||||
|
||||
if (col != null) {
|
||||
userManager.createUser(user, col);
|
||||
} else {
|
||||
|
@ -134,7 +135,7 @@ public class UserServiceImpl
|
|||
// Send registration email.
|
||||
if (emailConfirmEnabled) {
|
||||
notificationService.sendRegistrationEmail(user);
|
||||
} else {
|
||||
} else if (welcomeEmail) {
|
||||
// Send a welcome email ..
|
||||
notificationService.newAccountCreated(user);
|
||||
}
|
||||
|
@ -205,4 +206,10 @@ public class UserServiceImpl
|
|||
public void setVelocityEngine(VelocityEngine velocityEngine) {
|
||||
this.velocityEngine = velocityEngine;
|
||||
}
|
||||
|
||||
@Override
|
||||
public User getCasUserBy(String uid) {
|
||||
// TODO Auto-generated method stub
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -110,7 +110,7 @@ public class UsersController {
|
|||
user.setPassword(userBean.getPassword());
|
||||
|
||||
boolean confirmRegistrationByEmail = false;
|
||||
userService.createUser(user, confirmRegistrationByEmail);
|
||||
userService.createUser(user, confirmRegistrationByEmail,true);
|
||||
|
||||
// Forward to the success view ...
|
||||
result = new ModelAndView("userRegistrationSuccess");
|
||||
|
|
|
@ -98,3 +98,25 @@ google.analytics.account=UA-XXXX
|
|||
# Google Ads enable
|
||||
##################################################################################
|
||||
google.ads.enabled=false
|
||||
|
||||
#######################################################################################
|
||||
LDAP Configuration Section
|
||||
#######################################################################################
|
||||
security.ldap.enabled=false
|
||||
security.ldap.server=ldap://localhost:389
|
||||
security.ldap.server.user=cn=pveiga,dc=wisemapping,dc=com
|
||||
security.ldap.server.password=password
|
||||
|
||||
security.ldap.basedn=dc=wisemapping,dc=com
|
||||
security.ldap.subDn=people
|
||||
security.ldap.auth.attribute=mail
|
||||
#######################################################################################
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -28,6 +28,7 @@
|
|||
- The application context is then available via
|
||||
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
|
||||
-->
|
||||
|
||||
<listener>
|
||||
<listener-class>com.wisemapping.service.HibernateAppListener</listener-class>
|
||||
</listener>
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:sec="http://www.springframework.org/schema/security"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
|
||||
|
||||
<sec:authentication-manager alias="authenticationManager">
|
||||
<sec:authentication-provider ref="dbAuthenticationProvider"/>
|
||||
<sec:authentication-provider user-service-ref="userDetailsService"/>
|
||||
</sec:authentication-manager>
|
||||
|
||||
<bean id="dbAuthenticationProvider" class="com.wisemapping.security.AuthenticationProvider">
|
||||
<property name="userDetailsService" ref="userDetailsService"/>
|
||||
<property name="encoder" ref="encoder"/>
|
||||
</bean>
|
||||
|
||||
</beans>
|
|
@ -0,0 +1,52 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:sec="http://www.springframework.org/schema/security"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
|
||||
|
||||
|
||||
<sec:authentication-manager>
|
||||
<sec:authentication-provider ref="ldapAuthProvider"/>
|
||||
</sec:authentication-manager>
|
||||
|
||||
<!-- ================================================== -->
|
||||
<!-- LDAP Connection settings -->
|
||||
<!-- ================================================== -->
|
||||
|
||||
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
|
||||
<property name="url" value="${security.ldap.server}"/>
|
||||
<property name="userDn" value="${security.ldap.server.user}"/>
|
||||
<property name="password" value="${security.ldap.server.password}"/>
|
||||
<property name="base" value="${security.ldap.basedn}"/>
|
||||
</bean>
|
||||
|
||||
<!-- ================================================== -->
|
||||
<!-- Authentication and Authorization Handlers -->
|
||||
<!-- ================================================== -->
|
||||
<bean id="ldapAuthProvider"
|
||||
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
|
||||
<constructor-arg>
|
||||
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
|
||||
<constructor-arg ref="contextSource"/>
|
||||
<property name="userSearch" ref="ldapUserSearch"/>
|
||||
</bean>
|
||||
</constructor-arg>
|
||||
<property name="userDetailsContextMapper" ref="userDetailsContextMapper"/>
|
||||
</bean>
|
||||
|
||||
<bean id="userDetailsContextMapper" class="com.wisemapping.security.ldap.LdapUserDetailsContextMapper">
|
||||
<property name="userService" ref="userService"/>
|
||||
</bean>
|
||||
|
||||
<bean id="ldapUserSearch"
|
||||
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
|
||||
<constructor-arg index="0" value="ou=${security.ldap.subDn}"/>
|
||||
<constructor-arg index="1" value="(${security.ldap.auth.attribute}={0})"/>
|
||||
<constructor-arg index="2" ref="contextSource"/>
|
||||
<property name="searchSubtree" value="true"/>
|
||||
</bean>
|
||||
|
||||
</beans>
|
|
@ -56,18 +56,10 @@
|
|||
<sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>
|
||||
</sec:http>
|
||||
|
||||
<sec:authentication-manager alias="authenticationManager">
|
||||
<sec:authentication-provider ref="dbAuthenticationProvider"/>
|
||||
<sec:authentication-provider user-service-ref="userDetailsService"/>
|
||||
</sec:authentication-manager>
|
||||
|
||||
<bean id="dbAuthenticationProvider" class="com.wisemapping.security.AuthenticationProvider">
|
||||
<property name="userDetailsService" ref="userDetailsService"/>
|
||||
<property name="encoder" ref="encoder"/>
|
||||
</bean>
|
||||
<!--<import resource="wisemapping-security-db.xml"/>-->
|
||||
<import resource="wisemapping-security-ldap.xml"/>
|
||||
|
||||
<bean id="userDetailsService" class="com.wisemapping.security.UserDetailsService">
|
||||
<!--suppress SpringModelInspection -->
|
||||
<property name="userService" ref="userService"/>
|
||||
<property name="adminUser" value="${admin.user}"/>
|
||||
</bean>
|
||||
|
@ -76,4 +68,5 @@
|
|||
<property name="defaultTargetUrl" value="/c/maps/"/>
|
||||
<property name="alwaysUseDefaultTargetUrl" value="false"/>
|
||||
</bean>
|
||||
|
||||
</beans>
|
Loading…
Reference in New Issue