Merge pull request #95 from barti271/master
Authorities populated after kerberos authentication.
This commit is contained in:
@@ -0,0 +1,34 @@
|
||||
package demo.app;
|
||||
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
import org.springframework.ldap.core.DistinguishedName;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
|
||||
public class ActiveDirectoryLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
|
||||
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
|
||||
String[] groups = userData.getStringAttributes("memberOf");
|
||||
|
||||
if (groups == null) {
|
||||
return AuthorityUtils.NO_AUTHORITIES;
|
||||
}
|
||||
|
||||
ArrayList<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(
|
||||
groups.length);
|
||||
|
||||
for (String group : groups) {
|
||||
authorities.add(new SimpleGrantedAuthority(new DistinguishedName(group)
|
||||
.removeLast().getValue()));
|
||||
}
|
||||
|
||||
return authorities;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -90,7 +90,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
}
|
||||
|
||||
@Bean
|
||||
public KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider() {
|
||||
public KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider() throws Exception {
|
||||
KerberosServiceAuthenticationProvider provider = new KerberosServiceAuthenticationProvider();
|
||||
provider.setTicketValidator(sunJaasKerberosTicketValidator());
|
||||
provider.setUserDetailsService(ldapUserDetailsService());
|
||||
@@ -107,29 +107,35 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
}
|
||||
|
||||
@Bean
|
||||
public KerberosLdapContextSource kerberosLdapContextSource() {
|
||||
public KerberosLdapContextSource kerberosLdapContextSource() throws Exception {
|
||||
KerberosLdapContextSource contextSource = new KerberosLdapContextSource(adServer);
|
||||
contextSource.setLoginConfig(loginConfig());
|
||||
return contextSource;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SunJaasKrb5LoginConfig loginConfig() {
|
||||
public SunJaasKrb5LoginConfig loginConfig() throws Exception {
|
||||
SunJaasKrb5LoginConfig loginConfig = new SunJaasKrb5LoginConfig();
|
||||
loginConfig.setKeyTabLocation(new FileSystemResource(keytabLocation));
|
||||
loginConfig.setServicePrincipal(servicePrincipal);
|
||||
loginConfig.setDebug(true);
|
||||
loginConfig.setIsInitiator(true);
|
||||
loginConfig.afterPropertiesSet();
|
||||
return loginConfig;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public LdapUserDetailsService ldapUserDetailsService() {
|
||||
public LdapUserDetailsService ldapUserDetailsService() throws Exception {
|
||||
FilterBasedLdapUserSearch userSearch =
|
||||
new FilterBasedLdapUserSearch(ldapSearchBase, ldapSearchFilter, kerberosLdapContextSource());
|
||||
LdapUserDetailsService service = new LdapUserDetailsService(userSearch);
|
||||
LdapUserDetailsService service =
|
||||
new LdapUserDetailsService(userSearch, new ActiveDirectoryLdapAuthoritiesPopulator());
|
||||
service.setUserDetailsMapper(new LdapUserDetailsMapper());
|
||||
return service;
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Override
|
||||
public AuthenticationManager authenticationManagerBean() throws Exception {
|
||||
return super.authenticationManagerBean();
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user