Examples with LdapAuthenticationProvider org.springframework.security.ldap.authentication.LdapAuthenticationProvider used on opensource projects

Search in sources :

Example 26 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project hub-alert by blackducksoftware.

the class LdapManager method createAuthProvider.

public Optional<LdapAuthenticationProvider> createAuthProvider(FieldUtility configuration) throws AlertConfigurationException {
    try {
        boolean enabled = configuration.getBooleanOrFalse(AuthenticationDescriptor.KEY_LDAP_ENABLED);
        if (!enabled) {
            return Optional.empty();
        }
        LdapContextSource ldapContextSource = new LdapContextSource();
        String ldapServer = configuration.getStringOrEmpty(AuthenticationDescriptor.KEY_LDAP_SERVER);
        String managerDN = configuration.getStringOrEmpty(AuthenticationDescriptor.KEY_LDAP_MANAGER_DN);
        String managerPassword = configuration.getStringOrEmpty(AuthenticationDescriptor.KEY_LDAP_MANAGER_PWD);
        String ldapReferral = configuration.getStringOrEmpty(AuthenticationDescriptor.KEY_LDAP_REFERRAL);
        if (StringUtils.isNotBlank(ldapServer)) {
            ldapContextSource.setUrl(ldapServer);
            ldapContextSource.setUserDn(managerDN);
            ldapContextSource.setPassword(managerPassword);
            ldapContextSource.setReferral(ldapReferral);
            ldapContextSource.setAuthenticationStrategy(createAuthenticationStrategy(configuration));
        }
        ldapContextSource.afterPropertiesSet();
        LdapAuthenticationProvider ldapAuthenticationProvider = updateAuthenticationProvider(configuration, ldapContextSource);
        return Optional.of(ldapAuthenticationProvider);
    } catch (IllegalArgumentException ex) {
        throw new AlertConfigurationException("Error creating LDAP Context Source", ex);
    }
}
Also used : LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider) AlertConfigurationException(com.synopsys.integration.alert.api.common.model.exception.AlertConfigurationException)

Example 27 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project ranger by apache.

the class RangerAuthenticationProvider method getLdapAuthentication.

private Authentication getLdapAuthentication(Authentication authentication) {
    try {
        // getting ldap settings
        String rangerLdapURL = PropertiesUtil.getProperty("ranger.ldap.url", "");
        String rangerLdapUserDNPattern = PropertiesUtil.getProperty("ranger.ldap.user.dnpattern", "");
        String rangerLdapGroupSearchBase = PropertiesUtil.getProperty("ranger.ldap.group.searchbase", "");
        String rangerLdapGroupSearchFilter = PropertiesUtil.getProperty("ranger.ldap.group.searchfilter", "");
        String rangerLdapGroupRoleAttribute = PropertiesUtil.getProperty("ranger.ldap.group.roleattribute", "");
        String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
        boolean rangerIsStartTlsEnabled = Boolean.valueOf(PropertiesUtil.getProperty("ranger.ldap.starttls", "false"));
        // taking the user-name and password from the authentication
        // object.
        String userName = authentication.getName();
        String userPassword = "";
        if (authentication.getCredentials() != null) {
            userPassword = authentication.getCredentials().toString();
        }
        // populating LDAP context source with LDAP URL and user-DN-pattern
        LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(rangerLdapURL);
        if (rangerIsStartTlsEnabled) {
            ldapContextSource.setPooled(false);
            ldapContextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
        }
        ldapContextSource.setCacheEnvironmentProperties(false);
        ldapContextSource.setAnonymousReadOnly(true);
        // Creating BindAuthenticator using Ldap Context Source.
        BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
        // String[] userDnPatterns = new String[] { rangerLdapUserDNPattern };
        String[] userDnPatterns = rangerLdapUserDNPattern.split(";");
        bindAuthenticator.setUserDnPatterns(userDnPatterns);
        LdapAuthenticationProvider ldapAuthenticationProvider = null;
        if (!StringUtil.isEmpty(rangerLdapGroupSearchBase) && !StringUtil.isEmpty(rangerLdapGroupSearchFilter)) {
            // Creating LDAP authorities populator using Ldap context source and
            // Ldap group search base.
            // populating LDAP authorities populator with group search
            // base,group role attribute, group search filter.
            DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContextSource, rangerLdapGroupSearchBase);
            defaultLdapAuthoritiesPopulator.setGroupRoleAttribute(rangerLdapGroupRoleAttribute);
            defaultLdapAuthoritiesPopulator.setGroupSearchFilter(rangerLdapGroupSearchFilter);
            defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);
            // Creating Ldap authentication provider using BindAuthenticator and Ldap authentication populator
            ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, defaultLdapAuthoritiesPopulator);
        } else {
            ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);
        }
        // getting user authenticated
        if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = new ArrayList<>();
            grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
            final UserDetails principal = new User(userName, userPassword, grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
            authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
            authentication = getAuthenticationWithGrantedAuthority(authentication);
            return authentication;
        } else {
            return authentication;
        }
    } catch (Exception e) {
        logger.debug("LDAP Authentication Failed:", e);
    }
    return authentication;
}
Also used : BindAuthenticator(org.springframework.security.ldap.authentication.BindAuthenticator) DefaultSpringSecurityContextSource(org.springframework.security.ldap.DefaultSpringSecurityContextSource) User(org.springframework.security.core.userdetails.User) LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) DefaultLdapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationException(org.springframework.security.core.AuthenticationException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) UserDetails(org.springframework.security.core.userdetails.UserDetails) Authentication(org.springframework.security.core.Authentication) DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy) ActiveDirectoryLdapAuthenticationProvider(org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider) LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)

Example 28 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project ranger by apache.

the class RangerAuthenticationProvider method getADBindAuthentication.

private Authentication getADBindAuthentication(Authentication authentication) {
    try {
        String rangerADURL = PropertiesUtil.getProperty("ranger.ldap.ad.url", "");
        String rangerLdapADBase = PropertiesUtil.getProperty("ranger.ldap.ad.base.dn", "");
        String rangerADBindDN = PropertiesUtil.getProperty("ranger.ldap.ad.bind.dn", "");
        String rangerADBindPassword = PropertiesUtil.getProperty("ranger.ldap.ad.bind.password", "");
        String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
        String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.ad.referral", "follow");
        String rangerLdapUserSearchFilter = PropertiesUtil.getProperty("ranger.ldap.ad.user.searchfilter", "(sAMAccountName={0})");
        boolean rangerIsStartTlsEnabled = Boolean.valueOf(PropertiesUtil.getProperty("ranger.ldap.starttls", "false"));
        String userName = authentication.getName();
        String userPassword = "";
        if (authentication.getCredentials() != null) {
            userPassword = authentication.getCredentials().toString();
        }
        LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(rangerADURL);
        ldapContextSource.setUserDn(rangerADBindDN);
        ldapContextSource.setPassword(rangerADBindPassword);
        ldapContextSource.setReferral(rangerLdapReferral);
        ldapContextSource.setCacheEnvironmentProperties(true);
        ldapContextSource.setAnonymousReadOnly(false);
        ldapContextSource.setPooled(true);
        if (rangerIsStartTlsEnabled) {
            ldapContextSource.setPooled(false);
            ldapContextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
        }
        ldapContextSource.afterPropertiesSet();
        // String searchFilter="(sAMAccountName={0})";
        if (rangerLdapUserSearchFilter == null || rangerLdapUserSearchFilter.trim().isEmpty()) {
            rangerLdapUserSearchFilter = "(sAMAccountName={0})";
        }
        FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(rangerLdapADBase, rangerLdapUserSearchFilter, ldapContextSource);
        userSearch.setSearchSubtree(true);
        BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
        bindAuthenticator.setUserSearch(userSearch);
        bindAuthenticator.afterPropertiesSet();
        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);
        if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = new ArrayList<>();
            grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
            final UserDetails principal = new User(userName, userPassword, grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
            authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
            authentication = getAuthenticationWithGrantedAuthority(authentication);
            return authentication;
        } else {
            return authentication;
        }
    } catch (Exception e) {
        logger.debug("AD Authentication Failed:", e);
    }
    return authentication;
}
Also used : BindAuthenticator(org.springframework.security.ldap.authentication.BindAuthenticator) DefaultSpringSecurityContextSource(org.springframework.security.ldap.DefaultSpringSecurityContextSource) User(org.springframework.security.core.userdetails.User) LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationException(org.springframework.security.core.AuthenticationException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) UserDetails(org.springframework.security.core.userdetails.UserDetails) Authentication(org.springframework.security.core.Authentication) FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch) DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy) ActiveDirectoryLdapAuthenticationProvider(org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider) LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)

Example 29 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project spring-security by spring-projects.

the class LdapAuthenticationProviderConfigurer method build.

private LdapAuthenticationProvider build() throws Exception {
    BaseLdapPathContextSource contextSource = getContextSource();
    LdapAuthenticator ldapAuthenticator = createLdapAuthenticator(contextSource);
    LdapAuthoritiesPopulator authoritiesPopulator = getLdapAuthoritiesPopulator();
    LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(ldapAuthenticator, authoritiesPopulator);
    ldapAuthenticationProvider.setAuthoritiesMapper(getAuthoritiesMapper());
    if (this.userDetailsContextMapper != null) {
        ldapAuthenticationProvider.setUserDetailsContextMapper(this.userDetailsContextMapper);
    }
    return ldapAuthenticationProvider;
}
Also used : LdapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator) DefaultLdapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator) BaseLdapPathContextSource(org.springframework.ldap.core.support.BaseLdapPathContextSource) LdapAuthenticator(org.springframework.security.ldap.authentication.LdapAuthenticator) AbstractLdapAuthenticator(org.springframework.security.ldap.authentication.AbstractLdapAuthenticator) LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)

Example 30 with LdapAuthenticationProvider

use of org.springframework.security.ldap.authentication.LdapAuthenticationProvider in project spring-security by spring-projects.

the class LdapAuthenticationProviderConfigurer method configure.

@Override
public void configure(B builder) throws Exception {
    LdapAuthenticationProvider provider = postProcess(build());
    builder.authenticationProvider(provider);
}
Also used : LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)

Aggregations

LdapAuthenticationProvider (org.springframework.security.ldap.authentication.LdapAuthenticationProvider)35 Authentication (org.springframework.security.core.Authentication)17 LdapContextSource (org.springframework.ldap.core.support.LdapContextSource)14 BindAuthenticator (org.springframework.security.ldap.authentication.BindAuthenticator)14 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)13 UserDetails (org.springframework.security.core.userdetails.UserDetails)12 GrantedAuthority (org.springframework.security.core.GrantedAuthority)11 FilterBasedLdapUserSearch (org.springframework.security.ldap.search.FilterBasedLdapUserSearch)11 DefaultSpringSecurityContextSource (org.springframework.security.ldap.DefaultSpringSecurityContextSource)10 AuthenticationException (org.springframework.security.core.AuthenticationException)8 DefaultLdapAuthoritiesPopulator (org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator)8 Test (org.junit.jupiter.api.Test)7 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)7 ArrayList (java.util.ArrayList)6 User (org.apache.atlas.web.model.User)6 DefaultTlsDirContextAuthenticationStrategy (org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)5 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)5 User (org.springframework.security.core.userdetails.User)5 ActiveDirectoryLdapAuthenticationProvider (org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider)5 AlertConfigurationException (com.synopsys.integration.alert.api.common.model.exception.AlertConfigurationException)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial