Added basic support for LDAP authentication

b296014b · Paul-Christian Volkmer · f51c5982 · b296014b · b296014b · b296014b
Commit b296014b authored Apr 12, 2013 by Paul-Christian Volkmer
5 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@
 target/*
 chromedriver.log
 .checkstyle
+/target
--- a/pom.xml
+++ b/pom.xml
@@ -199,6 +199,11 @@
 			<artifactId>spring-security-cas</artifactId>
 			<version>${org.springframework.security-version}</version>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-ldap</artifactId>
+			<version>${org.springframework.security-version}</version>
+		</dependency>
 		<dependency>
 			<groupId>jstl</groupId>
 			<artifactId>jstl</artifactId>

--- a/src/main/java/de/thm/arsnova/controller/LoginController.java
+++ b/src/main/java/de/thm/arsnova/controller/LoginController.java
@@ -20,6 +20,7 @@ package de.thm.arsnova.controller;

 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.List;

 import javax.servlet.ServletException;
@@ -38,9 +39,11 @@ import org.springframework.security.cas.authentication.CasAuthenticationToken;
 import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.token.Sha512DigestUtils;
+import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.stereotype.Controller;
@@ -67,6 +70,9 @@ public class LoginController extends AbstractController {

 	@Autowired
 	private FacebookProvider facebookProvider;
+	
+	@Autowired
+	private LdapAuthenticationProvider ldapAuthenticationProvider;

 	@Autowired
 	private CasAuthenticationEntryPoint casEntryPoint;
@@ -136,6 +142,27 @@ public class LoginController extends AbstractController {
 		}
 		return null;
 	}
+	
+	@RequestMapping(value = { "/auth/login", "/doLogin" }, method = RequestMethod.POST)
+	public final View doLdapLogin(
+			@RequestParam("type") final String type,
+			@RequestParam(value = "user", required = false) final String userName,
+			@RequestParam(value = "referer", required = false) final String forcedReferer,
+			@RequestParam(value = "password", required = false) final String password,
+			final HttpServletRequest request,
+			final HttpServletResponse response
+	) throws IOException, ServletException {
+		if ("ldap".equals(type)) {
+			org.springframework.security.core.userdetails.User user =
+					new org.springframework.security.core.userdetails.User(
+							userName, password, true, true, true, true, this.getAuthorities()
+					);
+			
+			Authentication token = new UsernamePasswordAuthenticationToken(user, null, getAuthorities());
+			ldapAuthenticationProvider.authenticate(token);
+		}
+		return null;
+	}

 	@RequestMapping(value = { "/auth/", "/whoami" }, method = RequestMethod.GET)
 	@ResponseBody
@@ -153,4 +180,10 @@ public class LoginController extends AbstractController {
 		}
 		return new RedirectView(request.getHeader("referer") != null ? request.getHeader("referer") : "/");
 	}
+	
+	private Collection<? extends GrantedAuthority> getAuthorities() {
+		List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(2);
+		authList.add(new GrantedAuthorityImpl("ROLE_USER"));
+		return authList;
+	}
 }
--- a/src/main/webapp/WEB-INF/spring/spring-security.xml
+++ b/src/main/webapp/WEB-INF/spring/spring-security.xml
@@ -14,6 +14,7 @@
        <security:authentication-provider ref="twitterAuthProvider" />
        <security:authentication-provider ref="googleAuthProvider" />
        <security:authentication-provider ref="casAuthenticationProvider" />
+        <security:authentication-provider ref="ldapAuthProvider" />
    </security:authentication-manager>

    <security:http entry-point-ref="facebookEntryPoint">
@@ -25,6 +26,13 @@
 		<security:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />  
    </security:http>

+    <!-- ######################### LDAP ############################# -->
+  
+	<security:ldap-server url="${security.ldap.url}" />
+	<security:ldap-authentication-provider id="ldapAuthProvider"
+		user-search-filter="${security.ldap.user-search-filter}"
+		user-search-base="${security.ldap.user-search-base}" />
+    
    <!-- ######################### FACEBOOK ######################### -->
    <bean id="facebookEntryPoint" class="com.github.leleuj.ss.oauth.client.web.OAuthAuthenticationEntryPoint"
        p:provider-ref="facebookProvider" />

--- a/src/main/webapp/arsnova.properties.example
+++ b/src/main/webapp/arsnova.properties.example
@@ -10,6 +10,11 @@ security.twitter.secret=mC0HOvxiEgqwdDWCcDoy3q75nUQPu1bYRp1ncHWGd0
 security.google.key=110959746118.apps.googleusercontent.com
 security.google.secret=CkzUJZswY8rjWCCYnHVovyGA

+security.ldap.url=ldap://example.com:389/dc=example,dc=com
+security.ldap.user-search-filter=(uid={0})
+security.ldap.user-search-base="ou=people"
+
+
 security.ssl=false
 security.keystore=/etc/arsnova.thm.de.jks
 security.storepass=arsnova