From 72990a7196bbb60b641b17ccd0a9ca07a28ca3f3 Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer <paul-christian.volkmer@mni.thm.de>
Date: Wed, 17 Apr 2013 16:29:22 +0200
Subject: [PATCH] Added simple loginform and reworked authentication stack

It is possible now to simulate LDAP login by requesting login page manually
but it needs some more internal changes to do all needed stuff for a real
ARSnova login.
---
 .../arsnova/controller/LoginController.java   | 31 ++++++++++++++-----
 .../webapp/WEB-INF/spring/spring-security.xml | 16 ++++++----
 src/main/webapp/login.html                    |  9 ++++++
 src/test/resources/arsnova.properties.example |  4 +++
 4 files changed, 46 insertions(+), 14 deletions(-)
 create mode 100644 src/main/webapp/login.html

diff --git a/src/main/java/de/thm/arsnova/controller/LoginController.java b/src/main/java/de/thm/arsnova/controller/LoginController.java
index 53f3d4d77..3b494d777 100644
--- a/src/main/java/de/thm/arsnova/controller/LoginController.java
+++ b/src/main/java/de/thm/arsnova/controller/LoginController.java
@@ -38,11 +38,13 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.cas.authentication.CasAuthenticationToken;
 import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.GrantedAuthorityImpl;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.token.Sha512DigestUtils;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.util.UrlUtils;
@@ -144,23 +146,36 @@ public class LoginController extends AbstractController {
 		return null;
 	}
 	
-	@RequestMapping(value = { "/auth/login", "/doLogin" }, method = RequestMethod.POST)
+	@RequestMapping(value = { "/auth/ldaplogin" }, method = RequestMethod.POST)
 	public final View doLdapLogin(
 			@RequestParam("type") final String type,
-			@RequestParam(value = "user", required = false) final String userName,
+			@RequestParam(value = "user") final String userName,
 			@RequestParam(value = "referer", required = false) final String forcedReferer,
-			@RequestParam(value = "password", required = false) final String password,
+			@RequestParam(value = "password") final String password,
 			final HttpServletRequest request,
 			final HttpServletResponse response
-	) throws IOException, ServletException {
-		if ("ldap".equals(type)) {
+	) {
+		if ("ldap".equals(type) && password != null) {
+			String referer = request.getHeader("referer");
+			if (null != forcedReferer && null != referer && !UrlUtils.isAbsoluteUrl(referer)) {
+				referer = forcedReferer;
+			}
+			if (null == referer) {
+				referer = "/";
+			}
 			org.springframework.security.core.userdetails.User user =
 					new org.springframework.security.core.userdetails.User(
-							userName, password, true, true, true, true, this.getAuthorities()
+						userName, password, true, true, true, true, this.getAuthorities()
 					);
 			
-			Authentication token = new UsernamePasswordAuthenticationToken(user, null, getAuthorities());
-			ldapAuthenticationProvider.authenticate(token);
+			Authentication token = new UsernamePasswordAuthenticationToken(user, password, getAuthorities());
+			try {
+				ldapAuthenticationProvider.authenticate(token);
+				return new RedirectView(referer + "#auth/checkLogin");
+			}
+			catch (AuthenticationException e) {
+				e.printStackTrace();
+			}
 		}
 		return null;
 	}
diff --git a/src/main/webapp/WEB-INF/spring/spring-security.xml b/src/main/webapp/WEB-INF/spring/spring-security.xml
index 7f77bfac0..c3412ddfd 100644
--- a/src/main/webapp/WEB-INF/spring/spring-security.xml
+++ b/src/main/webapp/WEB-INF/spring/spring-security.xml
@@ -10,14 +10,16 @@
 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
 
     <security:authentication-manager alias="authenticationManager">
+        <security:ldap-authentication-provider
+			user-search-filter="${security.ldap.user-search-filter}"
+			user-search-base="${security.ldap.user-search-base}" />
         <security:authentication-provider ref="facebookAuthProvider" />
         <security:authentication-provider ref="twitterAuthProvider" />
         <security:authentication-provider ref="googleAuthProvider" />
         <security:authentication-provider ref="casAuthenticationProvider" />
-        <security:authentication-provider ref="ldapAuthProvider" />
     </security:authentication-manager>
 
-    <security:http entry-point-ref="facebookEntryPoint">
+    <security:http entry-point-ref="loginUrlAuthenticationEntryPoint">
         <security:custom-filter ref="facebookFilter" before="CAS_FILTER" />
         <security:custom-filter ref="twitterFilter" after="CAS_FILTER" />
         <security:custom-filter ref="googleFilter" before="FORM_LOGIN_FILTER" />
@@ -27,11 +29,13 @@
     </security:http>
 
     <!-- ######################### LDAP ############################# -->
-  
 	<security:ldap-server url="${security.ldap.url}" />
-	<security:ldap-authentication-provider id="ldapAuthProvider"
-		user-search-filter="${security.ldap.user-search-filter}"
-		user-search-base="${security.ldap.user-search-base}" />
+
+	<bean id="loginUrlAuthenticationEntryPoint"
+		class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
+		<property name="loginFormUrl" value="/login.html" />
+		<property name="forceHttps" value="false" />
+	</bean>
     
     <!-- ######################### FACEBOOK ######################### -->
     <bean id="facebookEntryPoint" class="com.github.leleuj.ss.oauth.client.web.OAuthAuthenticationEntryPoint"
diff --git a/src/main/webapp/login.html b/src/main/webapp/login.html
new file mode 100644
index 000000000..d50b27caa
--- /dev/null
+++ b/src/main/webapp/login.html
@@ -0,0 +1,9 @@
+<html>
+	<h1>LDAP-Login</h1>
+	<form action="auth/ldaplogin" method="post">
+		<div><input type="text" name="user" placeholder="Username" /></div>
+		<div><input type="password" name="password" placeholder="Password" /></div>
+		<div><input type="submit" value="Login" /></div>
+		<input type="hidden" name="type" value="ldap" />
+	</form>
+</html>
\ No newline at end of file
diff --git a/src/test/resources/arsnova.properties.example b/src/test/resources/arsnova.properties.example
index f6b818d06..df77f33e6 100644
--- a/src/test/resources/arsnova.properties.example
+++ b/src/test/resources/arsnova.properties.example
@@ -14,6 +14,10 @@ security.ssl=false
 security.keystore=/etc/arsnova.thm.de.jks
 security.storepass=arsnova
 
+security.ldap.url=ldap://example.com:389/dc=example,dc=com
+security.ldap.user-search-filter=(uid={0})
+security.ldap.user-search-base=
+
 couchdb.host=localhost
 couchdb.port=5984
 couchdb.name=arsnova
-- 
GitLab