Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <ldap-server url="ldap://host/dn"
- manager-dn="cn=someuser"
- manager-password="somepass" />
- <authentication-manager>
- <ldap-authentication-provider user-search-filter="(samaccountname={0})"/>
- </authentication-manager>
- <bean id="ldapAuthProvider"
- class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
- <constructor-arg>
- <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
- <constructor-arg ref="contextSource"/>
- <property name="userDnPatterns">
- <list><value>uid={0},ou=people</value></list>
- </property>
- </bean>
- </constructor-arg>
- <constructor-arg>
- <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
- <constructor-arg ref="contextSource"/>
- <constructor-arg value="ou=groups"/>
- <property name="groupRoleAttribute" value="ou"/>
- </bean>
- </constructor-arg>
- </bean>
- <authentication-manager>
- <authentication-provider ref='ldapAuthProvider'/>
- </authentication-manager>
- <bean id="contextSource"
- class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
- <constructor-arg value="ldaps://url/dc=mock,dc=com" />
- <property name="userDn" value="cn=username,ou=People,dc=mock,dc=com" />
- <property name="password" value="password" />
- </bean>
- <bean id="ldapAuthProvider"
- class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
- <constructor-arg>
- <bean
- class="org.springframework.security.ldap.authentication.BindAuthenticator">
- <constructor-arg ref="contextSource" />
- <property name="userDnPatterns">
- <list>
- <value>uid={0},ou=People</value>
- </list>
- </property>
- </bean>
- </constructor-arg>
- <constructor-arg>
- <bean
- class="com.mock.MyCustomAuthoritiesPopulator">
- </bean>
- </constructor-arg>
- </bean>
- public class MyCustomAuthoritiesPopulator implements LdapAuthoritiesPopulator {
- public Collection<GrantedAuthority> getGrantedAuthorities(
- DirContextOperations arg0, String arg1) {
- ArrayList<GrantedAuthority> list = new ArrayList<GrantedAuthority>();
- list.add((new SimpleGrantedAuthority("ROLE_USER"));
- return list;
- }
- }
- <authentication-manager>
- <ldap-authentication-provider
- user-search-filter="sAMAccountName={0}"
- user-search-base="OU=Users"
- group-search-filter="(&(objectclass=group)(member={0}))"
- group-search-base="OU=Groups"
- user-context-mapper-ref="customUserContextMapper" />
- </authentication-manager>
- <ldap-server url="ldap://url:389/DC=mock,DC=com"
- manager-dn="manager"
- manager-password="pass" />
- public class MyCustomAuthoritiesPopulator extends
- DefaultLdapAuthoritiesPopulator {
- @Override
- protected Set<GrantedAuthority> getAdditionalRoles(
- DirContextOperations user, String username) {
- Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
- authorities.add((new SimpleGrantedAuthority("ROLE_USER"));
- return authorities;
- }
- <authentication-manager>
- <ldap-authentication-provider... />
- </authentication-manager>
- <ldap-server id="ldapServer" url="${ldap.url}" manager-dn="${ldap.manager.dn}" manager-password="${ldap.manager.password}"/>
- <authentication-manager>
- <ldap-authentication-provider user-search-filter="${ldap.userSearch.filter}" user-search-base="${ldap.searchBase}"
- group-search-base="${ldap.groupSearchBase}"/>
- </authentication-manager>
- package com.example.access.ldap;
- import java.util.Collection;
- import org.springframework.security.core.GrantedAuthority;
- import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
- import org.springframework.stereotype.Component;
- @Component
- public class UserGrantedAuthoritiesMapper implements GrantedAuthoritiesMapper{
- public Collection<? extends GrantedAuthority> mapAuthorities(final Collection<? extends GrantedAuthority> authorities) {
- ...
- return roles;
- }
- }
- package com.example.access.ldap;
- import org.springframework.beans.BeansException;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.beans.factory.config.BeanPostProcessor;
- import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
- import org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider;
- import org.springframework.stereotype.Component;
- @Component
- public class AuthenticationProviderPostProcessor implements BeanPostProcessor{
- @Autowired
- private GrantedAuthoritiesMapper grantedAuthoritiesMapper;
- @Override
- public Object postProcessBeforeInitialization(Object bean, String beanName)
- throws BeansException {
- return bean;
- }
- @Override
- public Object postProcessAfterInitialization(Object bean, String beanName)
- throws BeansException {
- if(bean != null && bean instanceof AbstractLdapAuthenticationProvider){
- setProviderAuthoritiesMapper((AbstractLdapAuthenticationProvider)bean);
- }
- return bean;
- }
- protected void setProviderAuthoritiesMapper(AbstractLdapAuthenticationProvider authenticationProvider){
- if(authenticationProvider != null){
- authenticationProvider.setAuthoritiesMapper(grantedAuthoritiesMapper);
- }
- }
- }
Add Comment
Please, Sign In to add comment