From eb1255435a5afaf329a781ff4041391c71275537 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Thu, 17 Sep 2009 09:37:46 +0000
Subject: [PATCH] Integration of LDAP in Spring Security with embedded Java DS
 server

git-svn-id: https://svn.argeo.org/commons/trunk@2946 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 security/demo/init.ldif                       | 69 +++++++++++++++++++
 security/demo/pom.xml                         | 13 +++-
 .../WEB-INF/ldap.xml                          | 59 +++++++---------
 .../WEB-INF/security.xml                      | 14 +---
 .../runtime/org.argeo.security.core/pom.xml   |  2 +-
 .../META-INF/spring/ads.xml                   |  4 +-
 6 files changed, 109 insertions(+), 52 deletions(-)
 create mode 100644 security/demo/init.ldif

diff --git a/security/demo/init.ldif b/security/demo/init.ldif
new file mode 100644
index 000000000..2a566f3d9
--- /dev/null
+++ b/security/demo/init.ldif
@@ -0,0 +1,69 @@
+dn: dc=demo,dc=argeo,dc=org
+objectClass: domain
+objectClass: extensibleObject
+objectClass: top
+dc: springsecurity
+
+dn: ou=groups,dc=demo,dc=argeo,dc=org
+objectClass: organizationalUnit
+objectClass: top
+ou: groups
+
+dn: ou=users,dc=demo,dc=argeo,dc=org
+objectClass: organizationalUnit
+objectClass: top
+ou: users
+
+dn: uid=demo,ou=users,dc=demo,dc=argeo,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: top
+cn: demo User
+description: Demo user
+givenname: Demo
+mail: demo@localhost
+sn: User
+uid: demo
+userpassword:: e1NIQX1pZVNWNTVRYytlUU9hWURSU2hhL0Fqek5USkU9
+
+dn: uid=frodo,ou=users,dc=demo,dc=argeo,dc=org
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: top
+cn: demo User
+description: Heroe
+givenname: Frodo
+mail: frodo@localhost
+sn: User
+uid: frodo
+userpassword:: e1NIQX1pZVNWNTVRYytlUU9hWURSU2hhL0Fqek5USkU9
+
+dn: uid=gandalf,ou=users,dc=demo,dc=argeo,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: top
+cn: root User
+description: Superuser
+givenname: Gandalf
+mail: admin@localhost
+sn: User
+uid: gandalf
+userpassword:: e1NIQX1pZVNWNTVRYytlUU9hWURSU2hhL0Fqek5USkU9
+
+dn: cn=admin,ou=groups,dc=demo,dc=argeo,dc=org
+objectClass: groupOfUniqueNames
+objectClass: top
+cn: admin
+uniquemember: uid=gandalf,ou=users,dc=demo,dc=argeo,dc=org
+
+dn: cn=user,ou=groups,dc=demo,dc=argeo,dc=org
+objectClass: groupOfUniqueNames
+objectClass: top
+cn: user
+uniquemember: uid=gandalf,ou=users,dc=demo,dc=argeo,dc=org
+uniquemember: uid=demo,ou=users,dc=demo,dc=argeo,dc=org
+uniquemember: uid=frodo,ou=users,dc=demo,dc=argeo,dc=org
+
diff --git a/security/demo/pom.xml b/security/demo/pom.xml
index 404eb18b8..c397b63db 100644
--- a/security/demo/pom.xml
+++ b/security/demo/pom.xml
@@ -38,7 +38,8 @@
 							org.springframework.osgi.extender,
 							org.springframework.osgi.web.extender,
 							org.argeo.dep.osgi.catalina.start,
-							org.argeo.security.webapp
+							org.argeo.security.webapp,
+							org.argeo.server.ads.server
 						</slc.osgi.start>
 						<slc.osgi.bundles>
 							${basedir};in=*;ex=pom.xml;ex=target;ex=.*,
@@ -202,6 +203,16 @@
 			<artifactId>com.springsource.org.apache.directory.server.core</artifactId>
 			<version>1.0.2</version>
 		</dependency>
+		<dependency>
+			<groupId>org.argeo.dep.osgi</groupId>
+			<artifactId>org.argeo.dep.osgi.directory.shared.asn.codec</artifactId>
+			<version>0.9.5.5.0001</version>
+		</dependency>
+		<dependency>
+			<groupId>org.argeo.dep.osgi</groupId>
+			<artifactId>org.argeo.dep.osgi.mina.filter.ssl</artifactId>
+			<version>1.0.2.0001</version>
+		</dependency>
 		<dependency>
 			<groupId>org.apache.directory</groupId>
 			<artifactId>com.springsource.org.apache.directory.server.jndi</artifactId>
diff --git a/security/modules/org.argeo.security.webapp/WEB-INF/ldap.xml b/security/modules/org.argeo.security.webapp/WEB-INF/ldap.xml
index eab6c3a0f..7e2cac430 100644
--- a/security/modules/org.argeo.security.webapp/WEB-INF/ldap.xml
+++ b/security/modules/org.argeo.security.webapp/WEB-INF/ldap.xml
@@ -3,47 +3,34 @@
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
-	<security:ldap-server url="ldap://localhost:389/dc=argeo,dc=org"
-		manager-dn="cn=Manager,dc=argeo,dc=org" manager-password="secret" />
+
+	<security:ldap-server url="ldap://localhost:10389/dc=demo,dc=argeo,dc=org"
+		manager-dn="uid=admin,ou=system" manager-password="secret" />
+
 	<security:ldap-authentication-provider
-		user-dn-pattern="uid={0},ou=users" group-search-base="ou=groups">
+		user-details-class="inetOrgPerson" user-dn-pattern="uid={0},ou=users"
+		group-search-base="ou=groups">
 		<security:password-compare hash="{sha}" />
 	</security:ldap-authentication-provider>
-  
-  <!-- 
-	<bean id="contextSource"
+
+	<!--
+		<bean id="contextSource"
 		class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
 		<constructor-arg value="ldap://localhost:389/dc=argeo,dc=org" />
 		<property name="userDn" value="cn=Manager,dc=argeo,dc=org" />
-		<property name="password" value="secret" />
-	</bean>
-	
-	<bean id="ldapAuthProvider"
+		<property name="password" value="secret" /> </bean> <bean
+		id="ldapAuthProvider"
 		class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
-		<constructor-arg>
-			<bean
-				class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator">
-				<constructor-arg ref="contextSource" />
-				<property name="userDnPatterns">
-					<list>
-						<value>uid={0},ou=users</value>
-					</list>
-				</property>
-				<property name="passwordEncoder">
-					<bean
-						class="org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder"></bean>
-				</property>
-			</bean>
-		</constructor-arg>
-		<constructor-arg>
-			<bean
-				class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
-				<constructor-arg ref="contextSource" />
-				<constructor-arg value="ou=groups" />
-				<property name="groupRoleAttribute" value="ou" />
-			</bean>
-		</constructor-arg>
-	</bean>
-	
-	 -->
+		<constructor-arg> <bean
+		class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator">
+		<constructor-arg ref="contextSource" /> <property
+		name="userDnPatterns"> <list> <value>uid={0},ou=users</value> </list>
+		</property> <property name="passwordEncoder"> <bean
+		class="org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder"></bean>
+		</property> </bean> </constructor-arg> <constructor-arg> <bean
+		class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
+		<constructor-arg ref="contextSource" /> <constructor-arg
+		value="ou=groups" /> <property name="groupRoleAttribute" value="ou" />
+		</bean> </constructor-arg> </bean>
+	-->
 </beans>
diff --git a/security/modules/org.argeo.security.webapp/WEB-INF/security.xml b/security/modules/org.argeo.security.webapp/WEB-INF/security.xml
index 81595ee9b..8e5fd4356 100644
--- a/security/modules/org.argeo.security.webapp/WEB-INF/security.xml
+++ b/security/modules/org.argeo.security.webapp/WEB-INF/security.xml
@@ -4,19 +4,9 @@
               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
 
 	<http realm="User Interface" >
-		<intercept-url pattern="/**" access="ROLE_REGISTEREDUSERS,ROLE_USER,ROLE_ADMIN" />
+		<intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN" />
 		<http-basic />
 		<anonymous />
 	</http>
-	
-<!-- 
-	<authentication-provider>
-		<user-service>
-			<user name="mbaudier" password="mbaudier" authorities="ROLE_USER,ROLE_ADMIN" />
-			<user name="cdujeu" password="cdujeu" authorities="ROLE_USER" />
-			<user name="test" password="test" authorities="ROLE_USER" />
-			<user name="demo" password="demo" authorities="ROLE_USER" />
-		</user-service>
-	</authentication-provider>
- -->
+
 </beans:beans>
diff --git a/security/runtime/org.argeo.security.core/pom.xml b/security/runtime/org.argeo.security.core/pom.xml
index 0b103ee23..753d5d711 100644
--- a/security/runtime/org.argeo.security.core/pom.xml
+++ b/security/runtime/org.argeo.security.core/pom.xml
@@ -42,7 +42,7 @@
 		<dependency>
 			<groupId>org.argeo.dep.osgi</groupId>
 			<artifactId>org.argeo.dep.osgi.springframework.ldap</artifactId>
-			<version>1.3.0.0003-SNAPSHOT</version>
+			<version>1.3.0.0003</version>
 		</dependency>
 
 		<!-- Security -->
diff --git a/server/modules/org.argeo.server.ads.server/META-INF/spring/ads.xml b/server/modules/org.argeo.server.ads.server/META-INF/spring/ads.xml
index 7c47ba429..593234f1b 100644
--- a/server/modules/org.argeo.server.ads.server/META-INF/spring/ads.xml
+++ b/server/modules/org.argeo.server.ads.server/META-INF/spring/ads.xml
@@ -3,7 +3,7 @@
 	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
 
-	<!-- <ldap-server ldif="classpath:base.ldif" /> -->
-	<ldap-server root="dc=argeo,dc=org" port="10389"/>
+	<ldap-server root="dc=demo,dc=argeo,dc=org" port="10389"
+		ldif="file:init.ldif" />
 
 </beans:beans>
-- 
2.30.2