Added basic support for LDAP authentication

parent f51c5982
......@@ -4,3 +4,4 @@
target/*
chromedriver.log
.checkstyle
/target
......@@ -199,6 +199,11 @@
<artifactId>spring-security-cas</artifactId>
<version>${org.springframework.security-version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>${org.springframework.security-version}</version>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
......
......@@ -20,6 +20,7 @@ package de.thm.arsnova.controller;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.servlet.ServletException;
......@@ -38,9 +39,11 @@ import org.springframework.security.cas.authentication.CasAuthenticationToken;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.token.Sha512DigestUtils;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.stereotype.Controller;
......@@ -68,6 +71,9 @@ public class LoginController extends AbstractController {
@Autowired
private FacebookProvider facebookProvider;
@Autowired
private LdapAuthenticationProvider ldapAuthenticationProvider;
@Autowired
private CasAuthenticationEntryPoint casEntryPoint;
......@@ -137,6 +143,27 @@ public class LoginController extends AbstractController {
return null;
}
@RequestMapping(value = { "/auth/login", "/doLogin" }, method = RequestMethod.POST)
public final View doLdapLogin(
@RequestParam("type") final String type,
@RequestParam(value = "user", required = false) final String userName,
@RequestParam(value = "referer", required = false) final String forcedReferer,
@RequestParam(value = "password", required = false) final String password,
final HttpServletRequest request,
final HttpServletResponse response
) throws IOException, ServletException {
if ("ldap".equals(type)) {
org.springframework.security.core.userdetails.User user =
new org.springframework.security.core.userdetails.User(
userName, password, true, true, true, true, this.getAuthorities()
);
Authentication token = new UsernamePasswordAuthenticationToken(user, null, getAuthorities());
ldapAuthenticationProvider.authenticate(token);
}
return null;
}
@RequestMapping(value = { "/auth/", "/whoami" }, method = RequestMethod.GET)
@ResponseBody
public final User whoami() {
......@@ -153,4 +180,10 @@ public class LoginController extends AbstractController {
}
return new RedirectView(request.getHeader("referer") != null ? request.getHeader("referer") : "/");
}
private Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(2);
authList.add(new GrantedAuthorityImpl("ROLE_USER"));
return authList;
}
}
......@@ -14,6 +14,7 @@
<security:authentication-provider ref="twitterAuthProvider" />
<security:authentication-provider ref="googleAuthProvider" />
<security:authentication-provider ref="casAuthenticationProvider" />
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<security:http entry-point-ref="facebookEntryPoint">
......@@ -25,6 +26,13 @@
<security:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
</security:http>
<!-- ######################### LDAP ############################# -->
<security:ldap-server url="${security.ldap.url}" />
<security:ldap-authentication-provider id="ldapAuthProvider"
user-search-filter="${security.ldap.user-search-filter}"
user-search-base="${security.ldap.user-search-base}" />
<!-- ######################### FACEBOOK ######################### -->
<bean id="facebookEntryPoint" class="com.github.leleuj.ss.oauth.client.web.OAuthAuthenticationEntryPoint"
p:provider-ref="facebookProvider" />
......
......@@ -10,6 +10,11 @@ security.twitter.secret=mC0HOvxiEgqwdDWCcDoy3q75nUQPu1bYRp1ncHWGd0
security.google.key=110959746118.apps.googleusercontent.com
security.google.secret=CkzUJZswY8rjWCCYnHVovyGA
security.ldap.url=ldap://example.com:389/dc=example,dc=com
security.ldap.user-search-filter=(uid={0})
security.ldap.user-search-base="ou=people"
security.ssl=false
security.keystore=/etc/arsnova.thm.de.jks
security.storepass=arsnova
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment