--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>org.argeo.security.auth</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.pde.ManifestBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.pde.SchemaBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.pde.PluginNature</nature>
+ </natures>
+</projectDescription>
--- /dev/null
+Manifest-Version: 1.0
+Bundle-ManifestVersion: 2
+Bundle-Name: Manager
+Bundle-SymbolicName: org.argeo.security.auth
+Bundle-Version: 1.0.0.qualifier
+Bundle-Vendor: Argeo
+Bundle-RequiredExecutionEnvironment: J2SE-1.5
--- /dev/null
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:security="http://www.springframework.org/schema/security"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
+ http://www.springframework.org/schema/security
+ http://www.springframework.org/schema/security/spring-security-2.0.4.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.5.xsd">
+
+ <bean id="argeoDataModel" class="org.argeo.jackrabbit.JackrabbitContainer"
+ init-method="init" destroy-method="destroy">
+ <description><![CDATA[Make sure that Argeo base data model is registered]]></description>
+ <property name="cndFiles">
+ <list>
+ <value>/org/argeo/jcr/argeo.cnd</value>
+ </list>
+ </property>
+ <property name="repository" ref="nodeRepository" />
+ <property name="bundleContext" ref="bundleContext" />
+ </bean>
+</beans>
--- /dev/null
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:security="http://www.springframework.org/schema/security"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
+ http://www.springframework.org/schema/security
+ http://www.springframework.org/schema/security/spring-security-2.0.4.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.5.xsd">
+
+ <bean id="jcrLdapSynchronizer" class="org.argeo.security.ldap.jcr.JcrLdapSynchronizer"
+ init-method="init" destroy-method="destroy" depends-on="argeoDataModel">
+ <!-- LDAP -->
+ <property name="usernameAttribute" value="${argeo.ldap.usernameAttribute}" />
+ <property name="passwordAttribute" value="${argeo.ldap.passwordAttribute}" />
+ <property name="userClasses">
+ <list>
+ <value>${argeo.ldap.userClass}</value>
+ </list>
+ </property>
+ <property name="passwordEncoder" ref="passwordEncoder" />
+ <property name="userBase" value="${argeo.ldap.userBase}" />
+ <property name="usernameMapper" ref="usernameMapper" />
+ <property name="ldapTemplate" ref="ldapTemplate" />
+ <property name="rawLdapTemplate" ref="rawLdapTemplate" />
+ <!-- JCR -->
+ <property name="repository" ref="nodeRepository" />
+ <property name="securityWorkspace" value="${argeo.node.repo.securityWorkspace}" />
+ <property name="propertyToAttributes" ref="propertyToAttributes" />
+ </bean>
+
+ <!-- LDAP / JCR mapping -->
+ <util:map id="propertyToAttributes">
+ <entry value="cn">
+ <key>
+ <util:constant static-field="javax.jcr.Property.JCR_TITLE" />
+ </key>
+ </entry>
+ <entry value="description">
+ <key>
+ <util:constant static-field="javax.jcr.Property.JCR_DESCRIPTION" />
+ </key>
+ </entry>
+ <entry value="givenName">
+ <key>
+ <util:constant static-field="org.argeo.jcr.ArgeoNames.ARGEO_FIRST_NAME" />
+ </key>
+ </entry>
+ <entry value="sn">
+ <key>
+ <util:constant static-field="org.argeo.jcr.ArgeoNames.ARGEO_LAST_NAME" />
+ </key>
+ </entry>
+ <entry value="mail">
+ <key>
+ <util:constant static-field="org.argeo.jcr.ArgeoNames.ARGEO_PRIMARY_EMAIL" />
+ </key>
+ </entry>
+ <entry value="o">
+ <key>
+ <util:constant static-field="org.argeo.jcr.ArgeoNames.ARGEO_PRIMARY_ORGANIZATION" />
+ </key>
+ </entry>
+ </util:map>
+</beans>
--- /dev/null
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:security="http://www.springframework.org/schema/security"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
+
+
+ <!-- AUTHENTICATION -->
+ <bean id="ldapAuthenticationProvider"
+ class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
+ <constructor-arg ref="ldapAuthenticator" />
+ <constructor-arg ref="authoritiesPopulator" />
+ <property name="userDetailsContextMapper" ref="jcrLdapSynchronizer" />
+ </bean>
+
+ <!-- PasswordComparisonAuthenticator doesn't work with SSHA -->
+ <bean id="ldapAuthenticator"
+ class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator">
+ <constructor-arg ref="contextSource" />
+ <property name="userDnPatterns">
+ <list>
+ <value><![CDATA[${argeo.ldap.usernameAttribute}={0},${argeo.ldap.userBase}]]></value>
+ </list>
+ </property>
+ <property name="passwordAttributeName" value="${argeo.ldap.passwordAttribute}" />
+ <property name="passwordEncoder" ref="passwordEncoder" />
+ </bean>
+
+ <!-- Bind authenticator doesn't work with Apache DS 1.0 -->
+ <!-- <bean id="ldapAuthenticator" -->
+ <!-- class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> -->
+ <!-- <constructor-arg ref="contextSource" /> -->
+ <!-- <property name="userDnPatterns"> -->
+ <!-- <list> -->
+ <!-- <value><![CDATA[${argeo.ldap.usernameAttribute}={0},${argeo.ldap.userBase}]]></value> -->
+ <!-- </list> -->
+ <!-- </property> -->
+ <!-- </bean> -->
+
+ <!-- USER DETAILS -->
+ <bean id="ldapUserDetailsService"
+ class="org.springframework.security.userdetails.ldap.LdapUserDetailsService">
+ <constructor-arg ref="ldapUserSearch" />
+ <constructor-arg ref="authoritiesPopulator" />
+ <property name="userDetailsMapper" ref="jcrLdapSynchronizer" />
+ </bean>
+
+ <bean id="ldapUserSearch"
+ class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
+ <!-- search base -->
+ <constructor-arg value="${argeo.ldap.userBase}" />
+ <!-- search filter -->
+ <constructor-arg value="(${argeo.ldap.usernameAttribute}={0})" />
+ <!-- context source -->
+ <constructor-arg ref="contextSource" />
+ </bean>
+
+ <bean id="usernameMapper"
+ class="org.springframework.security.ldap.DefaultLdapUsernameToDnMapper">
+ <constructor-arg value="${argeo.ldap.userBase}" />
+ <constructor-arg value="${argeo.ldap.usernameAttribute}" />
+ </bean>
+
+ <bean id="authoritiesPopulator"
+ class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
+ <constructor-arg ref="contextSource" />
+ <constructor-arg value="${argeo.ldap.groupBase}" />
+ <property name="groupSearchFilter" value="${argeo.ldap.groupMemberAttribute}={0}" />
+ <property name="defaultRole" value="${argeo.security.defaultRole}" />
+ <property name="rolePrefix" value="${argeo.security.rolePrefix}" />
+ </bean>
+
+ <!-- LDAP LOW LEVEL -->
+ <bean id="contextSource"
+ class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
+ <constructor-arg
+ value="${argeo.ldap.protocol}://${argeo.ldap.host}:${argeo.ldap.port}/${argeo.ldap.rootdn}" />
+ <property name="userDn" value="${argeo.ldap.manager.userdn}" />
+ <property name="password" value="${argeo.ldap.manager.password}" />
+ </bean>
+
+ <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
+ <constructor-arg ref="contextSource" />
+ </bean>
+
+ <bean id="rawLdapTemplate" class="org.springframework.ldap.core.LdapTemplate">
+ <description><![CDATA[LDAP template returning raw dir contexts, see http://forum.springsource.org/showthread.php?55955-Persistent-search-with-spring-ldap]]></description>
+ <constructor-arg>
+ <bean parent="contextSource">
+ <property name="dirObjectFactory">
+ <null />
+ </property>
+ </bean>
+ </constructor-arg>
+ </bean>
+
+ <bean id="passwordEncoder" class="org.argeo.security.ldap.ArgeoLdapShaPasswordEncoder">
+ <property name="useSalt" value="${argeo.ldap.password.useSalt}" />
+ </bean>
+</beans>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>\r
+<beans:beans xmlns="http://www.springframework.org/schema/osgi"\r
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"\r
+ xsi:schemaLocation="http://www.springframework.org/schema/osgi \r
+ http://www.springframework.org/schema/osgi/spring-osgi-1.1.xsd\r
+ http://www.springframework.org/schema/beans \r
+ http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">\r
+\r
+ <!-- REFERENCES -->\r
+ <reference id="nodeRepository" interface="javax.jcr.Repository"\r
+ filter="(argeo.jcr.repository.alias=node)" />\r
+\r
+ <!-- SERVICES -->\r
+ <service ref="systemExecutionService" interface="org.argeo.security.SystemExecutionService" />\r
+ <service ref="authenticationManager"\r
+ interface="org.springframework.security.AuthenticationManager"\r
+ context-class-loader="service-provider" />\r
+\r
+ <service ref="ldapUserDetailsService"\r
+ interface="org.springframework.security.userdetails.UserDetailsService"\r
+ context-class-loader="service-provider" />\r
+</beans:beans>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
+
+ <!-- COMMON -->
+ <bean
+ class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+ <property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
+ <property name="locations">
+ <value>osgibundle:auth.properties</value>
+ </property>
+ </bean>
+
+ <!-- SERVICES -->
+ <bean id="systemExecutionService" class="org.argeo.security.core.KeyBasedSystemExecutionService">
+ <property name="authenticationManager" ref="authenticationManager" />
+ <property name="systemAuthenticationKey" value="${argeo.security.systemKey}" />
+ </bean>
+
+ <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
+ <property name="providers">
+ <list>
+ <ref bean="anonymousAuthenticationProvider" />
+ <ref bean="authByAdapterProvider" />
+ <ref bean="ldapAuthenticationProvider" />
+ </list>
+ </property>
+ </bean>
+
+ <!-- Authentication provider -->
+ <bean id="authByAdapterProvider"
+ class="org.springframework.security.adapters.AuthByAdapterProvider">
+ <description><![CDATA[System authentication]]></description>
+ <property name="key" value="${argeo.security.systemKey}" />
+ </bean>
+
+ <bean id="anonymousAuthenticationProvider"
+ class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
+ <description><![CDATA[Anonymous authentication]]></description>
+ <property name="key" value="${argeo.security.systemKey}" />
+ </bean>
+
+ <!-- Internal authentication, used by during the general authentication
+ initialization himself, in order to prevent the following dependency cycle:
+ Repository.login() <= AuthenticationManager <= LdapAuthenticationProvider
+ <= Repository.login() in init() -->
+ <bean id="internalAuthenticationManager" class="org.springframework.security.providers.ProviderManager">
+ <property name="providers">
+ <list>
+ <ref bean="authByAdapterProvider" />
+ </list>
+ </property>
+ </bean>
+
+ <bean
+ class="org.argeo.security.core.AuthenticatedApplicationContextInitialization">
+ <description><![CDATA[Executes initialization with a system authentication]]></description>
+ <property name="authenticationManager" ref="internalAuthenticationManager" />
+ </bean>
+</beans>
\ No newline at end of file
--- /dev/null
+argeo.node.repo.securityWorkspace=security
+
+argeo.security.defaultRole=ROLE_USER
+argeo.security.rolePrefix=ROLE_
+
+argeo.security.systemKey=argeo
+
+argeo.ldap.rootdn=dc=demo,dc=argeo,dc=org
+argeo.ldap.protocol=ldap
+argeo.ldap.host=localhost
+# default are for Apache Directory Server
+argeo.ldap.port=10389
+argeo.ldap.manager.userdn=uid=admin,ou=system
+argeo.ldap.manager.password=secret
+
+# USER
+argeo.ldap.userClass=inetOrgPerson
+argeo.ldap.osUserClass=posixAccount
+argeo.ldap.userBase=ou=People
+argeo.ldap.usernameAttribute=uid
+argeo.ldap.passwordAttribute=userPassword
+# ROLES
+argeo.ldap.groupClass=groupOfNames
+argeo.ldap.groupBase=ou=Roles
+argeo.ldap.groupRoleAttribute=cn
+argeo.ldap.groupMemberAttribute=member
+# OS GROUPS
+argeo.ldap.osGroupClass=posixGroup
+argeo.ldap.osGroupBase=ou=Group
+argeo.ldap.osGroupNameAttribute=cn
+argeo.ldap.osGroupMemberAttribute=memberUid
+
+argeo.ldap.password.useSalt=false
\ No newline at end of file
--- /dev/null
+source.. = src/main/java/
+output.. = target/classes/
+bin.includes = META-INF/,\
+ .
--- /dev/null
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.argeo.commons.security</groupId>
+ <version>0.3.4-SNAPSHOT</version>
+ <artifactId>modules</artifactId>
+ <relativePath>..</relativePath>
+ </parent>
+ <artifactId>org.argeo.security.auth</artifactId>
+ <name>Commons Security Default Authentication</name>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <configuration>
+ <instructions>
+ <Import-Package>
+ *,
+ org.argeo.jcr,
+ com.sun.jndi.ldap;resolution:=optional,
+ org.springframework.ldap.core.support,
+ org.springframework.security
+ </Import-Package>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
\ No newline at end of file