Added basic support for LDAP authentication

parent f51c5982
...@@ -4,3 +4,4 @@ ...@@ -4,3 +4,4 @@
target/* target/*
chromedriver.log chromedriver.log
.checkstyle .checkstyle
/target
...@@ -199,6 +199,11 @@ ...@@ -199,6 +199,11 @@
<artifactId>spring-security-cas</artifactId> <artifactId>spring-security-cas</artifactId>
<version>${org.springframework.security-version}</version> <version>${org.springframework.security-version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>${org.springframework.security-version}</version>
</dependency>
<dependency> <dependency>
<groupId>jstl</groupId> <groupId>jstl</groupId>
<artifactId>jstl</artifactId> <artifactId>jstl</artifactId>
......
...@@ -20,6 +20,7 @@ package de.thm.arsnova.controller; ...@@ -20,6 +20,7 @@ package de.thm.arsnova.controller;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection;
import java.util.List; import java.util.List;
import javax.servlet.ServletException; import javax.servlet.ServletException;
...@@ -38,9 +39,11 @@ import org.springframework.security.cas.authentication.CasAuthenticationToken; ...@@ -38,9 +39,11 @@ import org.springframework.security.cas.authentication.CasAuthenticationToken;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint; import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.token.Sha512DigestUtils; import org.springframework.security.core.token.Sha512DigestUtils;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.util.UrlUtils; import org.springframework.security.web.util.UrlUtils;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
...@@ -67,6 +70,9 @@ public class LoginController extends AbstractController { ...@@ -67,6 +70,9 @@ public class LoginController extends AbstractController {
@Autowired @Autowired
private FacebookProvider facebookProvider; private FacebookProvider facebookProvider;
@Autowired
private LdapAuthenticationProvider ldapAuthenticationProvider;
@Autowired @Autowired
private CasAuthenticationEntryPoint casEntryPoint; private CasAuthenticationEntryPoint casEntryPoint;
...@@ -136,6 +142,27 @@ public class LoginController extends AbstractController { ...@@ -136,6 +142,27 @@ public class LoginController extends AbstractController {
} }
return null; return null;
} }
@RequestMapping(value = { "/auth/login", "/doLogin" }, method = RequestMethod.POST)
public final View doLdapLogin(
@RequestParam("type") final String type,
@RequestParam(value = "user", required = false) final String userName,
@RequestParam(value = "referer", required = false) final String forcedReferer,
@RequestParam(value = "password", required = false) final String password,
final HttpServletRequest request,
final HttpServletResponse response
) throws IOException, ServletException {
if ("ldap".equals(type)) {
org.springframework.security.core.userdetails.User user =
new org.springframework.security.core.userdetails.User(
userName, password, true, true, true, true, this.getAuthorities()
);
Authentication token = new UsernamePasswordAuthenticationToken(user, null, getAuthorities());
ldapAuthenticationProvider.authenticate(token);
}
return null;
}
@RequestMapping(value = { "/auth/", "/whoami" }, method = RequestMethod.GET) @RequestMapping(value = { "/auth/", "/whoami" }, method = RequestMethod.GET)
@ResponseBody @ResponseBody
...@@ -153,4 +180,10 @@ public class LoginController extends AbstractController { ...@@ -153,4 +180,10 @@ public class LoginController extends AbstractController {
} }
return new RedirectView(request.getHeader("referer") != null ? request.getHeader("referer") : "/"); return new RedirectView(request.getHeader("referer") != null ? request.getHeader("referer") : "/");
} }
private Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(2);
authList.add(new GrantedAuthorityImpl("ROLE_USER"));
return authList;
}
} }
...@@ -14,6 +14,7 @@ ...@@ -14,6 +14,7 @@
<security:authentication-provider ref="twitterAuthProvider" /> <security:authentication-provider ref="twitterAuthProvider" />
<security:authentication-provider ref="googleAuthProvider" /> <security:authentication-provider ref="googleAuthProvider" />
<security:authentication-provider ref="casAuthenticationProvider" /> <security:authentication-provider ref="casAuthenticationProvider" />
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager> </security:authentication-manager>
<security:http entry-point-ref="facebookEntryPoint"> <security:http entry-point-ref="facebookEntryPoint">
...@@ -25,6 +26,13 @@ ...@@ -25,6 +26,13 @@
<security:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" /> <security:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
</security:http> </security:http>
<!-- ######################### LDAP ############################# -->
<security:ldap-server url="${security.ldap.url}" />
<security:ldap-authentication-provider id="ldapAuthProvider"
user-search-filter="${security.ldap.user-search-filter}"
user-search-base="${security.ldap.user-search-base}" />
<!-- ######################### FACEBOOK ######################### --> <!-- ######################### FACEBOOK ######################### -->
<bean id="facebookEntryPoint" class="com.github.leleuj.ss.oauth.client.web.OAuthAuthenticationEntryPoint" <bean id="facebookEntryPoint" class="com.github.leleuj.ss.oauth.client.web.OAuthAuthenticationEntryPoint"
p:provider-ref="facebookProvider" /> p:provider-ref="facebookProvider" />
......
...@@ -10,6 +10,11 @@ security.twitter.secret=mC0HOvxiEgqwdDWCcDoy3q75nUQPu1bYRp1ncHWGd0 ...@@ -10,6 +10,11 @@ security.twitter.secret=mC0HOvxiEgqwdDWCcDoy3q75nUQPu1bYRp1ncHWGd0
security.google.key=110959746118.apps.googleusercontent.com security.google.key=110959746118.apps.googleusercontent.com
security.google.secret=CkzUJZswY8rjWCCYnHVovyGA security.google.secret=CkzUJZswY8rjWCCYnHVovyGA
security.ldap.url=ldap://example.com:389/dc=example,dc=com
security.ldap.user-search-filter=(uid={0})
security.ldap.user-search-base="ou=people"
security.ssl=false security.ssl=false
security.keystore=/etc/arsnova.thm.de.jks security.keystore=/etc/arsnova.thm.de.jks
security.storepass=arsnova security.storepass=arsnova
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment