1 package org
.argeo
.security
.ldap
;
3 import static org
.argeo
.security
.core
.ArgeoUserDetails
.createSimpleArgeoUser
;
5 import java
.util
.ArrayList
;
8 import javax
.naming
.Name
;
9 import javax
.naming
.NamingException
;
10 import javax
.naming
.directory
.DirContext
;
12 import org
.argeo
.security
.ArgeoSecurityDao
;
13 import org
.argeo
.security
.ArgeoUser
;
14 import org
.argeo
.security
.SimpleArgeoUser
;
15 import org
.argeo
.security
.core
.ArgeoUserDetails
;
16 import org
.springframework
.beans
.factory
.InitializingBean
;
17 import org
.springframework
.ldap
.core
.ContextExecutor
;
18 import org
.springframework
.ldap
.core
.ContextMapper
;
19 import org
.springframework
.ldap
.core
.ContextSource
;
20 import org
.springframework
.ldap
.core
.DirContextAdapter
;
21 import org
.springframework
.ldap
.core
.DistinguishedName
;
22 import org
.springframework
.ldap
.core
.LdapTemplate
;
23 import org
.springframework
.security
.Authentication
;
24 import org
.springframework
.security
.context
.SecurityContextHolder
;
25 import org
.springframework
.security
.ldap
.DefaultLdapUsernameToDnMapper
;
26 import org
.springframework
.security
.ldap
.LdapAuthoritiesPopulator
;
27 import org
.springframework
.security
.ldap
.LdapUsernameToDnMapper
;
28 import org
.springframework
.security
.ldap
.LdapUtils
;
29 import org
.springframework
.security
.ldap
.populator
.DefaultLdapAuthoritiesPopulator
;
30 import org
.springframework
.security
.userdetails
.UserDetails
;
31 import org
.springframework
.security
.userdetails
.UserDetailsManager
;
32 import org
.springframework
.security
.userdetails
.ldap
.LdapUserDetailsManager
;
33 import org
.springframework
.security
.userdetails
.ldap
.UserDetailsContextMapper
;
35 public class ArgeoSecurityDaoLdap
implements ArgeoSecurityDao
, InitializingBean
{
36 // private final static Log log = LogFactory.getLog(UserDaoLdap.class);
38 private UserDetailsManager userDetailsManager
;
39 private LdapAuthoritiesPopulator authoritiesPopulator
;
40 private String userBase
= "ou=users";
41 private String usernameAttributeName
= "uid";
42 private String groupBase
= "ou=groups";
43 private String groupRoleAttributeName
= "cn";
44 private String groupMemberAttributeName
= "uniquemember";
45 private String defaultRole
= "ROLE_USER";
46 private String rolePrefix
= "ROLE_";
48 private final LdapTemplate ldapTemplate
;
50 private LdapUsernameToDnMapper usernameMapper
= null;
52 private UserDetailsContextMapper userDetailsMapper
;
53 private List
<UserNatureMapper
> userNatureMappers
;
55 public void afterPropertiesSet() throws Exception
{
56 if (usernameMapper
== null)
57 usernameMapper
= new DefaultLdapUsernameToDnMapper(userBase
,
58 usernameAttributeName
);
60 if (authoritiesPopulator
== null) {
61 DefaultLdapAuthoritiesPopulator ap
= new DefaultLdapAuthoritiesPopulator(
62 ldapTemplate
.getContextSource(), groupBase
);
63 ap
.setDefaultRole(defaultRole
);
64 ap
.setGroupSearchFilter(groupMemberAttributeName
+ "={0}");
65 authoritiesPopulator
= ap
;
68 if (userDetailsMapper
== null) {
69 ArgeoUserDetailsContextMapper audm
= new ArgeoUserDetailsContextMapper();
70 audm
.setUserNatureMappers(userNatureMappers
);
71 userDetailsMapper
= audm
;
74 if (userDetailsManager
== null) {
75 LdapUserDetailsManager ludm
= new LdapUserDetailsManager(
76 ldapTemplate
.getContextSource());
77 ludm
.setGroupSearchBase(groupBase
);
78 ludm
.setUserDetailsMapper(userDetailsMapper
);
79 ludm
.setUsernameMapper(usernameMapper
);
80 ludm
.setGroupMemberAttributeName(groupMemberAttributeName
);
81 userDetailsManager
= ludm
;
86 public ArgeoSecurityDaoLdap(ContextSource contextSource
) {
87 ldapTemplate
= new LdapTemplate(contextSource
);
90 public void create(ArgeoUser user
) {
91 userDetailsManager
.createUser(new ArgeoUserDetails(user
));
94 public ArgeoUser
getUser(String uname
) {
95 SimpleArgeoUser user
= createSimpleArgeoUser(getDetails(uname
));
96 user
.setPassword(null);
100 public ArgeoUser
getUserWithPassword(String uname
) {
101 return createSimpleArgeoUser(getDetails(uname
));
104 public ArgeoUser
getCurrentUser() {
105 Authentication authentication
= SecurityContextHolder
.getContext()
106 .getAuthentication();
107 ArgeoUser argeoUser
= ArgeoUserDetails
.asArgeoUser(authentication
);
108 if (argeoUser
== null)
110 if (argeoUser
.getRoles().contains(defaultRole
))
111 argeoUser
.getRoles().remove(defaultRole
);
115 @SuppressWarnings("unchecked")
116 public List
<ArgeoUser
> listUsers() {
117 List
<String
> usernames
= (List
<String
>) ldapTemplate
.listBindings(
118 new DistinguishedName(userBase
), new ContextMapper() {
119 public Object
mapFromContext(Object ctxArg
) {
120 DirContextAdapter ctx
= (DirContextAdapter
) ctxArg
;
121 return ctx
.getStringAttribute(usernameAttributeName
);
125 List
<ArgeoUser
> lst
= new ArrayList
<ArgeoUser
>();
126 for (String username
: usernames
) {
127 lst
.add(createSimpleArgeoUser(getDetails(username
)));
132 @SuppressWarnings("unchecked")
133 public List
<String
> listEditableRoles() {
134 return (List
<String
>) ldapTemplate
.listBindings(groupBase
,
135 new ContextMapper() {
136 public Object
mapFromContext(Object ctxArg
) {
137 String groupName
= ((DirContextAdapter
) ctxArg
)
138 .getStringAttribute(groupRoleAttributeName
);
139 String roleName
= convertGroupToRole(groupName
);
145 public void update(ArgeoUser user
) {
146 userDetailsManager
.updateUser(new ArgeoUserDetails(user
));
149 public void delete(String username
) {
150 userDetailsManager
.deleteUser(username
);
153 public void updatePassword(String oldPassword
, String newPassword
) {
154 userDetailsManager
.changePassword(oldPassword
, newPassword
);
157 public Boolean
userExists(String username
) {
158 return userDetailsManager
.userExists(username
);
161 public void createRole(String role
, final String superuserName
) {
162 String group
= convertRoleToGroup(role
);
163 DistinguishedName superuserDn
= (DistinguishedName
) ldapTemplate
164 .executeReadWrite(new ContextExecutor() {
165 public Object
executeWithContext(DirContext ctx
)
166 throws NamingException
{
167 return LdapUtils
.getFullDn(usernameMapper
168 .buildDn(superuserName
), ctx
);
172 Name groupDn
= buildGroupDn(group
);
173 DirContextAdapter context
= new DirContextAdapter();
174 context
.setAttributeValues("objectClass", new String
[] { "top",
175 "groupOfUniqueNames" });
176 context
.setAttributeValue("cn", group
);
178 // Add superuser because cannot create empty group
179 context
.setAttributeValue("uniqueMember", superuserDn
.toString());
181 ldapTemplate
.bind(groupDn
, context
, null);
184 public void deleteRole(String role
) {
185 String group
= convertRoleToGroup(role
);
186 Name dn
= buildGroupDn(group
);
187 ldapTemplate
.unbind(dn
);
190 protected String
convertRoleToGroup(String role
) {
192 if (group
.startsWith(rolePrefix
)) {
193 group
= group
.substring(rolePrefix
.length());
194 group
= group
.toLowerCase();
199 public String
convertGroupToRole(String groupName
) {
200 groupName
= groupName
.toUpperCase();
202 return rolePrefix
+ groupName
;
205 protected Name
buildGroupDn(String name
) {
206 return new DistinguishedName(groupRoleAttributeName
+ "=" + name
+ ","
210 public void setUserDetailsManager(UserDetailsManager userDetailsManager
) {
211 this.userDetailsManager
= userDetailsManager
;
214 public void setUserBase(String userBase
) {
215 this.userBase
= userBase
;
218 public void setUsernameAttributeName(String usernameAttribute
) {
219 this.usernameAttributeName
= usernameAttribute
;
222 public void setAuthoritiesPopulator(
223 LdapAuthoritiesPopulator authoritiesPopulator
) {
224 this.authoritiesPopulator
= authoritiesPopulator
;
227 protected UserDetails
getDetails(String username
) {
228 return userDetailsManager
.loadUserByUsername(username
);
231 public void setGroupBase(String groupBase
) {
232 this.groupBase
= groupBase
;
235 public void setGroupRoleAttributeName(String groupRoleAttributeName
) {
236 this.groupRoleAttributeName
= groupRoleAttributeName
;
239 public void setGroupMemberAttributeName(String groupMemberAttributeName
) {
240 this.groupMemberAttributeName
= groupMemberAttributeName
;
243 public void setDefaultRole(String defaultRole
) {
244 this.defaultRole
= defaultRole
;
247 public void setRolePrefix(String rolePrefix
) {
248 this.rolePrefix
= rolePrefix
;
251 public void setUsernameMapper(LdapUsernameToDnMapper usernameMapper
) {
252 this.usernameMapper
= usernameMapper
;
255 public void setUserDetailsMapper(UserDetailsContextMapper userDetailsMapper
) {
256 this.userDetailsMapper
= userDetailsMapper
;
259 public LdapAuthoritiesPopulator
getAuthoritiesPopulator() {
260 return authoritiesPopulator
;
263 public UserDetailsContextMapper
getUserDetailsMapper() {
264 return userDetailsMapper
;
267 public void setUserNatureMappers(List
<UserNatureMapper
> userNatureMappers
) {
268 this.userNatureMappers
= userNatureMappers
;
271 public String
getDefaultRole() {