auth-ldap.xml

   1 <beans xmlns="http://www.springframework.org/schema/beans"
   2         xmlns:security="http://www.springframework.org/schema/security"
   3         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   4         xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
   5               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
   6
   7
   8         <!-- AUTHENTICATION -->
   9         <bean id="ldapAuthenticationProvider"
  10                 class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
  11                 <constructor-arg ref="ldapAuthenticator" />
  12                 <constructor-arg ref="authoritiesPopulator" />
  13                 <property name="userDetailsContextMapper" ref="jcrLdapSynchronizer" />
  14         </bean>
  15
  16         <!-- PasswordComparisonAuthenticator doesn't work with SSHA -->
  17         <bean id="ldapAuthenticator"
  18                 class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator">
  19                 <constructor-arg ref="contextSource" />
  20                 <property name="userDnPatterns">
  21                         <list>
  22                                 <value><![CDATA[${argeo.ldap.usernameAttribute}={0},${argeo.ldap.userBase}]]></value>
  23                         </list>
  24                 </property>
  25                 <property name="passwordAttributeName" value="${argeo.ldap.passwordAttribute}" />
  26                 <property name="passwordEncoder" ref="passwordEncoder" />
  27         </bean>
  28
  29         <!-- Bind authenticator doesn't work with Apache DS 1.0 -->
  30         <!-- <bean id="ldapAuthenticator" -->
  31         <!-- class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> -->
  32         <!-- <constructor-arg ref="contextSource" /> -->
  33         <!-- <property name="userDnPatterns"> -->
  34         <!-- <list> -->
  35         <!-- <value><![CDATA[${argeo.ldap.usernameAttribute}={0},${argeo.ldap.userBase}]]></value> -->
  36         <!-- </list> -->
  37         <!-- </property> -->
  38         <!-- </bean> -->
  39
  40         <!-- USER DETAILS -->
  41         <bean id="ldapUserDetailsService"
  42                 class="org.springframework.security.userdetails.ldap.LdapUserDetailsService">
  43                 <constructor-arg ref="ldapUserSearch" />
  44                 <constructor-arg ref="authoritiesPopulator" />
  45                 <property name="userDetailsMapper" ref="jcrLdapSynchronizer" />
  46         </bean>
  47
  48         <bean id="ldapUserSearch"
  49                 class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  50                 <!-- search base -->
  51                 <constructor-arg value="${argeo.ldap.userBase}" />
  52                 <!-- search filter -->
  53                 <constructor-arg value="(${argeo.ldap.usernameAttribute}={0})" />
  54                 <!-- context source -->
  55                 <constructor-arg ref="contextSource" />
  56         </bean>
  57
  58         <bean id="usernameMapper"
  59                 class="org.springframework.security.ldap.DefaultLdapUsernameToDnMapper">
  60                 <constructor-arg value="${argeo.ldap.userBase}" />
  61                 <constructor-arg value="${argeo.ldap.usernameAttribute}" />
  62         </bean>
  63
  64         <bean id="authoritiesPopulator"
  65                 class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
  66                 <constructor-arg ref="contextSource" />
  67                 <constructor-arg value="${argeo.ldap.groupBase}" />
  68                 <property name="groupSearchFilter" value="${argeo.ldap.groupMemberAttribute}={0}" />
  69                 <property name="defaultRole" value="${argeo.security.defaultRole}" />
  70                 <property name="rolePrefix" value="${argeo.security.rolePrefix}" />
  71         </bean>
  72
  73         <!-- LDAP LOW LEVEL -->
  74         <bean id="contextSource"
  75                 class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  76                 <constructor-arg
  77                         value="${argeo.ldap.protocol}://${argeo.ldap.host}:${argeo.ldap.port}/${argeo.ldap.rootdn}" />
  78                 <property name="userDn" value="${argeo.ldap.manager.userdn}" />
  79                 <property name="password" value="${argeo.ldap.manager.password}" />
  80         </bean>
  81
  82         <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
  83                 <constructor-arg ref="contextSource" />
  84         </bean>
  85
  86         <bean id="rawLdapTemplate" class="org.springframework.ldap.core.LdapTemplate">
  87                 <description><![CDATA[LDAP template returning raw dir contexts, see http://forum.springsource.org/showthread.php?55955-Persistent-search-with-spring-ldap]]></description>
  88                 <constructor-arg>
  89                         <bean parent="contextSource">
  90                                 <property name="dirObjectFactory">
  91                                         <null />
  92                                 </property>
  93                         </bean>
  94                 </constructor-arg>
  95         </bean>
  96
  97         <bean id="passwordEncoder" class="org.argeo.security.ldap.ArgeoLdapShaPasswordEncoder">
  98                 <property name="useSalt" value="${argeo.ldap.password.useSalt}" />
  99         </bean>
 100 </beans>