From b296014ba480bc49565b2e9aad2dac2584277def Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer <paul-christian.volkmer@mni.thm.de>
Date: Fri, 12 Apr 2013 13:57:08 +0200
Subject: [PATCH] Added basic support for LDAP authentication
---
.gitignore | 1 +
pom.xml | 5 +++
.../arsnova/controller/LoginController.java | 33 +++++++++++++++++++
.../webapp/WEB-INF/spring/spring-security.xml | 8 +++++
src/main/webapp/arsnova.properties.example | 5 +++
5 files changed, 52 insertions(+)
diff --git a/.gitignore b/.gitignore
index 043004ca4..fb7773093 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@
target/*
chromedriver.log
.checkstyle
+/target
diff --git a/pom.xml b/pom.xml
index 897842bf5..25badea9e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -199,6 +199,11 @@
<artifactId>spring-security-cas</artifactId>
<version>${org.springframework.security-version}</version>
</dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-ldap</artifactId>
+ <version>${org.springframework.security-version}</version>
+ </dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
diff --git a/src/main/java/de/thm/arsnova/controller/LoginController.java b/src/main/java/de/thm/arsnova/controller/LoginController.java
index ba7b932a7..e5304986e 100644
--- a/src/main/java/de/thm/arsnova/controller/LoginController.java
+++ b/src/main/java/de/thm/arsnova/controller/LoginController.java
@@ -20,6 +20,7 @@ package de.thm.arsnova.controller;
import java.io.IOException;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.List;
import javax.servlet.ServletException;
@@ -38,9 +39,11 @@ import org.springframework.security.cas.authentication.CasAuthenticationToken;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.token.Sha512DigestUtils;
+import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.stereotype.Controller;
@@ -67,6 +70,9 @@ public class LoginController extends AbstractController {
@Autowired
private FacebookProvider facebookProvider;
+
+ @Autowired
+ private LdapAuthenticationProvider ldapAuthenticationProvider;
@Autowired
private CasAuthenticationEntryPoint casEntryPoint;
@@ -136,6 +142,27 @@ public class LoginController extends AbstractController {
}
return null;
}
+
+ @RequestMapping(value = { "/auth/login", "/doLogin" }, method = RequestMethod.POST)
+ public final View doLdapLogin(
+ @RequestParam("type") final String type,
+ @RequestParam(value = "user", required = false) final String userName,
+ @RequestParam(value = "referer", required = false) final String forcedReferer,
+ @RequestParam(value = "password", required = false) final String password,
+ final HttpServletRequest request,
+ final HttpServletResponse response
+ ) throws IOException, ServletException {
+ if ("ldap".equals(type)) {
+ org.springframework.security.core.userdetails.User user =
+ new org.springframework.security.core.userdetails.User(
+ userName, password, true, true, true, true, this.getAuthorities()
+ );
+
+ Authentication token = new UsernamePasswordAuthenticationToken(user, null, getAuthorities());
+ ldapAuthenticationProvider.authenticate(token);
+ }
+ return null;
+ }
@RequestMapping(value = { "/auth/", "/whoami" }, method = RequestMethod.GET)
@ResponseBody
@@ -153,4 +180,10 @@ public class LoginController extends AbstractController {
}
return new RedirectView(request.getHeader("referer") != null ? request.getHeader("referer") : "/");
}
+
+ private Collection<? extends GrantedAuthority> getAuthorities() {
+ List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(2);
+ authList.add(new GrantedAuthorityImpl("ROLE_USER"));
+ return authList;
+ }
}
diff --git a/src/main/webapp/WEB-INF/spring/spring-security.xml b/src/main/webapp/WEB-INF/spring/spring-security.xml
index ecd7f7669..7f77bfac0 100644
--- a/src/main/webapp/WEB-INF/spring/spring-security.xml
+++ b/src/main/webapp/WEB-INF/spring/spring-security.xml
@@ -14,6 +14,7 @@
<security:authentication-provider ref="twitterAuthProvider" />
<security:authentication-provider ref="googleAuthProvider" />
<security:authentication-provider ref="casAuthenticationProvider" />
+ <security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<security:http entry-point-ref="facebookEntryPoint">
@@ -25,6 +26,13 @@
<security:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
</security:http>
+ <!-- ######################### LDAP ############################# -->
+
+ <security:ldap-server url="${security.ldap.url}" />
+ <security:ldap-authentication-provider id="ldapAuthProvider"
+ user-search-filter="${security.ldap.user-search-filter}"
+ user-search-base="${security.ldap.user-search-base}" />
+
<!-- ######################### FACEBOOK ######################### -->
<bean id="facebookEntryPoint" class="com.github.leleuj.ss.oauth.client.web.OAuthAuthenticationEntryPoint"
p:provider-ref="facebookProvider" />
diff --git a/src/main/webapp/arsnova.properties.example b/src/main/webapp/arsnova.properties.example
index 84060f6e4..8d6516561 100644
--- a/src/main/webapp/arsnova.properties.example
+++ b/src/main/webapp/arsnova.properties.example
@@ -10,6 +10,11 @@ security.twitter.secret=mC0HOvxiEgqwdDWCcDoy3q75nUQPu1bYRp1ncHWGd0
security.google.key=110959746118.apps.googleusercontent.com
security.google.secret=CkzUJZswY8rjWCCYnHVovyGA
+security.ldap.url=ldap://example.com:389/dc=example,dc=com
+security.ldap.user-search-filter=(uid={0})
+security.ldap.user-search-base="ou=people"
+
+
security.ssl=false
security.keystore=/etc/arsnova.thm.de.jks
security.storepass=arsnova
--
GitLab