diff --git a/src/main/java/de/thm/arsnova/controller/LoginController.java b/src/main/java/de/thm/arsnova/controller/LoginController.java
index 53f3d4d77d81bf4e48011b5d98fd51e641af8a8c..3b494d777dcd599acf15fcf8869691b1689bad36 100644
--- a/src/main/java/de/thm/arsnova/controller/LoginController.java
+++ b/src/main/java/de/thm/arsnova/controller/LoginController.java
@@ -38,11 +38,13 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.cas.authentication.CasAuthenticationToken;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.token.Sha512DigestUtils;
+import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.util.UrlUtils;
@@ -144,23 +146,36 @@ public class LoginController extends AbstractController {
return null;
}
- @RequestMapping(value = { "/auth/login", "/doLogin" }, method = RequestMethod.POST)
+ @RequestMapping(value = { "/auth/ldaplogin" }, method = RequestMethod.POST)
public final View doLdapLogin(
@RequestParam("type") final String type,
- @RequestParam(value = "user", required = false) final String userName,
+ @RequestParam(value = "user") final String userName,
@RequestParam(value = "referer", required = false) final String forcedReferer,
- @RequestParam(value = "password", required = false) final String password,
+ @RequestParam(value = "password") final String password,
final HttpServletRequest request,
final HttpServletResponse response
- ) throws IOException, ServletException {
- if ("ldap".equals(type)) {
+ ) {
+ if ("ldap".equals(type) && password != null) {
+ String referer = request.getHeader("referer");
+ if (null != forcedReferer && null != referer && !UrlUtils.isAbsoluteUrl(referer)) {
+ referer = forcedReferer;
+ }
+ if (null == referer) {
+ referer = "/";
+ }
org.springframework.security.core.userdetails.User user =
new org.springframework.security.core.userdetails.User(
- userName, password, true, true, true, true, this.getAuthorities()
+ userName, password, true, true, true, true, this.getAuthorities()
);
- Authentication token = new UsernamePasswordAuthenticationToken(user, null, getAuthorities());
- ldapAuthenticationProvider.authenticate(token);
+ Authentication token = new UsernamePasswordAuthenticationToken(user, password, getAuthorities());
+ try {
+ ldapAuthenticationProvider.authenticate(token);
+ return new RedirectView(referer + "#auth/checkLogin");
+ }
+ catch (AuthenticationException e) {
+ e.printStackTrace();
+ }
}
return null;
}
diff --git a/src/main/webapp/WEB-INF/spring/spring-security.xml b/src/main/webapp/WEB-INF/spring/spring-security.xml
index 7f77bfac04048f1bc49175d9ff30cd61dc174c69..c3412ddfdfe652bbeecb072cbcb8ced08316e5a7 100644
--- a/src/main/webapp/WEB-INF/spring/spring-security.xml
+++ b/src/main/webapp/WEB-INF/spring/spring-security.xml
@@ -10,14 +10,16 @@
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
<security:authentication-manager alias="authenticationManager">
+ <security:ldap-authentication-provider
+ user-search-filter="${security.ldap.user-search-filter}"
+ user-search-base="${security.ldap.user-search-base}" />
<security:authentication-provider ref="facebookAuthProvider" />
<security:authentication-provider ref="twitterAuthProvider" />
<security:authentication-provider ref="googleAuthProvider" />
<security:authentication-provider ref="casAuthenticationProvider" />
- <security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
- <security:http entry-point-ref="facebookEntryPoint">
+ <security:http entry-point-ref="loginUrlAuthenticationEntryPoint">
<security:custom-filter ref="facebookFilter" before="CAS_FILTER" />
<security:custom-filter ref="twitterFilter" after="CAS_FILTER" />
<security:custom-filter ref="googleFilter" before="FORM_LOGIN_FILTER" />
@@ -27,11 +29,13 @@
</security:http>
<!-- ######################### LDAP ############################# -->
-
<security:ldap-server url="${security.ldap.url}" />
- <security:ldap-authentication-provider id="ldapAuthProvider"
- user-search-filter="${security.ldap.user-search-filter}"
- user-search-base="${security.ldap.user-search-base}" />
+
+ <bean id="loginUrlAuthenticationEntryPoint"
+ class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
+ <property name="loginFormUrl" value="/login.html" />
+ <property name="forceHttps" value="false" />
+ </bean>
<!-- ######################### FACEBOOK ######################### -->
<bean id="facebookEntryPoint" class="com.github.leleuj.ss.oauth.client.web.OAuthAuthenticationEntryPoint"
diff --git a/src/main/webapp/login.html b/src/main/webapp/login.html
new file mode 100644
index 0000000000000000000000000000000000000000..d50b27caab7804543fc25c287b5abbdc77f6a8ea
--- /dev/null
+++ b/src/main/webapp/login.html
@@ -0,0 +1,9 @@
+<html>
+ <h1>LDAP-Login</h1>
+ <form action="auth/ldaplogin" method="post">
+ <div><input type="text" name="user" placeholder="Username" /></div>
+ <div><input type="password" name="password" placeholder="Password" /></div>
+ <div><input type="submit" value="Login" /></div>
+ <input type="hidden" name="type" value="ldap" />
+ </form>
+</html>
\ No newline at end of file
diff --git a/src/test/resources/arsnova.properties.example b/src/test/resources/arsnova.properties.example
index f6b818d06c9a997d55c0026f526b61887ab6a94c..df77f33e61c3ace0d15b97c2a2c4557027029eea 100644
--- a/src/test/resources/arsnova.properties.example
+++ b/src/test/resources/arsnova.properties.example
@@ -14,6 +14,10 @@ security.ssl=false
security.keystore=/etc/arsnova.thm.de.jks
security.storepass=arsnova
+security.ldap.url=ldap://example.com:389/dc=example,dc=com
+security.ldap.user-search-filter=(uid={0})
+security.ldap.user-search-base=
+
couchdb.host=localhost
couchdb.port=5984
couchdb.name=arsnova