Commit 57227794 authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette

Change location of LDAP/Kerberos java files

Changed the location of LDAP/Kerberos implementation files from
.web package to .models.util, to respect project's default organization.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
parent c7d58108
package br.ufpr.c3sl.sapos.models.util;
import br.ufpr.c3sl.sapos.models.util.LdapAttrProvider;
import java.util.Iterator;
import java.util.List;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
// This class was implemented based on the following tutorials:
// * https://github.com/spring-projects/spring-security-kerberos
public class KerberosAuthProvider implements UserDetailsService {
// Get the lists of LDAP groups that defines each authority group
// from "authorities.properties" file.
@Value("#{'${authorities.administrador}'.split(',')}")
private List<?> authListAdministrador;
@Value("#{'${authorities.funcionario}'.split(',')}")
private List<?> authListFuncionario;
@Value("#{'${authorities.professor}'.split(',')}")
private List<?> authListProfessor;
@Value("#{'${authorities.aluno}'.split(',')}")
private List<?> authListAluno;
private String getPersonAuth(String username) {
// Get user's LDAP groups.
// The split method is used because the username is formatted in
// Kerbero's default: "username@C3LOCAL" (krbPrincipalName)
List<?> personGroups = LdapAttrProvider.getPersonGroups(username);
// Compares all user groups against pre-determined Authorities groups
// and builds a list of user's authorities.
Iterator<?> itr = personGroups.iterator();
while (itr.hasNext()) {
Object group = itr.next();
if (authListAdministrador.contains(group)) {
return "Administrador";
}
if (authListFuncionario.contains(group)) {
return "Funcionario";
}
if (authListProfessor.contains(group)) {
return "Professor";
}
if (authListAluno.contains(group)) {
return "Aluno";
}
}
return null;
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
String personAuth = this.getPersonAuth(username.split("@")[0]);
// If user's authorities list is empty, returns "No Permission"
// exception
if (personAuth.isEmpty())
throw new UsernameNotFoundException("Acesso negado");
// Returns a new instance of User, containing user security details
return new User(username,"notUsed",true,true,true,true,
AuthorityUtils.createAuthorityList(personAuth));
}
}
\ No newline at end of file
package br.ufpr.c3sl.sapos.models.util;
import java.util.List;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.LdapTemplate;
// This class was implemented based on the following tutorials:
// * http://docs.spring.io/spring-ldap/docs/1.3.x/reference/html/introduction.html
// * http://www.programcreek.com/2009/08/how-to-connect-ldap-server-using-spring-ldap-framework/
public class LdapAttrProvider {
private static LdapTemplate ldapTemplate;
public void setLdapTemplate(LdapTemplate ldapTemplate) {
LdapAttrProvider.ldapTemplate = ldapTemplate;
}
private static AttributesMapper getLdapAttr(final String fieldName) {
return new AttributesMapper() {
@Override
public Object mapFromAttributes(
javax.naming.directory.Attributes arg0)
throws javax.naming.NamingException {
return arg0.get(fieldName).get();
}
};
}
public static List<?> getPersonGroups(String username) {
// Implements the following ldapsearch:
// ldapsearch -x -h HOST -p 389 -b BASE "memberUid=username" cn
// Where:
// -x Because it is an anonymous search (no need for an admin user)
// -h/HOST, -p/PORT and -b/BASE are defined at ldap.properties
// The filter is defined by ("memberUid=" + username),
// and getLdapAttr method returns only "cn" field
return ldapTemplate.search("", "memberUid=" + username,
getLdapAttr("cn"));
}
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment