Examples with LdapAuthenticationProvider org.springframework.security.ldap.authentication.LdapAuthenticationProvider used on opensource projects

Search in sources :

Example 11 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project incubator-atlas by apache.

the class AtlasADAuthenticationProvider method getADBindAuthentication.

private Authentication getADBindAuthentication(Authentication authentication) {
    try {
        String userName = authentication.getName();
        String userPassword = "";
        if (authentication.getCredentials() != null) {
            userPassword = authentication.getCredentials().toString();
        }
        LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(adURL);
        ldapContextSource.setUserDn(adBindDN);
        ldapContextSource.setPassword(adBindPassword);
        ldapContextSource.setReferral(adReferral);
        ldapContextSource.setCacheEnvironmentProperties(true);
        ldapContextSource.setAnonymousReadOnly(false);
        ldapContextSource.setPooled(true);
        ldapContextSource.afterPropertiesSet();
        if (adUserSearchFilter == null || adUserSearchFilter.trim().isEmpty()) {
            adUserSearchFilter = "(sAMAccountName={0})";
        }
        FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(adBase, adUserSearchFilter, ldapContextSource);
        userSearch.setSearchSubtree(true);
        BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
        bindAuthenticator.setUserSearch(userSearch);
        bindAuthenticator.afterPropertiesSet();
        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);
        if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = getAuthorities(userName);
            final UserDetails principal = new User(userName, userPassword, grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
            authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
            if (groupsFromUGI) {
                authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
            }
            return authentication;
        } else {
            LOG.error("AD Authentication Failed userName or userPassword is null or empty");
            return null;
        }
    } catch (Exception e) {
        LOG.error("AD Authentication Failed:", e);
        return null;
    }
}
Also used : BindAuthenticator(org.springframework.security.ldap.authentication.BindAuthenticator) DefaultSpringSecurityContextSource(org.springframework.security.ldap.DefaultSpringSecurityContextSource) User(org.apache.atlas.web.model.User) LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) GrantedAuthority(org.springframework.security.core.GrantedAuthority) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) UserDetails(org.springframework.security.core.userdetails.UserDetails) Authentication(org.springframework.security.core.Authentication) FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch) LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider) ActiveDirectoryLdapAuthenticationProvider(org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider)

Example 12 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project hub-alert by blackducksoftware.

the class LdapManager method updateAuthenticationProvider.

private LdapAuthenticationProvider updateAuthenticationProvider(FieldUtility configurationModel, LdapContextSource contextSource) throws AlertConfigurationException {
    LdapAuthenticator authenticator = createAuthenticator(configurationModel, contextSource);
    LdapAuthoritiesPopulator ldapAuthoritiesPopulator = createAuthoritiesPopulator(configurationModel, contextSource);
    LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(authenticator, ldapAuthoritiesPopulator);
    ldapAuthenticationProvider.setUserDetailsContextMapper(inetOrgPersonContextMapper);
    return ldapAuthenticationProvider;
}
Also used : LdapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator) LdapAuthenticator(org.springframework.security.ldap.authentication.LdapAuthenticator) LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)

Example 13 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project hub-alert by blackducksoftware.

the class AuthenticationFieldModelTestAction method performLdapTest.

private void performLdapTest(FieldModel fieldModel, FieldUtility registeredFieldValues) throws IntegrationException {
    logger.info("LDAP enabled testing LDAP authentication.");
    String userName = fieldModel.getFieldValue(AuthenticationDescriptor.TEST_FIELD_KEY_USERNAME).orElse("");
    Optional<LdapAuthenticationProvider> ldapProvider = ldapManager.createAuthProvider(registeredFieldValues);
    String errorMessage = String.format("Ldap Authentication test failed for the test user %s.  Please check the LDAP configuration.", userName);
    List<AlertFieldStatus> errors = new ArrayList<>();
    if (!ldapProvider.isPresent()) {
        errors.add(AlertFieldStatus.error(AuthenticationDescriptor.KEY_LDAP_ENABLED, errorMessage));
    } else {
        try {
            Authentication pendingAuthentication = new UsernamePasswordAuthenticationToken(userName, fieldModel.getFieldValue(AuthenticationDescriptor.TEST_FIELD_KEY_PASSWORD).orElse(""));
            Authentication authentication = ldapProvider.get().authenticate(pendingAuthentication);
            if (!authentication.isAuthenticated()) {
                errors.add(AlertFieldStatus.error(AuthenticationDescriptor.KEY_LDAP_ENABLED, errorMessage));
            }
            authentication.setAuthenticated(false);
        } catch (Exception ex) {
            logger.error("Exception occurred testing LDAP authentication", ex);
            String exceptionMessage = ex.getMessage();
            if (StringUtils.isNotBlank(exceptionMessage)) {
                errorMessage = String.format("%s Additional details: %s", errorMessage, exceptionMessage);
            }
            errors.add(AlertFieldStatus.error(AuthenticationDescriptor.KEY_LDAP_ENABLED, errorMessage));
        }
    }
    if (!errors.isEmpty()) {
        throw new AlertFieldException(errors);
    }
}
Also used : Authentication(org.springframework.security.core.Authentication) ArrayList(java.util.ArrayList) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) AlertFieldStatus(com.synopsys.integration.alert.common.descriptor.config.field.errors.AlertFieldStatus) AlertFieldException(com.synopsys.integration.alert.common.exception.AlertFieldException) LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider) AlertFieldException(com.synopsys.integration.alert.common.exception.AlertFieldException) IntegrationException(com.synopsys.integration.exception.IntegrationException)

Example 14 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project hub-alert by blackducksoftware.

the class AuthenticationActionsTestIT method testAuthenticationLDAPUserIT.

@Test
public void testAuthenticationLDAPUserIT() throws Exception {
    HttpServletRequest servletRequest = new MockHttpServletRequest();
    HttpServletResponse servletResponse = new MockHttpServletResponse();
    Authentication authentication = Mockito.mock(Authentication.class);
    Mockito.when(authentication.isAuthenticated()).thenReturn(true);
    LdapAuthenticationProvider ldapAuthenticationProvider = Mockito.mock(LdapAuthenticationProvider.class);
    Mockito.when(ldapAuthenticationProvider.authenticate(Mockito.any(Authentication.class))).thenReturn(authentication);
    LdapManager mockLdapManager = Mockito.mock(LdapManager.class);
    Mockito.when(mockLdapManager.isLdapEnabled()).thenReturn(true);
    Mockito.when(mockLdapManager.getAuthenticationProvider()).thenReturn(Optional.of(ldapAuthenticationProvider));
    AuthenticationActions authenticationActions = new AuthenticationActions(authenticationProvider, csrfTokenRepository);
    ActionResponse<Void> response = authenticationActions.authenticateUser(servletRequest, servletResponse, mockLoginRestModel.createRestModel());
    assertTrue(response.isSuccessful());
    assertFalse(response.hasContent());
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) LdapManager(com.synopsys.integration.alert.component.authentication.security.ldap.LdapManager) AlertIntegrationTest(com.synopsys.integration.alert.util.AlertIntegrationTest) Test(org.junit.jupiter.api.Test)

Example 15 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project ranger by apache.

the class RangerAuthenticationProvider method getLdapBindAuthentication.

private Authentication getLdapBindAuthentication(Authentication authentication) {
    try {
        String rangerLdapURL = PropertiesUtil.getProperty("ranger.ldap.url", "");
        String rangerLdapUserDNPattern = PropertiesUtil.getProperty("ranger.ldap.user.dnpattern", "");
        String rangerLdapGroupSearchBase = PropertiesUtil.getProperty("ranger.ldap.group.searchbase", "");
        String rangerLdapGroupSearchFilter = PropertiesUtil.getProperty("ranger.ldap.group.searchfilter", "");
        String rangerLdapGroupRoleAttribute = PropertiesUtil.getProperty("ranger.ldap.group.roleattribute", "");
        String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
        String rangerLdapBase = PropertiesUtil.getProperty("ranger.ldap.base.dn", "");
        String rangerLdapBindDN = PropertiesUtil.getProperty("ranger.ldap.bind.dn", "");
        String rangerLdapBindPassword = PropertiesUtil.getProperty("ranger.ldap.bind.password", "");
        String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.referral", "follow");
        String rangerLdapUserSearchFilter = PropertiesUtil.getProperty("ranger.ldap.user.searchfilter", "(uid={0})");
        boolean rangerIsStartTlsEnabled = Boolean.valueOf(PropertiesUtil.getProperty("ranger.ldap.starttls", "false"));
        String userName = authentication.getName();
        String userPassword = "";
        if (authentication.getCredentials() != null) {
            userPassword = authentication.getCredentials().toString();
        }
        LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(rangerLdapURL);
        ldapContextSource.setUserDn(rangerLdapBindDN);
        ldapContextSource.setPassword(rangerLdapBindPassword);
        ldapContextSource.setReferral(rangerLdapReferral);
        ldapContextSource.setCacheEnvironmentProperties(false);
        ldapContextSource.setAnonymousReadOnly(false);
        ldapContextSource.setPooled(true);
        if (rangerIsStartTlsEnabled) {
            ldapContextSource.setPooled(false);
            ldapContextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
        }
        ldapContextSource.afterPropertiesSet();
        DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContextSource, rangerLdapGroupSearchBase);
        defaultLdapAuthoritiesPopulator.setGroupRoleAttribute(rangerLdapGroupRoleAttribute);
        defaultLdapAuthoritiesPopulator.setGroupSearchFilter(rangerLdapGroupSearchFilter);
        defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);
        // String searchFilter="(uid={0})";
        if (rangerLdapUserSearchFilter == null || rangerLdapUserSearchFilter.trim().isEmpty()) {
            rangerLdapUserSearchFilter = "(uid={0})";
        }
        FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(rangerLdapBase, rangerLdapUserSearchFilter, ldapContextSource);
        userSearch.setSearchSubtree(true);
        BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
        bindAuthenticator.setUserSearch(userSearch);
        String[] userDnPatterns = new String[] { rangerLdapUserDNPattern };
        bindAuthenticator.setUserDnPatterns(userDnPatterns);
        bindAuthenticator.afterPropertiesSet();
        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, defaultLdapAuthoritiesPopulator);
        if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = new ArrayList<>();
            grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
            final UserDetails principal = new User(userName, userPassword, grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
            authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
            authentication = getAuthenticationWithGrantedAuthority(authentication);
            return authentication;
        } else {
            return authentication;
        }
    } catch (Exception e) {
        logger.debug("LDAP Authentication Failed:", e);
    }
    return authentication;
}
Also used : BindAuthenticator(org.springframework.security.ldap.authentication.BindAuthenticator) DefaultSpringSecurityContextSource(org.springframework.security.ldap.DefaultSpringSecurityContextSource) User(org.springframework.security.core.userdetails.User) LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) DefaultLdapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationException(org.springframework.security.core.AuthenticationException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) UserDetails(org.springframework.security.core.userdetails.UserDetails) Authentication(org.springframework.security.core.Authentication) FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch) DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy) ActiveDirectoryLdapAuthenticationProvider(org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider) LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)

Aggregations

LdapAuthenticationProvider (org.springframework.security.ldap.authentication.LdapAuthenticationProvider)35 Authentication (org.springframework.security.core.Authentication)17 LdapContextSource (org.springframework.ldap.core.support.LdapContextSource)14 BindAuthenticator (org.springframework.security.ldap.authentication.BindAuthenticator)14 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)13 UserDetails (org.springframework.security.core.userdetails.UserDetails)12 GrantedAuthority (org.springframework.security.core.GrantedAuthority)11 FilterBasedLdapUserSearch (org.springframework.security.ldap.search.FilterBasedLdapUserSearch)11 DefaultSpringSecurityContextSource (org.springframework.security.ldap.DefaultSpringSecurityContextSource)10 AuthenticationException (org.springframework.security.core.AuthenticationException)8 DefaultLdapAuthoritiesPopulator (org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator)8 Test (org.junit.jupiter.api.Test)7 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)7 ArrayList (java.util.ArrayList)6 User (org.apache.atlas.web.model.User)6 DefaultTlsDirContextAuthenticationStrategy (org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)5 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)5 User (org.springframework.security.core.userdetails.User)5 ActiveDirectoryLdapAuthenticationProvider (org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider)5 AlertConfigurationException (com.synopsys.integration.alert.api.common.model.exception.AlertConfigurationException)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial