X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fldap%2FArgeoSecurityDaoLdap.java;h=c5cda2ed4a15b81c38f52575fd277b232565e4ca;hb=54ca073308e726107a5e59b50ce875ebeb43b965;hp=ae1fceea319ea0a122ab8bd0ef425c8082a1c194;hpb=ec59a58bc368dc922a454d52eb70bb91dfd68793;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java index ae1fceea3..c5cda2ed4 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java @@ -1,6 +1,6 @@ package org.argeo.security.ldap; -import static org.argeo.security.core.ArgeoUserDetails.createBasicArgeoUser; +import static org.argeo.security.core.ArgeoUserDetails.createSimpleArgeoUser; import java.util.ArrayList; import java.util.List; @@ -11,6 +11,7 @@ import javax.naming.directory.DirContext; import org.argeo.security.ArgeoSecurityDao; import org.argeo.security.ArgeoUser; +import org.argeo.security.SimpleArgeoUser; import org.argeo.security.core.ArgeoUserDetails; import org.springframework.beans.factory.InitializingBean; import org.springframework.ldap.core.ContextExecutor; @@ -19,29 +20,67 @@ import org.springframework.ldap.core.ContextSource; import org.springframework.ldap.core.DirContextAdapter; import org.springframework.ldap.core.DistinguishedName; import org.springframework.ldap.core.LdapTemplate; +import org.springframework.security.Authentication; +import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper; +import org.springframework.security.ldap.LdapAuthoritiesPopulator; import org.springframework.security.ldap.LdapUsernameToDnMapper; import org.springframework.security.ldap.LdapUtils; +import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator; import org.springframework.security.userdetails.UserDetails; import org.springframework.security.userdetails.UserDetailsManager; +import org.springframework.security.userdetails.ldap.LdapUserDetailsManager; +import org.springframework.security.userdetails.ldap.UserDetailsContextMapper; public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean { // private final static Log log = LogFactory.getLog(UserDaoLdap.class); private UserDetailsManager userDetailsManager; - private ArgeoLdapAuthoritiesPopulator authoritiesPopulator; + private LdapAuthoritiesPopulator authoritiesPopulator; private String userBase = "ou=users"; - private String usernameAttribute = "uid"; + private String usernameAttributeName = "uid"; + private String groupBase = "ou=groups"; + private String groupRoleAttributeName = "cn"; + private String groupMemberAttributeName = "uniquemember"; + private String defaultRole = "ROLE_USER"; + private String rolePrefix = "ROLE_"; private final LdapTemplate ldapTemplate; - /* TODO: factorize with user details manager */ private LdapUsernameToDnMapper usernameMapper = null; + private UserDetailsContextMapper userDetailsMapper; + private List userNatureMappers; + public void afterPropertiesSet() throws Exception { if (usernameMapper == null) usernameMapper = new DefaultLdapUsernameToDnMapper(userBase, - usernameAttribute); + usernameAttributeName); + + if (authoritiesPopulator == null) { + DefaultLdapAuthoritiesPopulator ap = new DefaultLdapAuthoritiesPopulator( + ldapTemplate.getContextSource(), groupBase); + ap.setDefaultRole(defaultRole); + ap.setGroupSearchFilter(groupMemberAttributeName + "={0}"); + authoritiesPopulator = ap; + } + + if (userDetailsMapper == null) { + ArgeoUserDetailsContextMapper audm = new ArgeoUserDetailsContextMapper(); + audm.setUserNatureMappers(userNatureMappers); + userDetailsMapper = audm; + } + + if (userDetailsManager == null) { + LdapUserDetailsManager ludm = new LdapUserDetailsManager( + ldapTemplate.getContextSource()); + ludm.setGroupSearchBase(groupBase); + ludm.setUserDetailsMapper(userDetailsMapper); + ludm.setUsernameMapper(usernameMapper); + ludm.setGroupMemberAttributeName(groupMemberAttributeName); + userDetailsManager = ludm; + } + } public ArgeoSecurityDaoLdap(ContextSource contextSource) { @@ -53,7 +92,22 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean } public ArgeoUser getUser(String uname) { - return createBasicArgeoUser(getDetails(uname)); + SimpleArgeoUser user = createSimpleArgeoUser(getDetails(uname)); + user.setPassword(null); + return user; + } + + public ArgeoUser getUserWithPassword(String uname) { + return createSimpleArgeoUser(getDetails(uname)); + } + + public ArgeoUser getCurrentUser() { + Authentication authentication = SecurityContextHolder.getContext() + .getAuthentication(); + ArgeoUser argeoUser = ArgeoUserDetails.asArgeoUser(authentication); + if (argeoUser.getRoles().contains(defaultRole)) + argeoUser.getRoles().remove(defaultRole); + return argeoUser; } @SuppressWarnings("unchecked") @@ -62,30 +116,28 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean new DistinguishedName(userBase), new ContextMapper() { public Object mapFromContext(Object ctxArg) { DirContextAdapter ctx = (DirContextAdapter) ctxArg; - return ctx.getStringAttribute(usernameAttribute); + return ctx.getStringAttribute(usernameAttributeName); } }); List lst = new ArrayList(); for (String username : usernames) { - lst.add(createBasicArgeoUser(getDetails(username))); + lst.add(createSimpleArgeoUser(getDetails(username))); } return lst; } @SuppressWarnings("unchecked") public List listEditableRoles() { - return (List) ldapTemplate.listBindings(authoritiesPopulator - .getGroupSearchBase(), new ContextMapper() { - public Object mapFromContext(Object ctxArg) { - String groupName = ((DirContextAdapter) ctxArg) - .getStringAttribute(authoritiesPopulator - .getGroupRoleAttribute()); - String roleName = authoritiesPopulator - .convertGroupToRole(groupName); - return roleName; - } - }); + return (List) ldapTemplate.listBindings(groupBase, + new ContextMapper() { + public Object mapFromContext(Object ctxArg) { + String groupName = ((DirContextAdapter) ctxArg) + .getStringAttribute(groupRoleAttributeName); + String roleName = convertGroupToRole(groupName); + return roleName; + } + }); } public void update(ArgeoUser user) { @@ -134,18 +186,23 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean } protected String convertRoleToGroup(String role) { - // FIXME: factorize with spring security String group = role; - if (group.startsWith("ROLE_")) { - group = group.substring("ROLE_".length()); + if (group.startsWith(rolePrefix)) { + group = group.substring(rolePrefix.length()); group = group.toLowerCase(); } return group; } + public String convertGroupToRole(String groupName) { + groupName = groupName.toUpperCase(); + + return rolePrefix + groupName; + } + protected Name buildGroupDn(String name) { - return new DistinguishedName("cn=" + name + "," - + authoritiesPopulator.getGroupSearchBase()); + return new DistinguishedName(groupRoleAttributeName + "=" + name + "," + + groupBase); } public void setUserDetailsManager(UserDetailsManager userDetailsManager) { @@ -156,16 +213,60 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean this.userBase = userBase; } - public void setUsernameAttribute(String usernameAttribute) { - this.usernameAttribute = usernameAttribute; + public void setUsernameAttributeName(String usernameAttribute) { + this.usernameAttributeName = usernameAttribute; } public void setAuthoritiesPopulator( - ArgeoLdapAuthoritiesPopulator authoritiesPopulator) { + LdapAuthoritiesPopulator authoritiesPopulator) { this.authoritiesPopulator = authoritiesPopulator; } protected UserDetails getDetails(String username) { return userDetailsManager.loadUserByUsername(username); } + + public void setGroupBase(String groupBase) { + this.groupBase = groupBase; + } + + public void setGroupRoleAttributeName(String groupRoleAttributeName) { + this.groupRoleAttributeName = groupRoleAttributeName; + } + + public void setGroupMemberAttributeName(String groupMemberAttributeName) { + this.groupMemberAttributeName = groupMemberAttributeName; + } + + public void setDefaultRole(String defaultRole) { + this.defaultRole = defaultRole; + } + + public void setRolePrefix(String rolePrefix) { + this.rolePrefix = rolePrefix; + } + + public void setUsernameMapper(LdapUsernameToDnMapper usernameMapper) { + this.usernameMapper = usernameMapper; + } + + public void setUserDetailsMapper(UserDetailsContextMapper userDetailsMapper) { + this.userDetailsMapper = userDetailsMapper; + } + + public LdapAuthoritiesPopulator getAuthoritiesPopulator() { + return authoritiesPopulator; + } + + public UserDetailsContextMapper getUserDetailsMapper() { + return userDetailsMapper; + } + + public void setUserNatureMappers(List userNatureMappers) { + this.userNatureMappers = userNatureMappers; + } + + public String getDefaultRole() { + return defaultRole; + } }