Examples with LdapAuthenticationProvider org.springframework.security.ldap.authentication.LdapAuthenticationProvider used on opensource projects

Example 6 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project spring-security by spring-projects.

the class LdapAuthenticationProviderBuilderSecurityBuilderTests method rolePrefixCustom.

@Test
public void rolePrefixCustom() {
    this.spring.register(RolePrefixConfig.class).autowire();
    LdapAuthenticationProvider provider = ldapProvider();
    assertThat(ReflectionTestUtils.getField(getAuthoritiesMapper(provider), "prefix")).isEqualTo("role_");
}

Example 7 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project spring-security by spring-projects.

the class LdapAuthenticationProviderBuilderSecurityBuilderTests method groupRolesCustom.

@Test
public void groupRolesCustom() {
    this.spring.register(GroupRolesConfig.class).autowire();
    LdapAuthenticationProvider provider = ldapProvider();
    assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "groupRoleAttribute")).isEqualTo("group");
}

Example 8 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project ontrack by nemerosa.

the class LDAPProviderFactoryImpl method loadProvider.

private LdapAuthenticationProvider loadProvider() {
    LDAPSettings settings = cachedSettingsService.getCachedSettings(LDAPSettings.class);
    if (settings.isEnabled()) {
        // LDAP context
        DefaultSpringSecurityContextSource ldapContextSource = new DefaultSpringSecurityContextSource(settings.getUrl());
        ldapContextSource.setUserDn(settings.getUser());
        ldapContextSource.setPassword(settings.getPassword());
        try {
            ldapContextSource.afterPropertiesSet();
        } catch (Exception e) {
            throw new CannotInitializeLDAPException(e);
        }
        // User search
        FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(settings.getSearchBase(), settings.getSearchFilter(), ldapContextSource);
        userSearch.setSearchSubtree(true);
        // Bind authenticator
        BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
        bindAuthenticator.setUserSearch(userSearch);
        // Provider
        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, authoritiesPopulator);
        ldapAuthenticationProvider.setUserDetailsContextMapper(new ConfigurableUserDetailsContextMapper(settings));
        // OK
        return ldapAuthenticationProvider;
    } else // LDAP not enabled
    {
        return null;
    }
}

Example 9 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project ontrack by nemerosa.

the class LDAPAuthenticationProvider method findUser.

protected Optional<AuthenticatedAccount> findUser(String username, UsernamePasswordAuthenticationToken authentication) {
    // Gets the (cached) provider
    LdapAuthenticationProvider ldapAuthenticationProvider = ldapProviderFactory.getProvider();
    // If not enabled, cannot authenticate!
    if (ldapAuthenticationProvider == null) {
        return Optional.empty();
    } else // LDAP connection
    {
        Authentication ldapAuthentication;
        try {
            ldapAuthentication = ldapAuthenticationProvider.authenticate(authentication);
        } catch (Exception ex) {
            // Cannot use the LDAP, logs the error
            applicationLogService.log(ApplicationLogEntry.error(ex, NameDescription.nd("ldap-authentication", "LDAP Authentication problem"), authentication.getName()));
            // Rejects the authentication
            return Optional.empty();
        }
        if (ldapAuthentication != null && ldapAuthentication.isAuthenticated()) {
            // Gets the account name
            final String name = ldapAuthentication.getName();
            // If not found, auto-registers the account using the LDAP details
            ExtendedLDAPUserDetails userDetails;
            Object principal = ldapAuthentication.getPrincipal();
            if (principal instanceof ExtendedLDAPUserDetails) {
                userDetails = (ExtendedLDAPUserDetails) principal;
            } else {
                userDetails = null;
            }
            // Gets any existing account
            Optional<Account> existingAccount = securityService.asAdmin(() -> accountService.findUserByNameAndSource(username, ldapAuthenticationSourceProvider));
            if (!existingAccount.isPresent()) {
                // If not found, auto-registers the account using the LDAP details
                if (userDetails != null) {
                    // Auto-registration if email is OK
                    if (StringUtils.isNotBlank(userDetails.getEmail())) {
                        // Registration
                        return securityService.asAdmin(() -> Optional.of(new AuthenticatedAccount(accountService.create(new AccountInput(name, userDetails.getFullName(), userDetails.getEmail(), "", Collections.emptyList()), LDAPAuthenticationSourceProvider.LDAP_AUTHENTICATION_SOURCE), userDetails)));
                    } else {
                        // Temporary account
                        return Optional.of(AuthenticatedAccount.of(Account.of(name, userDetails.getFullName(), "", SecurityRole.USER, ldapAuthenticationSourceProvider.getSource())));
                    }
                } else {
                    // Temporary account
                    return Optional.of(AuthenticatedAccount.of(Account.of(name, name, "", SecurityRole.USER, ldapAuthenticationSourceProvider.getSource())));
                }
            } else {
                return existingAccount.map(account -> new AuthenticatedAccount(account, userDetails));
            }
        } else {
            return Optional.empty();
        }
    }
}

Example 10 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project incubator-atlas by apache.

the class AtlasLdapAuthenticationProvider method getLdapAuthentication.

private Authentication getLdapAuthentication(Authentication authentication) {
    if (isDebugEnabled) {
        LOG.debug("==> AtlasLdapAuthenticationProvider getLdapAuthentication");
    }
    try {
        // taking the user-name and password from the authentication
        // object.
        String userName = authentication.getName();
        String userPassword = "";
        if (authentication.getCredentials() != null) {
            userPassword = authentication.getCredentials().toString();
        }
        // populating LDAP context source with LDAP URL and user-DN-pattern
        LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(ldapURL);
        ldapContextSource.setCacheEnvironmentProperties(false);
        ldapContextSource.setAnonymousReadOnly(true);
        // Creating BindAuthenticator using Ldap Context Source.
        BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
        // String[] userDnPatterns = new String[] { rangerLdapUserDNPattern };
        String[] userDnPatterns = ldapUserDNPattern.split(";");
        bindAuthenticator.setUserDnPatterns(userDnPatterns);
        LdapAuthenticationProvider ldapAuthenticationProvider = null;
        if (!StringUtils.isEmpty(ldapGroupSearchBase) && !StringUtils.isEmpty(ldapGroupSearchFilter)) {
            // Creating LDAP authorities populator using Ldap context source and
            // Ldap group search base.
            // populating LDAP authorities populator with group search
            // base,group role attribute, group search filter.
            DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContextSource, ldapGroupSearchBase);
            defaultLdapAuthoritiesPopulator.setGroupRoleAttribute(ldapGroupRoleAttribute);
            defaultLdapAuthoritiesPopulator.setGroupSearchFilter(ldapGroupSearchFilter);
            defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);
            // Creating Ldap authentication provider using BindAuthenticator and Ldap authentication populator
            ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, defaultLdapAuthoritiesPopulator);
        } else {
            ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);
        }
        // getting user authenticated
        if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = getAuthorities(userName);
            final UserDetails principal = new User(userName, userPassword, grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
            authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
            if (groupsFromUGI) {
                authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
            }
            return authentication;
        } else {
            return authentication;
        }
    } catch (Exception e) {
        LOG.error("getLdapAuthentication LDAP Authentication Failed:", e);
    }
    if (isDebugEnabled) {
        LOG.debug("<== AtlasLdapAuthenticationProvider getLdapAuthentication");
    }
    return authentication;
}