configuration for spring security - LDAP authentication

build-system/pom.xml

@@ -64,7 +64,7 @@
         <selenium.version>1.0.1</selenium.version>
         <slf4j.version>1.7.12</slf4j.version>
         <spring.version>4.2.5.RELEASE</spring.version>
-        <spring.security.version>4.0.4.RELEASE</spring.security.version>
+        <spring.security.version>4.1.0.RELEASE</spring.security.version>
         <testng.version>6.8.8</testng.version>
         <xml.resolver.version>1.2</xml.resolver.version>
         <xmlunit.version>2.1.1</xmlunit.version>
@@ -744,6 +744,11 @@
                 <artifactId>spring-security-core</artifactId>
                 <version>${spring.security.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.springframework.security</groupId>
+                <artifactId>spring-security-ldap</artifactId>
+                <version>${spring.security.version}</version>
+            </dependency>
             <dependency> <!-- Needed for MethodInvocation object in security-impl, used by Spring Security -->
 	            <groupId>aopalliance</groupId>
 	            <artifactId>aopalliance</artifactId>
@@ -1422,6 +1427,7 @@
 								<!-- There is some kind of conflict between these. TODO: clean up -->
 								<ignoredUnusedDeclaredDependency>xml-apis:xml-apis</ignoredUnusedDeclaredDependency>
 								<ignoredUnusedDeclaredDependency>stax:stax-api</ignoredUnusedDeclaredDependency>
+								<ignoredUnusedDeclaredDependency>org.springframework.ldap:spring-ldap-core</ignoredUnusedDeclaredDependency>
 
 								<!-- We are making this dependency explicit to detect conflicts early -->
 								<ignoredUnusedDeclaredDependency>org.codehaus.woodstox:stax2-api</ignoredUnusedDeclaredDependency>
@@ -1434,6 +1440,7 @@
 								<!-- There is some kind of conflict between these. TODO: clean up -->
 								<ignoredUsedUndeclaredDependency>xml-apis:xml-apis</ignoredUsedUndeclaredDependency>
 								<ignoredUsedUndeclaredDependency>stax:stax-api</ignoredUsedUndeclaredDependency>
+								<ignoredUsedUndeclaredDependency>org.springframework.ldap:spring-ldap-core</ignoredUsedUndeclaredDependency>
 							</ignoredUsedUndeclaredDependencies>
 						</configuration>
 					</execution>

gui/admin-gui/pom.xml

@@ -464,6 +464,7 @@
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-core</artifactId>
+<!--             <scope>runtime</scope> -->
         </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
@@ -474,6 +475,11 @@
             <artifactId>spring-security-config</artifactId>
             <scope>runtime</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-ldap</artifactId>
+            <scope>runtime</scope>
+        </dependency>
 
         <!--  WICKET DEPENDENCIES -->
         <dependency>

gui/admin-gui/src/main/webapp/WEB-INF/ctx-web-security.xml

@@ -19,7 +19,7 @@
              xmlns:beans="http://www.springframework.org/schema/beans"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
-http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.1.xsd">
 
 
     <global-method-security secured-annotations="enabled"/>
@@ -107,9 +107,36 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc
 	    <beans:property name="authenticationManager" ref="authenticationManager" />
 	</beans:bean>
 
-    <authentication-manager alias="authenticationManager">
-        <authentication-provider ref="midPointAuthenticationProvider"/>
-    </authentication-manager>
+	<beans:bean id="contextSource"
+		class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
+		<beans:constructor-arg value="ldap://192.168.56.101:389/dc=example,dc=com" />
+		<beans:property name="userDn" value="cn=admin,dc=example,dc=com" />
+		<beans:property name="password" value="secret" />
+	</beans:bean>
+
+	<beans:bean id="ldapAuthProvider"
+		class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
+		<beans:constructor-arg>
+			<beans:bean
+				class="org.springframework.security.ldap.authentication.BindAuthenticator">
+				<beans:constructor-arg ref="contextSource" />
+				<beans:property name="userDnPatterns">
+					<beans:list>
+						<beans:value>uid={0},ou=people</beans:value>
+					</beans:list>
+				</beans:property>
+			</beans:bean>
+		</beans:constructor-arg>
+
+		<beans:property name="userDetailsContextMapper"
+					ref="userDetailsService" />
+	</beans:bean>
+
+	<authentication-manager alias="authenticationManager">
+		<!-- <authentication-provider ref="midPointAuthenticationProvider"/> -->
+		<authentication-provider ref="ldapAuthProvider" />
+
+	</authentication-manager>
 
 	<!-- For SSO CAS integration uncomment following and set CASSERVER address   and   change service url according to your needs-->
 	<!-- CAS CONFIG -->

model/model-impl/pom.xml

@@ -193,6 +193,10 @@
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-core</artifactId>
+        </dependency>
+         <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-ldap</artifactId>
         </dependency>
 		<dependency>
 			<groupId>org.apache.commons</groupId>

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/UserProfileServiceImpl.java

@@ -58,10 +58,14 @@
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -76,7 +80,7 @@
  * @author semancik
  */
 @Service(value = "userDetailsService")
-public class UserProfileServiceImpl implements UserProfileService, UserDetailsService {
+public class UserProfileServiceImpl implements UserProfileService, UserDetailsService, UserDetailsContextMapper {
 
     private static final Trace LOGGER = TraceManager.getTrace(UserProfileServiceImpl.class);
 
@@ -316,13 +320,28 @@ public <F extends FocusType, O extends ObjectType> PrismObject<F> resolveOwner(P
 
 	@Override
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-//		 TODO Auto-generated method stub
 		try {
 			return getPrincipal(username);
 		} catch (ObjectNotFoundException e) {
 			throw new UsernameNotFoundException(e.getMessage(), e);
 		}
 	}
+
+	@Override
+	public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
+			Collection<? extends GrantedAuthority> authorities) {
+		try {
+			return getPrincipal(username);
+		} catch (ObjectNotFoundException e) {
+			throw new UsernameNotFoundException(e.getMessage(), e);
+		}
+	}
+
+	@Override
+	public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
+		// TODO Auto-generated method stub
+
+	}
 
 
 }

repo/security-api/pom.xml

@@ -56,6 +56,7 @@
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-core</artifactId>
         </dependency>
+
 
 		<dependency>
 			<groupId>com.evolveum.midpoint.tools</groupId>