Commit 12807c1b authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette

Change location of LDAP/Kerberos java files

Changed the location of LDAP/Kerberos implementation files from
.web package to .models.util, to respect project's default organization.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <>
parent c7d58108
package br.ufpr.c3sl.sapos.models.util;
import br.ufpr.c3sl.sapos.models.util.LdapAttrProvider;
import java.util.Iterator;
import java.util.List;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.dao.DataAccessException;
// This class was implemented based on the following tutorials:
// *
public class KerberosAuthProvider implements UserDetailsService {
// Get the lists of LDAP groups that defines each authority group
// from "" file.
private List<?> authListAdministrador;
private List<?> authListFuncionario;
private List<?> authListProfessor;
private List<?> authListAluno;
private String getPersonAuth(String username) {
// Get user's LDAP groups.
// The split method is used because the username is formatted in
// Kerbero's default: "username@C3LOCAL" (krbPrincipalName)
List<?> personGroups = LdapAttrProvider.getPersonGroups(username);
// Compares all user groups against pre-determined Authorities groups
// and builds a list of user's authorities.
Iterator<?> itr = personGroups.iterator();
while (itr.hasNext()) {
Object group =;
if (authListAdministrador.contains(group)) {
return "Administrador";
if (authListFuncionario.contains(group)) {
return "Funcionario";
if (authListProfessor.contains(group)) {
return "Professor";
if (authListAluno.contains(group)) {
return "Aluno";
return null;
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
String personAuth = this.getPersonAuth(username.split("@")[0]);
// If user's authorities list is empty, returns "No Permission"
// exception
if (personAuth.isEmpty())
throw new UsernameNotFoundException("Acesso negado");
// Returns a new instance of User, containing user security details
return new User(username,"notUsed",true,true,true,true,
\ No newline at end of file
package br.ufpr.c3sl.sapos.models.util;
import java.util.List;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.LdapTemplate;
// This class was implemented based on the following tutorials:
// *
// *
public class LdapAttrProvider {
private static LdapTemplate ldapTemplate;
public void setLdapTemplate(LdapTemplate ldapTemplate) {
LdapAttrProvider.ldapTemplate = ldapTemplate;
private static AttributesMapper getLdapAttr(final String fieldName) {
return new AttributesMapper() {
public Object mapFromAttributes( arg0)
throws javax.naming.NamingException {
return arg0.get(fieldName).get();
public static List<?> getPersonGroups(String username) {
// Implements the following ldapsearch:
// ldapsearch -x -h HOST -p 389 -b BASE "memberUid=username" cn
// Where:
// -x Because it is an anonymous search (no need for an admin user)
// -h/HOST, -p/PORT and -b/BASE are defined at
// The filter is defined by ("memberUid=" + username),
// and getLdapAttr method returns only "cn" field
return"", "memberUid=" + username,
\ No newline at end of file
......@@ -96,7 +96,7 @@
<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<constructor-arg ref="ldapContextSource" />
<bean id="ldapAttrController" class="br.ufpr.c3sl.sapos.web.LdapAttrController">
<bean id="ldapAttrController" class="br.ufpr.c3sl.sapos.models.util.LdapAttrProvider">
<property name="ldapTemplate" ref="ldapTemplate" />
......@@ -117,6 +117,6 @@
<property name="debug" value="${krb.debug}" />
<property name="krbConfLocation" value="${krb.conf.location}" />
<bean id="MyUserDetailsService" class="br.ufpr.c3sl.sapos.web.KerberosAuthController" />
<bean id="MyUserDetailsService" class="br.ufpr.c3sl.sapos.models.util.KerberosAuthProvider" />
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment