Commit 1d0e116f authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette

Change location of LDAP/Kerberos java files

Changed the location of LDAP/Kerberos implementation files from
.web package to .models.util, to respect project's default organization.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
parent 12807c1b
package br.ufpr.c3sl.sapos.web;
import br.ufpr.c3sl.sapos.web.LdapAttrController;
import java.util.Iterator;
import java.util.List;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
// This class was implemented based on the following tutorials:
// * https://github.com/spring-projects/spring-security-kerberos
public class KerberosAuthController implements UserDetailsService {
// Get the lists of LDAP groups that defines each authority group
// from "authorities.properties" file.
@Value("#{'${authorities.administrador}'.split(',')}")
private List<?> authListAdministrador;
@Value("#{'${authorities.funcionario}'.split(',')}")
private List<?> authListFuncionario;
@Value("#{'${authorities.professor}'.split(',')}")
private List<?> authListProfessor;
@Value("#{'${authorities.aluno}'.split(',')}")
private List<?> authListAluno;
private String getPersonAuth(String username) {
// Get user's LDAP groups.
// The split method is used because the username is formatted in
// Kerbero's default: "username@C3LOCAL" (krbPrincipalName)
List<?> personGroups = LdapAttrController.getPersonGroups(username);
// Compares all user groups against pre-determined Authorities groups
// and builds a list of user's authorities.
Iterator<?> itr = personGroups.iterator();
while (itr.hasNext()) {
Object group = itr.next();
if (authListAdministrador.contains(group)) {
return "Administrador";
}
if (authListFuncionario.contains(group)) {
return "Funcionario";
}
if (authListProfessor.contains(group)) {
return "Professor";
}
if (authListAluno.contains(group)) {
return "Aluno";
}
}
return null;
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
String personAuth = this.getPersonAuth(username.split("@")[0]);
// If user's authorities list is empty, returns "No Permission"
// exception
if (personAuth.isEmpty())
throw new UsernameNotFoundException("Acesso negado");
// Returns a new instance of User, containing user security details
return new User(username,"notUsed",true,true,true,true,
AuthorityUtils.createAuthorityList(personAuth));
}
}
\ No newline at end of file
package br.ufpr.c3sl.sapos.web;
import java.util.List;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.LdapTemplate;
// This class was implemented based on the following tutorials:
// * http://docs.spring.io/spring-ldap/docs/1.3.x/reference/html/introduction.html
// * http://www.programcreek.com/2009/08/how-to-connect-ldap-server-using-spring-ldap-framework/
public class LdapAttrController {
private static LdapTemplate ldapTemplate;
public void setLdapTemplate(LdapTemplate ldapTemplate) {
LdapAttrController.ldapTemplate = ldapTemplate;
}
private static AttributesMapper getLdapAttr(final String fieldName) {
return new AttributesMapper() {
@Override
public Object mapFromAttributes(
javax.naming.directory.Attributes arg0)
throws javax.naming.NamingException {
return arg0.get(fieldName).get();
}
};
}
public static List<?> getPersonGroups(String username) {
// Implements the following ldapsearch:
// ldapsearch -x -h HOST -p 389 -b BASE "memberUid=username" cn
// Where:
// -x Because it is an anonymous search (no need for an admin user)
// -h/HOST, -p/PORT and -b/BASE are defined at ldap.properties
// The filter is defined by ("memberUid=" + username),
// and getLdapAttr method returns only "cn" field
return ldapTemplate.search("", "memberUid=" + username,
getLdapAttr("cn"));
}
}
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context" xmlns:jee="http://www.springframework.org/schema/jee" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
<!--
This will automatically locate any and all property files you have
within your classpath, provided they fall under the META-INF/spring
......@@ -61,19 +71,52 @@
<property name="dataSource" ref="dataSource"/>
</bean>
<context:annotation-config/>
<bean class="org.springframework.mail.javamail.JavaMailSenderImpl" id="mailSender">
<property name="host" value="${email.host}"/>
<property name="protocol" value="${email.protocol}"/>
<property name="port" value="${email.port}"/>
<property name="username" value="${email.username}"/>
<property name="password" value="${email.password}"/>
<property name="javaMailProperties">
<props>
<prop key="mail.smtp.auth">true</prop>
<prop key="mail.smtp.starttls.enable">true</prop>
</props>
</property>
</bean>
</beans>
<bean class="org.springframework.mail.javamail.JavaMailSenderImpl"
id="mailSender">
<property name="host" value="${email.host}" />
<property name="protocol" value="${email.protocol}" />
<property name="port" value="${email.port}" />
<property name="username" value="${email.username}" />
<property name="password" value="${email.password}" />
<property name="javaMailProperties">
<props>
<prop key="mail.smtp.auth">true</prop>
<prop key="mail.smtp.starttls.enable">true</prop>
</props>
</property>
</bean>
<!-- These beans configure LDAP as the User's attributes server-->
<bean id="ldapContextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="${ldap.server}" />
<property name="base" value="${ldap.base}" />
</bean>
<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<constructor-arg ref="ldapContextSource" />
</bean>
<bean id="ldapAttrController" class="br.ufpr.c3sl.sapos.models.util.LdapAttrProvider">
<property name="ldapTemplate" ref="ldapTemplate" />
</bean>
<!-- These beans configure Kerberos as the Authentication method -->
<bean id="kerberosAuthenticationProvider"
class="org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider">
<property name="kerberosClient">
<bean
class="org.springframework.security.extensions.kerberos.SunJaasKerberosClient">
<property name="debug" value="${krb.debug}" />
</bean>
</property>
<property name="userDetailsService" ref="MyUserDetailsService" />
</bean>
<bean
class="org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig">
<property name="debug" value="${krb.debug}" />
<property name="krbConfLocation" value="${krb.conf.location}" />
</bean>
<bean id="MyUserDetailsService" class="br.ufpr.c3sl.sapos.models.util.KerberosAuthProvider" />
</beans>
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment