Merge branch 'master' of github.com:Evolveum/midpoint

gui/admin-gui/pom.xml

@@ -549,6 +549,38 @@
             <artifactId>servlet-api</artifactId>
             <scope>provided</scope>
         </dependency>
+
+		<!-- Uncomment following if you want midpoint to be a part of SSO using CAS server-->
+		<!-- SSO CAS Client dependencies -->
+	<!--	<dependency>
+			<groupId>org.jasig.cas.client</groupId>
+			<artifactId>cas-client-integration-tomcat-v7</artifactId>
+			<version>3.3.3</version>
+		</dependency>
+		<dependency>
+			<groupId>org.jasig.cas.client</groupId>
+			<artifactId>cas-client-core</artifactId>
+			<version>3.3.3</version>
+			<exclusions>
+				<exclusion>
+					<artifactId>xercesImpl</artifactId>
+					<groupId>xerces</groupId>
+				</exclusion>
+				<exclusion>
+					<artifactId>xmltooling</artifactId>
+					<groupId>org.opensaml</groupId>
+				</exclusion>
+				<exclusion>
+					<artifactId>velocity</artifactId>
+					<groupId>velocity</groupId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+		 <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-cas</artifactId>
+			<version>3.2.5.RELEASE</version>
+        </dependency>  -->
 
         <!-- testing dependencies -->
         <dependency>

gui/admin-gui/src/main/webapp/WEB-INF/ctx-web-security.xml

@@ -40,6 +40,7 @@ http://www.springframework.org/schema/security/spring-security-3.2.xsd">
     <!-- todo fix later with some mounting-->
     <http pattern="/wicket/resource/**" security="none"/>
 
+	<!-- add following: entry-point-ref="casEntryPoint"  to the http element before create-session attribute -->
     <http create-session="never" auto-config="true" use-expressions="false" access-decision-manager-ref="accessDecisionManager">
         <intercept-url pattern="/j_spring_security_check" />
         <intercept-url pattern="/spring_security_login" />
@@ -58,7 +59,16 @@ http://www.springframework.org/schema/security/spring-security-3.2.xsd">
 
 		<!-- For SSO integration use the following: -->
         <!-- <custom-filter position="PRE_AUTH_FILTER" ref="requestHeaderAuthenticationFilter" />  -->
-
+
+		<!-- For SSO CAS integration uncomment  following -->
+		<!--
+		<custom-filter position="CAS_FILTER" ref="casFilter" />
+		<logout logout-success-url="/cas-logout.jsp"/>
+		<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
+		<custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
+		-->
+
+
         <form-login login-page="/login" default-target-url="/home" />
         <intercept-url pattern="/**" access="isFullyAuthenticated()"/> 
     </http>
@@ -90,4 +100,69 @@ http://www.springframework.org/schema/security/spring-security-3.2.xsd">
     <authentication-manager alias="authenticationManager">
         <authentication-provider ref="midPointAuthenticationProvider"/>
     </authentication-manager>
+
+	<!-- For SSO CAS integration uncomment following and set CASSERVER address-->
+	<!-- CAS CONFIG -->
+	<!--
+	<beans:bean id="serviceProperties"
+        class="org.springframework.security.cas.ServiceProperties">
+    <beans:property name="service"
+        value="http://katuska-pc:8080/midpoint/j_spring_cas_security_check"/>
+    <beans:property name="sendRenew" value="false"/>
+  </beans:bean>
+  
+  <beans:bean id="casFilter"
+        class="org.springframework.security.cas.web.CasAuthenticationFilter">
+    <beans:property name="authenticationManager" ref="authenticationManager"/>
+  </beans:bean>
+
+  <beans:bean id="casEntryPoint"
+      class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
+    <beans:property name="loginUrl" value="https://CASSERVER/cas/login"/>
+    <beans:property name="serviceProperties" ref="serviceProperties"/>
+  </beans:bean>
+  
+  <authentication-manager alias="authenticationManager">
+    <authentication-provider ref="casAuthenticationProvider" />
+  </authentication-manager>
+
+  <beans:bean id="casAuthenticationProvider"
+      class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
+    <beans:property name="authenticationUserDetailsService">
+      <beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
+        <beans:constructor-arg ref="userService" />
+      </beans:bean>
+    </beans:property>
+    <beans:property name="serviceProperties" ref="serviceProperties" />
+    <beans:property name="ticketValidator">
+      <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
+        <beans:constructor-arg index="0" value="https://CASSERVER/cas" />
+      </beans:bean>
+    </beans:property>
+    <beans:property name="key" value="CAS_ID"/>
+  </beans:bean>
+  
+  <user-service id="userService">
+    <user name="edemuser" password="aaa" authorities="ROLE_USER" />
+  </user-service>
+-->
+
+	<!-- For SLO CAS integration uncomment following and set CASSERVER address-->
+	<!-- LOGOUT -->
+
+  <!-- This filter handles a Single Logout Request from the CAS Server -->
+  <!--<beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/> -->
+  <!-- This filter redirects to the CAS Server to signal Single Logout should be performed -->
+  <!--<beans:bean id="requestSingleLogoutFilter"
+        class="org.springframework.security.web.authentication.logout.LogoutFilter">
+    <beans:constructor-arg value="https://CASSERVER/cas/logout"/>
+    <beans:constructor-arg>
+      <beans:bean class=
+          "org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
+    </beans:constructor-arg>
+    <beans:property name="filterProcessesUrl" value="/j_spring_cas_security_logout"/>
+  </beans:bean>
+  -->
+
+
 </beans:beans>

gui/admin-gui/src/main/webapp/WEB-INF/web.xml

@@ -66,6 +66,24 @@
         <url-pattern>/*</url-pattern>
     </filter-mapping>
 
+	<!-- For CAS SLO integration uncomment following -->
+<!--
+	 <filter>
+    <filter-name>characterEncodingFilter</filter-name>
+    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
+    <init-param>
+      <param-name>encoding</param-name>
+      <param-value>UTF-8</param-value>
+    </init-param>
+  </filter>
+  <filter-mapping>
+    <filter-name>characterEncodingFilter</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
+  <listener>
+    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
+  </listener>
+	-->
     <filter>
         <filter-name>wicket</filter-name>
         <filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/UserProfileServiceImpl.java

@@ -53,6 +53,9 @@
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
@@ -64,7 +67,7 @@
  * @author semancik
  */
 @Service(value = "userDetailsService")
-public class UserProfileServiceImpl implements UserProfileService {
+public class UserProfileServiceImpl implements UserProfileService, UserDetailsService {
 
     private static final Trace LOGGER = TraceManager.getTrace(UserProfileServiceImpl.class);
 
@@ -260,4 +263,14 @@ public <F extends FocusType> PrismObject<F> resolveOwner(PrismObject<ShadowType>
 		}
 		return owner;
 	}
+
+	@Override
+	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+//		 TODO Auto-generated method stub
+		try {
+			return getPrincipal(username);
+		} catch (ObjectNotFoundException e) {
+			throw new UsernameNotFoundException(e.getMessage(), e);
+		}
+	}
 }