Search in sources :

Example 1 with KerberosTicketValidation

use of org.springframework.security.kerberos.authentication.KerberosTicketValidation in project opennms by OpenNMS.

the class KerberosServiceLdapAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    KerberosServiceRequestToken auth = (KerberosServiceRequestToken) authentication;
    byte[] token = auth.getToken();
    LOG.debug("Try to validate Kerberos Token");
    KerberosTicketValidation ticketValidation = m_kerberosTicketValidator.validateTicket(token);
    LOG.debug("Succesfully validated " + ticketValidation.username());
    /*
         * The incoming username will be in the form of a Kerberos user principal name,
         * e.g. user@EXAMPLE.ORG. We typically need to strip off the realm name before
         * doing any LDAP operations with the username.
         */
    String validatedUsername = trimRealmFromUsername(ticketValidation.username());
    DirContextOperations ldapUserEntry = m_ldapUserSearch.searchForUser(validatedUsername);
    Collection<? extends GrantedAuthority> grantedAuthorities = m_ldapAuthoritiesPopulator.getGrantedAuthorities(ldapUserEntry, validatedUsername);
    UserDetails userDetails = new User(validatedUsername, "notUsed", true, true, true, true, grantedAuthorities);
    m_userDetailsChecker.check(userDetails);
    additionalAuthenticationChecks(userDetails, auth);
    KerberosServiceRequestToken responseAuth = new KerberosServiceRequestToken(userDetails, ticketValidation, userDetails.getAuthorities(), token);
    return responseAuth;
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) User(org.springframework.security.core.userdetails.User) DirContextOperations(org.springframework.ldap.core.DirContextOperations) KerberosTicketValidation(org.springframework.security.kerberos.authentication.KerberosTicketValidation) KerberosServiceRequestToken(org.springframework.security.kerberos.authentication.KerberosServiceRequestToken)

Aggregations

DirContextOperations (org.springframework.ldap.core.DirContextOperations)1 User (org.springframework.security.core.userdetails.User)1 UserDetails (org.springframework.security.core.userdetails.UserDetails)1 KerberosServiceRequestToken (org.springframework.security.kerberos.authentication.KerberosServiceRequestToken)1 KerberosTicketValidation (org.springframework.security.kerberos.authentication.KerberosTicketValidation)1