Centralize authentication

git-svn-id: https://svn.argeo.org/commons/trunk@2949 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc

diff --git a/pom.xml b/pom.xml
index 1ec5d05ceba60eea5b57514422993a296cd1e339..064ddb2780b0ca07147dab111654ca68fe68ae06 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -10,6 +10,7 @@
        <properties>
                <developmentCycle>0.1</developmentCycle>
                <version.slc>0.12.1-SNAPSHOT</version.slc>
+               <version.argeo-ria>0.12.1-SNAPSHOT</version.argeo-ria>
                <version.maven-argeo-osgi>0.1.21</version.maven-argeo-osgi>
                <version.maven-bundle-plugin>2.0.0</version.maven-bundle-plugin>
                <version.maven-argeo-qooxdoo>0.8.2.1</version.maven-argeo-qooxdoo>

diff --git a/security/demo/pom.xml b/security/demo/pom.xml
index c397b63db37634eaa37db6c77a36569f320f0f46..bc19cb063f5cdb202e0ae2878ab0d680d422c488 100644 (file)
--- a/security/demo/pom.xml
+++ b/security/demo/pom.xml
@@ -38,11 +38,13 @@
                                                        org.springframework.osgi.extender,
                                                        org.springframework.osgi.web.extender,
                                                        org.argeo.dep.osgi.catalina.start,
+                                                       org.argeo.security.manager.ldap,
                                                        org.argeo.security.webapp,
+                                                       org.argeo.security.ria,
                                                        org.argeo.server.ads.server
                                                </slc.osgi.start>
                                                <slc.osgi.bundles>
-                                                       ${basedir};in=*;ex=pom.xml;ex=target;ex=.*,
+                                                       ${basedir};in=*;ex=pom.xml;ex=target;ex=.*;ex=*.ldif,
                                                        ${basedir}/../modules;in=*;ex=pom.xml;ex=target;ex=.*,
                                                        ${basedir}/../../server/modules;in=*;ex=pom.xml;ex=target;ex=.*,
                                                </slc.osgi.bundles>
@@ -58,6 +60,11 @@
                        <artifactId>org.argeo.security.mvc</artifactId>
                        <version>0.1.1-SNAPSHOT</version>
                </dependency>
+               <dependency>
+                       <groupId>org.argeo.commons.security</groupId>
+                       <artifactId>org.argeo.security.ria</artifactId>
+                       <version>0.1.1-SNAPSHOT</version>
+               </dependency>
                <dependency>
                        <groupId>org.argeo.commons.server</groupId>
                        <artifactId>org.argeo.server.json</artifactId>

diff --git a/security/modules/org.argeo.security.manager.ldap/META-INF/MANIFEST.MF b/security/modules/org.argeo.security.manager.ldap/META-INF/MANIFEST.MF
new file mode 100644 (file)
index 0000000..bfcd815
--- /dev/null
+++ b/security/modules/org.argeo.security.manager.ldap/META-INF/MANIFEST.MF
@@ -0,0 +1,10 @@
+Bundle-SymbolicName: org.argeo.security.manager.ldap
+Bundle-Version: 0.1.1.SNAPSHOT
+Import-Package: org.springframework.security.ldap,
+ org.springframework.security.providers,
+ org.springframework.security.providers.ldap,
+ org.springframework.security.providers.ldap.authenticator,
+ org.springframework.security.ldap.populator,
+ org.springframework.security.userdetails.ldap,
+ org.springframework.security,
+ org.springframework.ldap.core.support

diff --git a/security/modules/org.argeo.security.manager.ldap/META-INF/spring/ldap.xml b/security/modules/org.argeo.security.manager.ldap/META-INF/spring/ldap.xml
new file mode 100644 (file)
index 0000000..49a2c93
--- /dev/null
+++ b/security/modules/org.argeo.security.manager.ldap/META-INF/spring/ldap.xml
@@ -0,0 +1,62 @@
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:security="http://www.springframework.org/schema/security"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
+
+
+       <bean id="_authenticationManager" class="org.springframework.security.providers.ProviderManager">
+               <property name="providers">
+                       <list>
+                               <ref bean="authenticationProvider" />
+                       </list>
+               </property>
+       </bean>
+
+       <!--
+               <security:ldap-server
+               url="ldap://localhost:10389/dc=demo,dc=argeo,dc=org"
+               manager-dn="uid=admin,ou=system" manager-password="secret" />
+
+               <security:ldap-authentication-provider
+               user-details-class="inetOrgPerson" user-dn-pattern="uid={0},ou=users"
+               group-search-base="ou=groups"> <security:password-compare hash="{sha}"
+               /> </security:ldap-authentication-provider>
+       -->
+
+       <bean id="contextSource"
+               class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
+               <constructor-arg value="ldap://localhost:10389/dc=demo,dc=argeo,dc=org" />
+               <property name="userDn" value="uid=admin,ou=system" />
+               <property name="password" value="secret" />
+       </bean>
+
+       <bean id="authenticationProvider"
+               class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
+               <constructor-arg>
+                       <bean
+                               class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator">
+                               <constructor-arg ref="contextSource" />
+                               <property name="userDnPatterns">
+                                       <list>
+                                               <value>uid={0},ou=users</value>
+                                       </list>
+                               </property>
+                               <property name="passwordEncoder">
+                                       <bean
+                                               class="org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder"></bean>
+                               </property>
+                       </bean>
+               </constructor-arg>
+               <constructor-arg>
+                       <bean
+                               class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
+                               <constructor-arg ref="contextSource" />
+                               <constructor-arg value="ou=groups" />
+                               <!-- <property name="defaultRole" value="ROLE_USER" /> -->
+                               <property name="groupSearchFilter" value="uniqueMember={0}" />
+                       </bean>
+               </constructor-arg>
+       </bean>
+
+</beans>

diff --git a/security/modules/org.argeo.security.manager.ldap/META-INF/spring/osgi.xml b/security/modules/org.argeo.security.manager.ldap/META-INF/spring/osgi.xml
new file mode 100644 (file)
index 0000000..c99e04d
--- /dev/null
+++ b/security/modules/org.argeo.security.manager.ldap/META-INF/spring/osgi.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>\r
+<beans:beans xmlns="http://www.springframework.org/schema/osgi"\r
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"\r
+       xsi:schemaLocation="http://www.springframework.org/schema/osgi  \r
+       http://www.springframework.org/schema/osgi/spring-osgi-1.1.xsd\r
+       http://www.springframework.org/schema/beans   \r
+       http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">\r
+\r
+       <service ref="_authenticationManager"\r
+               interface="org.springframework.security.AuthenticationManager" />\r
+       <!-- <service ref="authenticationProvider"\r
+               interface="org.springframework.security.providers.AuthenticationProvider" /> -->\r
+</beans:beans>
\ No newline at end of file

diff --git a/security/modules/org.argeo.security.webapp/META-INF/MANIFEST.MF b/security/modules/org.argeo.security.webapp/META-INF/MANIFEST.MF
index 124179eb3ea50c6582dc84a689b4a71e20e92145..f52b69aa29085a7a62fa630aff494ecddba2cd4a 100644 (file)
--- a/security/modules/org.argeo.security.webapp/META-INF/MANIFEST.MF
+++ b/security/modules/org.argeo.security.webapp/META-INF/MANIFEST.MF
@@ -6,16 +6,10 @@ Import-Package: javax.servlet,
  javax.servlet.resources,
  org.argeo.security.mvc,
  org.argeo.server.json.mvc,
+ org.springframework.ldap.core.support,
  org.springframework.osgi.web.context.support,
- org.springframework.security.userdetails.memory,
+ org.springframework.security,
  org.springframework.web.context,
  org.springframework.web.context.support,
  org.springframework.web.filter,
- org.springframework.web.servlet,
- org.springframework.security.ldap,
- org.springframework.security.providers.ldap,
- org.springframework.security.providers.ldap.authenticator,
- org.springframework.security.ldap.populator,
- org.springframework.security.userdetails.ldap,
- org.springframework.security,
- org.springframework.ldap.core.support
+ org.springframework.web.servlet

diff --git a/security/modules/org.argeo.security.webapp/WEB-INF/applicationContext.xml b/security/modules/org.argeo.security.webapp/WEB-INF/applicationContext.xml
index 7d0e6beb075ba26b5685a88d1cbf6f70506f654b..ee1621d6128adf03dd9eae220f118ac60bbbc608 100644 (file)
--- a/security/modules/org.argeo.security.webapp/WEB-INF/applicationContext.xml
+++ b/security/modules/org.argeo.security.webapp/WEB-INF/applicationContext.xml
@@ -7,12 +7,7 @@
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd">
 
-       <!--
-               <import resource="classpath:/org/argeo/slc/server/spring/jmx.xml" />
-       -->
        <import resource="security.xml" />
-       <import resource="ldap.xml" />
-
        <import resource="osgi.xml" />
 
        <!--  Properties -->

diff --git a/security/modules/org.argeo.security.webapp/WEB-INF/ldap.xml b/security/modules/org.argeo.security.webapp/WEB-INF/ldap.xml
deleted file mode 100644 (file)
index 7e2cac4..0000000
--- a/security/modules/org.argeo.security.webapp/WEB-INF/ldap.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:security="http://www.springframework.org/schema/security"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
-              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
-
-       <security:ldap-server url="ldap://localhost:10389/dc=demo,dc=argeo,dc=org"
-               manager-dn="uid=admin,ou=system" manager-password="secret" />
-
-       <security:ldap-authentication-provider
-               user-details-class="inetOrgPerson" user-dn-pattern="uid={0},ou=users"
-               group-search-base="ou=groups">
-               <security:password-compare hash="{sha}" />
-       </security:ldap-authentication-provider>
-
-       <!--
-               <bean id="contextSource"
-               class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
-               <constructor-arg value="ldap://localhost:389/dc=argeo,dc=org" />
-               <property name="userDn" value="cn=Manager,dc=argeo,dc=org" />
-               <property name="password" value="secret" /> </bean> <bean
-               id="ldapAuthProvider"
-               class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
-               <constructor-arg> <bean
-               class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator">
-               <constructor-arg ref="contextSource" /> <property
-               name="userDnPatterns"> <list> <value>uid={0},ou=users</value> </list>
-               </property> <property name="passwordEncoder"> <bean
-               class="org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder"></bean>
-               </property> </bean> </constructor-arg> <constructor-arg> <bean
-               class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
-               <constructor-arg ref="contextSource" /> <constructor-arg
-               value="ou=groups" /> <property name="groupRoleAttribute" value="ou" />
-               </bean> </constructor-arg> </bean>
-       -->
-</beans>

diff --git a/security/modules/org.argeo.security.webapp/WEB-INF/osgi.xml b/security/modules/org.argeo.security.webapp/WEB-INF/osgi.xml
index 1b46c0eb450924143bb1db118f38f9b8873f82eb..bb572269187540a6bc4c63c2bdcfdc474432d06d 100644 (file)
--- a/security/modules/org.argeo.security.webapp/WEB-INF/osgi.xml
+++ b/security/modules/org.argeo.security.webapp/WEB-INF/osgi.xml
@@ -6,4 +6,6 @@
        http://www.springframework.org/schema/beans   \r
        http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">\r
 \r
+       <reference id="_authenticationManager"\r
+               interface="org.springframework.security.AuthenticationManager" />\r
 </beans:beans>
\ No newline at end of file

diff --git a/security/modules/org.argeo.security.webapp/WEB-INF/security.xml b/security/modules/org.argeo.security.webapp/WEB-INF/security.xml
index 8e5fd435625c1cd95aedf716c7c28d4a0d62b861..7b9bc9d80ce096952143ad1aa998ce7989a146e3 100644 (file)
--- a/security/modules/org.argeo.security.webapp/WEB-INF/security.xml
+++ b/security/modules/org.argeo.security.webapp/WEB-INF/security.xml
@@ -3,7 +3,7 @@
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
 
-       <http realm="User Interface" >
+       <http realm="User Interface">
                <intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN" />
                <http-basic />
                <anonymous />

diff --git a/security/runtime/org.argeo.security.ria/pom.xml b/security/runtime/org.argeo.security.ria/pom.xml
index 95aee7c06c950c0fc2836153d978530a38b2064b..b224bc2d29de5907f9dc448558891108f1aabad1 100644 (file)
--- a/security/runtime/org.argeo.security.ria/pom.xml
+++ b/security/runtime/org.argeo.security.ria/pom.xml
@@ -116,7 +116,8 @@
                                                        org.springframework.web.context,
                                                        org.springframework.osgi.web.context.support,
                                                        org.springframework.web.filter,
-                                                       org.springframework.security.context
+                                                       org.springframework.ldap.core.support,
+                                                       org.springframework.security
                                                </Import-Package>
                                                <Web-ContextPath>org.argeo.security.ria</Web-ContextPath>
                                        </instructions>

diff --git a/security/runtime/org.argeo.security.ria/src/WEB-INF/applicationContext.xml b/security/runtime/org.argeo.security.ria/src/WEB-INF/applicationContext.xml
index 415bdc304bd95867fdde1cadf61aa1dd9a99401d..2b8a2e744dfe8be52ac33cdd073ba2f064dc6fa0 100644 (file)
--- a/security/runtime/org.argeo.security.ria/src/WEB-INF/applicationContext.xml
+++ b/security/runtime/org.argeo.security.ria/src/WEB-INF/applicationContext.xml
@@ -7,6 +7,7 @@
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd">
 
+       <import resource="osgi.xml" />
        <import resource="security.xml" />
 
 </beans>
\ No newline at end of file

diff --git a/security/runtime/org.argeo.security.ria/src/WEB-INF/osgi.xml b/security/runtime/org.argeo.security.ria/src/WEB-INF/osgi.xml
new file mode 100644 (file)
index 0000000..d344cc8
--- /dev/null
+++ b/security/runtime/org.argeo.security.ria/src/WEB-INF/osgi.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>\r
+<beans:beans xmlns="http://www.springframework.org/schema/osgi"\r
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"\r
+       xmlns:security="http://www.springframework.org/schema/security"\r
+       xsi:schemaLocation="http://www.springframework.org/schema/osgi  \r
+       http://www.springframework.org/schema/osgi/spring-osgi-1.1.xsd\r
+       http://www.springframework.org/schema/beans   \r
+       http://www.springframework.org/schema/beans/spring-beans-2.5.xsd\r
+       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">\r
+\r
+       <reference id="_authenticationManager"\r
+               interface="org.springframework.security.AuthenticationManager" />\r
+</beans:beans>
\ No newline at end of file

diff --git a/security/runtime/org.argeo.security.ria/src/WEB-INF/security.xml b/security/runtime/org.argeo.security.ria/src/WEB-INF/security.xml
index ed0f29bc32e631ea051e4630232821c4091763a8..883c65553591c33f5535752b078324b5f521c708 100644 (file)
--- a/security/runtime/org.argeo.security.ria/src/WEB-INF/security.xml
+++ b/security/runtime/org.argeo.security.ria/src/WEB-INF/security.xml
@@ -3,15 +3,9 @@
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
 
-       <http realm="User Interface">
-               <intercept-url pattern="/**" access="ROLE_ANONYMOUS" />
+       <http realm="User Interface" >
+               <intercept-url pattern="/**" access="ROLE_USER" />
                <http-basic />
        </http>
-       <authentication-provider>
-               <user-service>
-                       <user name="test" password="test" authorities="ROLE_USER" />
-                       <user name="demo" password="demo" authorities="ROLE_USER" />
-               </user-service>
-       </authentication-provider>
 
 </beans:beans>