From b296014ba480bc49565b2e9aad2dac2584277def Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer <paul-christian.volkmer@mni.thm.de>
Date: Fri, 12 Apr 2013 13:57:08 +0200
Subject: [PATCH] Added basic support for LDAP authentication

---
 .gitignore                                    |  1 +
 pom.xml                                       |  5 +++
 .../arsnova/controller/LoginController.java   | 33 +++++++++++++++++++
 .../webapp/WEB-INF/spring/spring-security.xml |  8 +++++
 src/main/webapp/arsnova.properties.example    |  5 +++
 5 files changed, 52 insertions(+)

diff --git a/.gitignore b/.gitignore
index 043004ca..fb777309 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@
 target/*
 chromedriver.log
 .checkstyle
+/target
diff --git a/pom.xml b/pom.xml
index 897842bf..25badea9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -199,6 +199,11 @@
 			<artifactId>spring-security-cas</artifactId>
 			<version>${org.springframework.security-version}</version>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-ldap</artifactId>
+			<version>${org.springframework.security-version}</version>
+		</dependency>
 		<dependency>
 			<groupId>jstl</groupId>
 			<artifactId>jstl</artifactId>
diff --git a/src/main/java/de/thm/arsnova/controller/LoginController.java b/src/main/java/de/thm/arsnova/controller/LoginController.java
index ba7b932a..e5304986 100644
--- a/src/main/java/de/thm/arsnova/controller/LoginController.java
+++ b/src/main/java/de/thm/arsnova/controller/LoginController.java
@@ -20,6 +20,7 @@ package de.thm.arsnova.controller;
 
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.List;
 
 import javax.servlet.ServletException;
@@ -38,9 +39,11 @@ import org.springframework.security.cas.authentication.CasAuthenticationToken;
 import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.token.Sha512DigestUtils;
+import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.stereotype.Controller;
@@ -67,6 +70,9 @@ public class LoginController extends AbstractController {
 
 	@Autowired
 	private FacebookProvider facebookProvider;
+	
+	@Autowired
+	private LdapAuthenticationProvider ldapAuthenticationProvider;
 
 	@Autowired
 	private CasAuthenticationEntryPoint casEntryPoint;
@@ -136,6 +142,27 @@ public class LoginController extends AbstractController {
 		}
 		return null;
 	}
+	
+	@RequestMapping(value = { "/auth/login", "/doLogin" }, method = RequestMethod.POST)
+	public final View doLdapLogin(
+			@RequestParam("type") final String type,
+			@RequestParam(value = "user", required = false) final String userName,
+			@RequestParam(value = "referer", required = false) final String forcedReferer,
+			@RequestParam(value = "password", required = false) final String password,
+			final HttpServletRequest request,
+			final HttpServletResponse response
+	) throws IOException, ServletException {
+		if ("ldap".equals(type)) {
+			org.springframework.security.core.userdetails.User user =
+					new org.springframework.security.core.userdetails.User(
+							userName, password, true, true, true, true, this.getAuthorities()
+					);
+			
+			Authentication token = new UsernamePasswordAuthenticationToken(user, null, getAuthorities());
+			ldapAuthenticationProvider.authenticate(token);
+		}
+		return null;
+	}
 
 	@RequestMapping(value = { "/auth/", "/whoami" }, method = RequestMethod.GET)
 	@ResponseBody
@@ -153,4 +180,10 @@ public class LoginController extends AbstractController {
 		}
 		return new RedirectView(request.getHeader("referer") != null ? request.getHeader("referer") : "/");
 	}
+	
+	private Collection<? extends GrantedAuthority> getAuthorities() {
+		List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(2);
+		authList.add(new GrantedAuthorityImpl("ROLE_USER"));
+		return authList;
+	}
 }
diff --git a/src/main/webapp/WEB-INF/spring/spring-security.xml b/src/main/webapp/WEB-INF/spring/spring-security.xml
index ecd7f766..7f77bfac 100644
--- a/src/main/webapp/WEB-INF/spring/spring-security.xml
+++ b/src/main/webapp/WEB-INF/spring/spring-security.xml
@@ -14,6 +14,7 @@
         <security:authentication-provider ref="twitterAuthProvider" />
         <security:authentication-provider ref="googleAuthProvider" />
         <security:authentication-provider ref="casAuthenticationProvider" />
+        <security:authentication-provider ref="ldapAuthProvider" />
     </security:authentication-manager>
 
     <security:http entry-point-ref="facebookEntryPoint">
@@ -25,6 +26,13 @@
 		<security:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />  
     </security:http>
 
+    <!-- ######################### LDAP ############################# -->
+  
+	<security:ldap-server url="${security.ldap.url}" />
+	<security:ldap-authentication-provider id="ldapAuthProvider"
+		user-search-filter="${security.ldap.user-search-filter}"
+		user-search-base="${security.ldap.user-search-base}" />
+    
     <!-- ######################### FACEBOOK ######################### -->
     <bean id="facebookEntryPoint" class="com.github.leleuj.ss.oauth.client.web.OAuthAuthenticationEntryPoint"
         p:provider-ref="facebookProvider" />
diff --git a/src/main/webapp/arsnova.properties.example b/src/main/webapp/arsnova.properties.example
index 84060f6e..8d651656 100644
--- a/src/main/webapp/arsnova.properties.example
+++ b/src/main/webapp/arsnova.properties.example
@@ -10,6 +10,11 @@ security.twitter.secret=mC0HOvxiEgqwdDWCcDoy3q75nUQPu1bYRp1ncHWGd0
 security.google.key=110959746118.apps.googleusercontent.com
 security.google.secret=CkzUJZswY8rjWCCYnHVovyGA
 
+security.ldap.url=ldap://example.com:389/dc=example,dc=com
+security.ldap.user-search-filter=(uid={0})
+security.ldap.user-search-base="ou=people"
+
+
 security.ssl=false
 security.keystore=/etc/arsnova.thm.de.jks
 security.storepass=arsnova
-- 
GitLab