use of org.springframework.security.ldap.authentication.BindAuthenticator in project incubator-atlas by apache.
the class AtlasLdapAuthenticationProvider method getBindAuthenticator.
private BindAuthenticator getBindAuthenticator(FilterBasedLdapUserSearch userSearch, LdapContextSource ldapContextSource) throws Exception {
BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
bindAuthenticator.setUserSearch(userSearch);
String[] userDnPatterns = new String[] { ldapUserDNPattern };
bindAuthenticator.setUserDnPatterns(userDnPatterns);
bindAuthenticator.afterPropertiesSet();
return bindAuthenticator;
}
use of org.springframework.security.ldap.authentication.BindAuthenticator in project incubator-atlas by apache.
the class AtlasLdapAuthenticationProvider method getLdapBindAuthentication.
private Authentication getLdapBindAuthentication(Authentication authentication) {
try {
if (isDebugEnabled) {
LOG.debug("==> AtlasLdapAuthenticationProvider getLdapBindAuthentication");
}
String userName = authentication.getName();
String userPassword = "";
if (authentication.getCredentials() != null) {
userPassword = authentication.getCredentials().toString();
}
LdapContextSource ldapContextSource = getLdapContextSource();
DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = getDefaultLdapAuthoritiesPopulator(ldapContextSource);
if (ldapUserSearchFilter == null || ldapUserSearchFilter.trim().isEmpty()) {
ldapUserSearchFilter = "(uid={0})";
}
FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(ldapBase, ldapUserSearchFilter, ldapContextSource);
userSearch.setSearchSubtree(true);
BindAuthenticator bindAuthenticator = getBindAuthenticator(userSearch, ldapContextSource);
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, defaultLdapAuthoritiesPopulator);
if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
final List<GrantedAuthority> grantedAuths = getAuthorities(userName);
final UserDetails principal = new User(userName, userPassword, grantedAuths);
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
if (groupsFromUGI) {
authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
}
return authentication;
} else {
LOG.error("LDAP Authentication::userName or userPassword is null or empty for userName " + userName);
}
} catch (Exception e) {
LOG.error(" getLdapBindAuthentication LDAP Authentication Failed:", e);
}
if (isDebugEnabled) {
LOG.debug("<== AtlasLdapAuthenticationProvider getLdapBindAuthentication");
}
return authentication;
}
use of org.springframework.security.ldap.authentication.BindAuthenticator in project ranger by apache.
the class RangerAuthenticationProvider method getLdapAuthentication.
private Authentication getLdapAuthentication(Authentication authentication) {
try {
// getting ldap settings
String rangerLdapURL = PropertiesUtil.getProperty("ranger.ldap.url", "");
String rangerLdapUserDNPattern = PropertiesUtil.getProperty("ranger.ldap.user.dnpattern", "");
String rangerLdapGroupSearchBase = PropertiesUtil.getProperty("ranger.ldap.group.searchbase", "");
String rangerLdapGroupSearchFilter = PropertiesUtil.getProperty("ranger.ldap.group.searchfilter", "");
String rangerLdapGroupRoleAttribute = PropertiesUtil.getProperty("ranger.ldap.group.roleattribute", "");
String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
boolean rangerIsStartTlsEnabled = Boolean.valueOf(PropertiesUtil.getProperty("ranger.ldap.starttls", "false"));
// taking the user-name and password from the authentication
// object.
String userName = authentication.getName();
String userPassword = "";
if (authentication.getCredentials() != null) {
userPassword = authentication.getCredentials().toString();
}
// populating LDAP context source with LDAP URL and user-DN-pattern
LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(rangerLdapURL);
if (rangerIsStartTlsEnabled) {
ldapContextSource.setPooled(false);
ldapContextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
}
ldapContextSource.setCacheEnvironmentProperties(false);
ldapContextSource.setAnonymousReadOnly(true);
// Creating BindAuthenticator using Ldap Context Source.
BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
// String[] userDnPatterns = new String[] { rangerLdapUserDNPattern };
String[] userDnPatterns = rangerLdapUserDNPattern.split(";");
bindAuthenticator.setUserDnPatterns(userDnPatterns);
LdapAuthenticationProvider ldapAuthenticationProvider = null;
if (!StringUtil.isEmpty(rangerLdapGroupSearchBase) && !StringUtil.isEmpty(rangerLdapGroupSearchFilter)) {
// Creating LDAP authorities populator using Ldap context source and
// Ldap group search base.
// populating LDAP authorities populator with group search
// base,group role attribute, group search filter.
DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContextSource, rangerLdapGroupSearchBase);
defaultLdapAuthoritiesPopulator.setGroupRoleAttribute(rangerLdapGroupRoleAttribute);
defaultLdapAuthoritiesPopulator.setGroupSearchFilter(rangerLdapGroupSearchFilter);
defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);
// Creating Ldap authentication provider using BindAuthenticator and Ldap authentication populator
ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, defaultLdapAuthoritiesPopulator);
} else {
ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);
}
// getting user authenticated
if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
final List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
final UserDetails principal = new User(userName, userPassword, grantedAuths);
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
authentication = getAuthenticationWithGrantedAuthority(authentication);
return authentication;
} else {
return authentication;
}
} catch (Exception e) {
logger.debug("LDAP Authentication Failed:", e);
}
return authentication;
}
use of org.springframework.security.ldap.authentication.BindAuthenticator in project ranger by apache.
the class RangerAuthenticationProvider method getADBindAuthentication.
private Authentication getADBindAuthentication(Authentication authentication) {
try {
String rangerADURL = PropertiesUtil.getProperty("ranger.ldap.ad.url", "");
String rangerLdapADBase = PropertiesUtil.getProperty("ranger.ldap.ad.base.dn", "");
String rangerADBindDN = PropertiesUtil.getProperty("ranger.ldap.ad.bind.dn", "");
String rangerADBindPassword = PropertiesUtil.getProperty("ranger.ldap.ad.bind.password", "");
String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.ad.referral", "follow");
String rangerLdapUserSearchFilter = PropertiesUtil.getProperty("ranger.ldap.ad.user.searchfilter", "(sAMAccountName={0})");
boolean rangerIsStartTlsEnabled = Boolean.valueOf(PropertiesUtil.getProperty("ranger.ldap.starttls", "false"));
String userName = authentication.getName();
String userPassword = "";
if (authentication.getCredentials() != null) {
userPassword = authentication.getCredentials().toString();
}
LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(rangerADURL);
ldapContextSource.setUserDn(rangerADBindDN);
ldapContextSource.setPassword(rangerADBindPassword);
ldapContextSource.setReferral(rangerLdapReferral);
ldapContextSource.setCacheEnvironmentProperties(true);
ldapContextSource.setAnonymousReadOnly(false);
ldapContextSource.setPooled(true);
if (rangerIsStartTlsEnabled) {
ldapContextSource.setPooled(false);
ldapContextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
}
ldapContextSource.afterPropertiesSet();
// String searchFilter="(sAMAccountName={0})";
if (rangerLdapUserSearchFilter == null || rangerLdapUserSearchFilter.trim().isEmpty()) {
rangerLdapUserSearchFilter = "(sAMAccountName={0})";
}
FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(rangerLdapADBase, rangerLdapUserSearchFilter, ldapContextSource);
userSearch.setSearchSubtree(true);
BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
bindAuthenticator.setUserSearch(userSearch);
bindAuthenticator.afterPropertiesSet();
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);
if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
final List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
final UserDetails principal = new User(userName, userPassword, grantedAuths);
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
authentication = getAuthenticationWithGrantedAuthority(authentication);
return authentication;
} else {
return authentication;
}
} catch (Exception e) {
logger.debug("AD Authentication Failed:", e);
}
return authentication;
}
Aggregations