Centralize authentication

[lgpl/argeo-commons.git] / security / modules / org.argeo.security.manager.ldap / META-INF / spring / ldap.xml

diff --git a/security/modules/org.argeo.security.manager.ldap/META-INF/spring/ldap.xml b/security/modules/org.argeo.security.manager.ldap/META-INF/spring/ldap.xml
new file mode 100644 (file)
index 0000000..49a2c93
--- /dev/null
+++ b/security/modules/org.argeo.security.manager.ldap/META-INF/spring/ldap.xml
@@ -0,0 +1,62 @@
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:security="http://www.springframework.org/schema/security"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
+
+
+       <bean id="_authenticationManager" class="org.springframework.security.providers.ProviderManager">
+               <property name="providers">
+                       <list>
+                               <ref bean="authenticationProvider" />
+                       </list>
+               </property>
+       </bean>
+
+       <!--
+               <security:ldap-server
+               url="ldap://localhost:10389/dc=demo,dc=argeo,dc=org"
+               manager-dn="uid=admin,ou=system" manager-password="secret" />
+
+               <security:ldap-authentication-provider
+               user-details-class="inetOrgPerson" user-dn-pattern="uid={0},ou=users"
+               group-search-base="ou=groups"> <security:password-compare hash="{sha}"
+               /> </security:ldap-authentication-provider>
+       -->
+
+       <bean id="contextSource"
+               class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
+               <constructor-arg value="ldap://localhost:10389/dc=demo,dc=argeo,dc=org" />
+               <property name="userDn" value="uid=admin,ou=system" />
+               <property name="password" value="secret" />
+       </bean>
+
+       <bean id="authenticationProvider"
+               class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
+               <constructor-arg>
+                       <bean
+                               class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator">
+                               <constructor-arg ref="contextSource" />
+                               <property name="userDnPatterns">
+                                       <list>
+                                               <value>uid={0},ou=users</value>
+                                       </list>
+                               </property>
+                               <property name="passwordEncoder">
+                                       <bean
+                                               class="org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder"></bean>
+                               </property>
+                       </bean>
+               </constructor-arg>
+               <constructor-arg>
+                       <bean
+                               class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
+                               <constructor-arg ref="contextSource" />
+                               <constructor-arg value="ou=groups" />
+                               <!-- <property name="defaultRole" value="ROLE_USER" /> -->
+                               <property name="groupSearchFilter" value="uniqueMember={0}" />
+                       </bean>
+               </constructor-arg>
+       </bean>
+
+</beans>