org.argeo.security.auth.ldap/META-INF/spring/security-ldap.xml

   1 <beans xmlns="http://www.springframework.org/schema/beans"
   2         xmlns:security="http://www.springframework.org/schema/security"
   3         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   4         xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
   5               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
   6
   7         <!-- COMMON -->
   8         <bean
   9                 class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
  10                 <property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
  11                 <property name="locations">
  12                         <value>osgibundle:ldap.properties</value>
  13                 </property>
  14         </bean>
  15
  16         <!-- AUTHENTICATION -->
  17         <bean id="ldapAuthenticationProvider"
  18                 class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
  19                 <constructor-arg ref="ldapAuthenticator" />
  20                 <constructor-arg ref="authoritiesPopulator" />
  21                 <property name="userDetailsContextMapper" ref="jcrLdapSynchronizer" />
  22         </bean>
  23
  24         <!-- PasswordComparisonAuthenticator doesn't work with SSHA -->
  25         <!-- <bean id="ldapAuthenticator" -->
  26         <!-- class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator"> -->
  27         <!-- <constructor-arg ref="contextSource" /> -->
  28         <!-- <property name="userDnPatterns"> -->
  29         <!-- <list> -->
  30         <!-- <value><![CDATA[${argeo.ldap.usernameAttribute}={0},${argeo.ldap.userBase}]]></value> -->
  31         <!-- </list> -->
  32         <!-- </property> -->
  33         <!-- <property name="passwordAttributeName" value="${argeo.ldap.passwordAttribute}"
  34                 /> -->
  35         <!-- <property name="passwordEncoder" ref="passwordEncoder" /> -->
  36         <!-- </bean> -->
  37
  38         <!-- Bind authenticator doesn't work with Apache DS 1.0 -->
  39         <bean id="ldapAuthenticator"
  40                 class="org.springframework.security.ldap.authentication.BindAuthenticator">
  41                 <constructor-arg ref="contextSource" />
  42                 <property name="userDnPatterns">
  43                         <list>
  44                                 <value><![CDATA[${argeo.ldap.usernameAttribute}={0},${argeo.ldap.userBase}]]></value>
  45                         </list>
  46                 </property>
  47         </bean>
  48
  49         <!-- USER DETAILS -->
  50         <!-- <bean id="userDetailsManager" class="org.argeo.security.ldap.ArgeoLdapUserDetailsManager"> -->
  51         <!-- <constructor-arg ref="contextSource" /> -->
  52         <!-- <property name="groupSearchBase" value="${argeo.ldap.groupBase}" /> -->
  53         <!-- <property name="groupMemberAttributeName" value="${argeo.ldap.groupMemberAttribute}"
  54                 /> -->
  55         <!-- <property name="usernameMapper" ref="usernameMapper" /> -->
  56         <!-- <property name="userDetailsMapper" ref="jcrLdapSynchronizer" /> -->
  57         <!-- <property name="userAdminDao" ref="userAdminDao" /> -->
  58         <!-- <property name="passwordEncoder" ref="passwordEncoder" /> -->
  59         <!-- <property name="passwordAttributeName" value="${argeo.ldap.passwordAttribute}"
  60                 /> -->
  61         <!-- <property name="superUsername" value="${argeo.security.superUsername}"
  62                 /> -->
  63         <!-- </bean> -->
  64
  65         <!-- <bean id="userAdminDao" class="org.argeo.security.ldap.ArgeoUserAdminDaoLdap"> -->
  66         <!-- <constructor-arg ref="contextSource" /> -->
  67         <!-- <property name="userBase" value="${argeo.ldap.userBase}" /> -->
  68         <!-- <property name="usernameAttribute" value="${argeo.ldap.usernameAttribute}"
  69                 /> -->
  70         <!-- <property name="groupClasses"> -->
  71         <!-- <list> -->
  72         <!-- <value>top</value> -->
  73         <!-- <value>${argeo.ldap.groupClass}</value> -->
  74         <!-- </list> -->
  75         <!-- </property> -->
  76         <!-- <property name="groupBase" value="${argeo.ldap.groupBase}" /> -->
  77         <!-- <property name="groupRoleAttribute" value="${argeo.ldap.groupRoleAttribute}"
  78                 /> -->
  79         <!-- <property name="groupMemberAttribute" value="${argeo.ldap.groupMemberAttribute}"
  80                 /> -->
  81         <!-- <property name="defaultRole" value="${argeo.security.defaultRole}"
  82                 /> -->
  83         <!-- <property name="rolePrefix" value="${argeo.security.rolePrefix}" /> -->
  84         <!-- <property name="usernameMapper" ref="usernameMapper" /> -->
  85         <!-- </bean> -->
  86
  87         <bean id="usernameMapper"
  88                 class="org.springframework.security.ldap.DefaultLdapUsernameToDnMapper">
  89                 <constructor-arg value="${argeo.ldap.userBase}" />
  90                 <constructor-arg value="${argeo.ldap.usernameAttribute}" />
  91         </bean>
  92
  93         <bean id="authoritiesPopulator"
  94                 class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
  95                 <constructor-arg ref="contextSource" />
  96                 <constructor-arg value="${argeo.ldap.groupBase}" />
  97                 <property name="groupSearchFilter" value="${argeo.ldap.groupMemberAttribute}={0}" />
  98                 <property name="defaultRole" value="${argeo.security.defaultRole}" />
  99                 <property name="rolePrefix" value="${argeo.security.rolePrefix}" />
 100         </bean>
 101
 102         <!-- LDAP LOW LEVEL -->
 103         <bean id="contextSource"
 104                 class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
 105                 <constructor-arg
 106                         value="${argeo.ldap.protocol}://${argeo.ldap.host}:${argeo.ldap.port}/${argeo.ldap.rootdn}" />
 107                 <!-- <property name="userDn" value="${argeo.ldap.manager.userdn}" /> -->
 108                 <!-- <property name="password" value="${argeo.ldap.manager.password}" /> -->
 109         </bean>
 110
 111         <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
 112                 <constructor-arg ref="contextSource" />
 113         </bean>
 114
 115         <bean id="rawLdapTemplate" class="org.springframework.ldap.core.LdapTemplate">
 116                 <description><![CDATA[LDAP template returning raw dir contexts, see http://forum.springsource.org/showthread.php?55955-Persistent-search-with-spring-ldap]]></description>
 117                 <constructor-arg>
 118                         <bean parent="contextSource">
 119                                 <property name="dirObjectFactory">
 120                                         <null />
 121                                 </property>
 122                         </bean>
 123                 </constructor-arg>
 124         </bean>
 125
 126         <bean id="passwordEncoder" class="org.argeo.security.ldap.ArgeoLdapShaPasswordEncoder">
 127                 <property name="useSalt" value="${argeo.ldap.password.useSalt}" />
 128         </bean>
 129 </beans>