+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package org.argeo.security.ldap;
-import static org.argeo.security.core.ArgeoUserDetails.createBasicArgeoUser;
+import static org.argeo.security.core.ArgeoUserDetails.createSimpleArgeoUser;
import java.util.ArrayList;
import java.util.List;
import org.argeo.security.ArgeoSecurityDao;
import org.argeo.security.ArgeoUser;
+import org.argeo.security.SimpleArgeoUser;
import org.argeo.security.core.ArgeoUserDetails;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.ldap.core.ContextExecutor;
import org.springframework.ldap.core.ContextMapper;
-import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.ldap.core.support.BaseLdapPathContextSource;
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper;
import org.springframework.security.ldap.LdapAuthoritiesPopulator;
import org.springframework.security.ldap.LdapUsernameToDnMapper;
import org.springframework.security.ldap.LdapUtils;
import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
+import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsManager;
+import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.ldap.LdapUserDetailsManager;
+import org.springframework.security.userdetails.ldap.LdapUserDetailsService;
import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean {
private UserDetailsManager userDetailsManager;
private LdapAuthoritiesPopulator authoritiesPopulator;
- private String userBase = "ou=users";
+ private String userBase = "ou=People";
private String usernameAttributeName = "uid";
- private String groupBase = "ou=groups";
+ private String groupBase = "ou=Roles";
+ private String[] groupClasses = { "top", "groupOfNames" };
private String groupRoleAttributeName = "cn";
- private String groupMemberAttributeName = "uniquemember";
+ private String groupMemberAttributeName = "member";
private String defaultRole = "ROLE_USER";
private String rolePrefix = "ROLE_";
+ private final BaseLdapPathContextSource contextSource;
private final LdapTemplate ldapTemplate;
private LdapUsernameToDnMapper usernameMapper = null;
private UserDetailsContextMapper userDetailsMapper;
+ private LdapUserDetailsService ldapUserDetailsService;
private List<UserNatureMapper> userNatureMappers;
public void afterPropertiesSet() throws Exception {
userDetailsManager = ludm;
}
+ if (ldapUserDetailsService == null) {
+ FilterBasedLdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch(
+ userBase, "(" + usernameAttributeName + "={0})",
+ contextSource);
+ ldapUserDetailsService = new LdapUserDetailsService(ldapUserSearch,
+ authoritiesPopulator);
+ ldapUserDetailsService.setUserDetailsMapper(userDetailsMapper);
+ }
}
- public ArgeoSecurityDaoLdap(ContextSource contextSource) {
- ldapTemplate = new LdapTemplate(contextSource);
+ public ArgeoSecurityDaoLdap(BaseLdapPathContextSource contextSource) {
+ this.contextSource = contextSource;
+ ldapTemplate = new LdapTemplate(this.contextSource);
}
public void create(ArgeoUser user) {
}
public ArgeoUser getUser(String uname) {
- return createBasicArgeoUser(getDetails(uname));
+ SimpleArgeoUser user = createSimpleArgeoUser(getDetails(uname));
+ user.setPassword(null);
+ return user;
+ }
+
+ public ArgeoUser getUserWithPassword(String uname) {
+ return createSimpleArgeoUser(getDetails(uname));
+ }
+
+ public ArgeoUser getCurrentUser() {
+ Authentication authentication = SecurityContextHolder.getContext()
+ .getAuthentication();
+ ArgeoUser argeoUser = ArgeoUserDetails.asArgeoUser(authentication);
+ if (argeoUser == null)
+ return null;
+ if (argeoUser.getRoles().contains(defaultRole))
+ argeoUser.getRoles().remove(defaultRole);
+ return argeoUser;
}
@SuppressWarnings("unchecked")
List<ArgeoUser> lst = new ArrayList<ArgeoUser>();
for (String username : usernames) {
- lst.add(createBasicArgeoUser(getDetails(username)));
+ lst.add(createSimpleArgeoUser(getDetails(username)));
}
return lst;
}
userDetailsManager.deleteUser(username);
}
- public void updatePassword(String oldPassword, String newPassword) {
- userDetailsManager.changePassword(oldPassword, newPassword);
- }
-
public Boolean userExists(String username) {
return userDetailsManager.userExists(username);
}
Name groupDn = buildGroupDn(group);
DirContextAdapter context = new DirContextAdapter();
- context.setAttributeValues("objectClass", new String[] { "top",
- "groupOfUniqueNames" });
+ context.setAttributeValues("objectClass", groupClasses);
context.setAttributeValue("cn", group);
// Add superuser because cannot create empty group
- context.setAttributeValue("uniqueMember", superuserDn.toString());
+ context.setAttributeValue(groupMemberAttributeName, superuserDn
+ .toString());
ldapTemplate.bind(groupDn, context, null);
}
public void setUserNatureMappers(List<UserNatureMapper> userNatureMappers) {
this.userNatureMappers = userNatureMappers;
}
+
+ public String getDefaultRole() {
+ return defaultRole;
+ }
+
+ public void setGroupClasses(String[] groupClasses) {
+ this.groupClasses = groupClasses;
+ }
+
+ public UserDetailsService getUserDetailsService() {
+ return ldapUserDetailsService;
+ }
+
}