Add license headers

[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / ldap / ArgeoSecurityDaoLdap.java
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java

index c5cda2ed4a15b81c38f52575fd277b232565e4ca..350050bbcb5e30786cdebc7f747b0067e00dbd8e 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
  package org.argeo.security.ldap;
  
  import static org.argeo.security.core.ArgeoUserDetails.createSimpleArgeoUser;
@@ -16,10 +32,10 @@ import org.argeo.security.core.ArgeoUserDetails;
  import org.springframework.beans.factory.InitializingBean;
  import org.springframework.ldap.core.ContextExecutor;
  import org.springframework.ldap.core.ContextMapper;
-import org.springframework.ldap.core.ContextSource;
  import org.springframework.ldap.core.DirContextAdapter;
  import org.springframework.ldap.core.DistinguishedName;
  import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.ldap.core.support.BaseLdapPathContextSource;
  import org.springframework.security.Authentication;
  import org.springframework.security.context.SecurityContextHolder;
  import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper;
@@ -27,9 +43,12 @@ import org.springframework.security.ldap.LdapAuthoritiesPopulator;
  import org.springframework.security.ldap.LdapUsernameToDnMapper;
  import org.springframework.security.ldap.LdapUtils;
  import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
+import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
  import org.springframework.security.userdetails.UserDetails;
  import org.springframework.security.userdetails.UserDetailsManager;
+import org.springframework.security.userdetails.UserDetailsService;
  import org.springframework.security.userdetails.ldap.LdapUserDetailsManager;
+import org.springframework.security.userdetails.ldap.LdapUserDetailsService;
  import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
  
  public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean {
@@ -37,19 +56,22 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
  
         private UserDetailsManager userDetailsManager;
         private LdapAuthoritiesPopulator authoritiesPopulator;
-       private String userBase = "ou=users";
+       private String userBase = "ou=People";
         private String usernameAttributeName = "uid";
-       private String groupBase = "ou=groups";
+       private String groupBase = "ou=Roles";
+       private String[] groupClasses = { "top", "groupOfNames" };
         private String groupRoleAttributeName = "cn";
-       private String groupMemberAttributeName = "uniquemember";
+       private String groupMemberAttributeName = "member";
         private String defaultRole = "ROLE_USER";
         private String rolePrefix = "ROLE_";
  
+       private final BaseLdapPathContextSource contextSource;
         private final LdapTemplate ldapTemplate;
  
         private LdapUsernameToDnMapper usernameMapper = null;
  
         private UserDetailsContextMapper userDetailsMapper;
+       private LdapUserDetailsService ldapUserDetailsService;
         private List<UserNatureMapper> userNatureMappers;
  
         public void afterPropertiesSet() throws Exception {
@@ -81,10 +103,19 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
                         userDetailsManager = ludm;
                 }
  
+               if (ldapUserDetailsService == null) {
+                       FilterBasedLdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch(
+                                       userBase, "(" + usernameAttributeName + "={0})",
+                                       contextSource);
+                       ldapUserDetailsService = new LdapUserDetailsService(ldapUserSearch,
+                                       authoritiesPopulator);
+                       ldapUserDetailsService.setUserDetailsMapper(userDetailsMapper);
+               }
         }
  
-       public ArgeoSecurityDaoLdap(ContextSource contextSource) {
-               ldapTemplate = new LdapTemplate(contextSource);
+       public ArgeoSecurityDaoLdap(BaseLdapPathContextSource contextSource) {
+               this.contextSource = contextSource;
+               ldapTemplate = new LdapTemplate(this.contextSource);
         }
  
         public void create(ArgeoUser user) {
@@ -105,6 +136,8 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
                 Authentication authentication = SecurityContextHolder.getContext()
                                 .getAuthentication();
                 ArgeoUser argeoUser = ArgeoUserDetails.asArgeoUser(authentication);
+               if (argeoUser == null)
+                       return null;
                 if (argeoUser.getRoles().contains(defaultRole))
                         argeoUser.getRoles().remove(defaultRole);
                 return argeoUser;
@@ -148,10 +181,6 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
                 userDetailsManager.deleteUser(username);
         }
  
-       public void updatePassword(String oldPassword, String newPassword) {
-               userDetailsManager.changePassword(oldPassword, newPassword);
-       }
-
         public Boolean userExists(String username) {
                 return userDetailsManager.userExists(username);
         }
@@ -169,12 +198,12 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
  
                 Name groupDn = buildGroupDn(group);
                 DirContextAdapter context = new DirContextAdapter();
-               context.setAttributeValues("objectClass", new String[] { "top",
-                               "groupOfUniqueNames" });
+               context.setAttributeValues("objectClass", groupClasses);
                 context.setAttributeValue("cn", group);
  
                 // Add superuser because cannot create empty group
-               context.setAttributeValue("uniqueMember", superuserDn.toString());
+               context.setAttributeValue(groupMemberAttributeName, superuserDn
+                               .toString());
  
                 ldapTemplate.bind(groupDn, context, null);
         }
@@ -269,4 +298,13 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
         public String getDefaultRole() {
                 return defaultRole;
         }
+
+       public void setGroupClasses(String[] groupClasses) {
+               this.groupClasses = groupClasses;
+       }
+
+       public UserDetailsService getUserDetailsService() {
+               return ldapUserDetailsService;
+       }
+
  }