Permalink
Browse files

GRAILSPLUGINS-2362

  • Loading branch information...
1 parent e64de08 commit df6ab0098aae5eb1e926ab69b836ef228cd87152 @burtbeckwith burtbeckwith committed Feb 14, 2011
@@ -13,6 +13,7 @@
* limitations under the License.
*/
import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
+import org.codehaus.groovy.grails.plugins.springsecurity.ldap.DatabaseOnlyLdapAuthoritiesPopulator
import org.codehaus.groovy.grails.plugins.springsecurity.ldap.GrailsLdapAuthoritiesPopulator
import org.codehaus.groovy.grails.plugins.springsecurity.ldap.SimpleAuthenticationSource
@@ -29,9 +30,9 @@ import org.springframework.security.ldap.userdetails.PersonContextMapper
class SpringSecurityLdapGrailsPlugin {
- String version = '1.0.1'
+ String version = '1.0.2'
String grailsVersion = '1.2.3 > *'
- Map dependsOn = ['springSecurityCore': '1.0 > *']
+ Map dependsOn = [springSecurityCore: '1.0 > *']
List pluginExcludes = [
'docs/**',
@@ -148,6 +149,14 @@ class SpringSecurityLdapGrailsPlugin {
retrieveDatabaseRoles = conf.ldap.authorities.retrieveDatabaseRoles // false
}
}
+ else if (conf.ldap.authorities.retrieveDatabaseRoles) {
+ ldapAuthoritiesPopulator(DatabaseOnlyLdapAuthoritiesPopulator) {
+ if (conf.ldap.authorities.defaultRole) {
+ defaultRole = conf.ldap.authorities.defaultRole
+ }
+ userDetailsService = ref('userDetailsService')
+ }
+ }
else {
ldapAuthoritiesPopulator(NullLdapAuthoritiesPopulator)
}
@@ -0,0 +1,92 @@
+/* Copyright 2011 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.codehaus.groovy.grails.plugins.springsecurity.ldap;
+
+import java.util.Collection;
+import java.util.HashSet;
+
+import org.codehaus.groovy.grails.plugins.springsecurity.GrailsUserDetailsService;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
+import org.springframework.util.Assert;
+
+/**
+ * @author <a href='mailto:burt@burtbeckwith.com'>Burt Beckwith</a>
+ */
+public class DatabaseOnlyLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator, InitializingBean {
+
+ private GrantedAuthority defaultRole;
+ private GrailsUserDetailsService _userDetailsService;
+
+ /**
+ * {@inheritDoc}
+ * @see org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator#getGrantedAuthorities(
+ * org.springframework.ldap.core.DirContextOperations, java.lang.String)
+ */
+ public Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
+
+ UserDetails dbDetails = null;
+ try {
+ dbDetails = _userDetailsService.loadUserByUsername(username, true);
+ }
+ catch (UsernameNotFoundException ignored) {
+ // just looking for roles, so ignore the UsernameNotFoundException
+ return AuthorityUtils.NO_AUTHORITIES;
+ }
+
+ if (dbDetails.getAuthorities() == null) {
+ return AuthorityUtils.NO_AUTHORITIES;
+ }
+
+ Collection<GrantedAuthority> roles = new HashSet<GrantedAuthority>(dbDetails.getAuthorities());
+ if (defaultRole != null) {
+ roles.add(defaultRole);
+ }
+
+ return roles;
+ }
+
+ /**
+ * Dependency injection for the user details service.
+ * @param service the service
+ */
+ public void setUserDetailsService(final GrailsUserDetailsService service) {
+ _userDetailsService = service;
+ }
+
+ /**
+ * The default role which will be assigned to all users.
+ *
+ * @param defaultRoleName the role name, including any desired prefix.
+ */
+ public void setDefaultRole(String defaultRoleName) {
+ Assert.notNull(defaultRole, "The defaultRole property cannot be set to null");
+ defaultRole = new GrantedAuthorityImpl(defaultRoleName);
+ }
+
+ /**
+ * {@inheritDoc}
+ * @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
+ */
+ public void afterPropertiesSet() {
+ Assert.notNull(_userDetailsService, "userDetailsService must be specified");
+ }
+}

0 comments on commit df6ab00

Please sign in to comment.