From: Sasha Sherstnev Date: Tue, 10 Dec 2013 17:07:17 +0000 (+0000) Subject: Add LDAP authentication and enabling Spring logging X-Git-Url: http://source.jalview.org/gitweb/?a=commitdiff_plain;h=c1ae48e93c766434005e5d5201af8ad23bc0a59b;p=proteocache.git Add LDAP authentication and enabling Spring logging --- diff --git a/WEB-INF/lib/spring-ldap-core-1.3.1.RELEASE.jar b/WEB-INF/lib/spring-ldap-core-1.3.1.RELEASE.jar new file mode 100644 index 0000000..79058ad Binary files /dev/null and b/WEB-INF/lib/spring-ldap-core-1.3.1.RELEASE.jar differ diff --git a/WEB-INF/lib/spring-security-ldap-3.1.4.RELEASE.jar b/WEB-INF/lib/spring-security-ldap-3.1.4.RELEASE.jar new file mode 100644 index 0000000..a8df167 Binary files /dev/null and b/WEB-INF/lib/spring-security-ldap-3.1.4.RELEASE.jar differ diff --git a/WEB-INF/spring-security.xml b/WEB-INF/spring-security.xml index 4e8b52c..c0281f6 100644 --- a/WEB-INF/spring-security.xml +++ b/WEB-INF/spring-security.xml @@ -1,54 +1,87 @@ - + http://www.springframework.org/schema/security/spring-security-3.1.xsd + http://www.springframework.org/schema/mvc + http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd"> - - - + + + + - - - - - - + + + + + + + - - + + + + + + + + + - + + - + + + + + + + + + + + + + + + + + + + + cn={0},ou=edir,ou=people,ou=lifesci,o=dundee + + + + + + + + + + + + + + diff --git a/WEB-INF/web.xml b/WEB-INF/web.xml index 2032623..9f2caa5 100644 --- a/WEB-INF/web.xml +++ b/WEB-INF/web.xml @@ -14,6 +14,10 @@ + org.springframework.web.util.Log4jConfigListener + + + org.springframework.web.context.ContextLoaderListener @@ -23,6 +27,11 @@ /WEB-INF/spring-security.xml + + + log4jConfigLocation + /WEB-INF/classes/log4j.properties + springSecurityFilterChain diff --git a/log/log4j.properties b/log/log4j.properties index d186883..45cdbf0 100644 --- a/log/log4j.properties +++ b/log/log4j.properties @@ -57,6 +57,8 @@ log4j.appender.B.File=${catalina.base}/logs/debugging.log log4j.appender.B.layout=org.apache.log4j.PatternLayout log4j.appender.B.layout.ConversionPattern=%m%n %d{MM-dd@HH:mm:ss} %-5p (%13F:%L) %3x - +log4j.category.org.springframework=ALL + # %d{ABSOLUTE} %5p %c{1}:%L - #log4j.logger.compbio.engine.local.LocalExecutorService=INFO, C #log4j.appender.C=org.apache.log4j.FileAppender diff --git a/server/compbio/controllers/BasicController.java b/server/compbio/controllers/BasicController.java index d4be834..389a0f7 100644 --- a/server/compbio/controllers/BasicController.java +++ b/server/compbio/controllers/BasicController.java @@ -1,21 +1,44 @@ package compbio.controllers; +import java.util.Collection; + +import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; -/* -import org.springframework.stereotype.Controller; -import org.springframework.ui.ModelMap; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -*/ public class BasicController { protected String getPrincipalName() { Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); if (principal instanceof UserDetails) { - return ((UserDetails) principal).getUsername(); - } + UserDetails details = (UserDetails) principal; + String ldapprefix = ""; + String role = details.getUsername(); + Collection au = details.getAuthorities(); + for (GrantedAuthority ga : au) { + System.out.println("role -> " + ga.getAuthority()); + if (ga.getAuthority().equals("ROLE_LDAP_USER")) { + ldapprefix = "LDAP:"; + } + } + return ldapprefix + role; + } return principal.toString(); } + + protected boolean isUserRole() { + Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); + if (principal instanceof UserDetails) { + UserDetails details = (UserDetails) principal; + Collection au = details.getAuthorities(); + for (GrantedAuthority ga : au) { + if (ga.getAuthority().equals("ROLE_USER") || ga.getAuthority().equals("ROLE_LDAP_USER")) { + return true; + } + } + return false; + } + return false; + } + } diff --git a/server/compbio/controllers/DocumentationController.java b/server/compbio/controllers/DocumentationController.java index 07c72b9..ed95d23 100644 --- a/server/compbio/controllers/DocumentationController.java +++ b/server/compbio/controllers/DocumentationController.java @@ -18,24 +18,32 @@ public class DocumentationController extends BasicController { @RequestMapping(value = "/help/overview", method = RequestMethod.GET) public String formOverviewPage(Map model) { model.put("username", getPrincipalName()); + if (isUserRole()) + model.put("permissions", "user_role"); return "help/Overview"; } @RequestMapping(value = "/help/howto", method = RequestMethod.GET) public String formHowtoPage(Map model) { model.put("username", getPrincipalName()); + if (isUserRole()) + model.put("permissions", "user_role"); return "support/Notimplemented"; } @RequestMapping(value = "/help/doc", method = RequestMethod.GET) public String formDocPage(Map model) { model.put("username", getPrincipalName()); + if (isUserRole()) + model.put("permissions", "user_role"); return "support/Notimplemented"; } @RequestMapping(value = "/help/javadoc", method = RequestMethod.GET) public String formJavadoc(Map model) { model.put("username", getPrincipalName()); + if (isUserRole()) + model.put("permissions", "user_role"); return "support/Notimplemented"; } diff --git a/server/compbio/controllers/MainController.java b/server/compbio/controllers/MainController.java index 4aeb1cd..a945e25 100644 --- a/server/compbio/controllers/MainController.java +++ b/server/compbio/controllers/MainController.java @@ -39,7 +39,6 @@ public class MainController extends BasicController { @RequestMapping(value = "/home", method = RequestMethod.GET) public String printHome(ModelMap model ) { model.addAttribute("username", getPrincipalName()); - model.addAttribute("message", "Spring Security Custom Form example"); return "home"; } diff --git a/server/compbio/controllers/UserController.java b/server/compbio/controllers/UserController.java index 7dbfdf4..a00bd15 100644 --- a/server/compbio/controllers/UserController.java +++ b/server/compbio/controllers/UserController.java @@ -3,9 +3,15 @@ package compbio.controllers; import java.util.Date; import java.util.regex.Pattern; +import javax.naming.directory.DirContext; + +import org.springframework.ldap.core.LdapTemplate; +import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.dao.DataIntegrityViolationException; import org.springframework.mail.SimpleMailMessage; -import org.springframework.mail.javamail.JavaMailSender; +import org.springframework.security.ldap.LdapUtils; +import org.springframework.ldap.core.ContextSource; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.ui.ModelMap; @@ -23,7 +29,9 @@ import compbio.cassandra.CassandraUserManager; @Controller public class UserController { - // @Inject + @Autowired + ContextSource contextSource; + // JavaMailSender mailSender; private final Pattern EMAIL = Pattern.compile("[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}"); @@ -131,4 +139,29 @@ public class UserController { // mailSender.send(message); } + private boolean authenticate(String userDn, String credentials) { + DirContext ctx = null; + try { + ctx = contextSource.getContext(userDn, credentials); + return true; + } catch (Exception e) { + // Context creation failed - authentication did not succeed + System.out.println("LDAP Login failed"); + return false; + } finally { + // It is imperative that the created DirContext instance is always + // closed + LdapUtils.closeContext(ctx); + } + } + + @RequestMapping(value = "/ldaplogindo", method = RequestMethod.POST) + public String LDAPlogin(Model model, @RequestParam("j_username") String username, @RequestParam("j_password") String credentials) { + System.out.println("Try to authenticate with LDAP: username: " + username + ", credentials: " + credentials); + if (authenticate(username, credentials)) { + return "/home"; + } + return "/public"; + } + } diff --git a/server/compbio/spring/security/LDAPAuthorityMapper.java b/server/compbio/spring/security/LDAPAuthorityMapper.java new file mode 100644 index 0000000..061a3c6 --- /dev/null +++ b/server/compbio/spring/security/LDAPAuthorityMapper.java @@ -0,0 +1,51 @@ +package compbio.spring.security; + +import java.util.Collection; +import java.util.HashSet; +import java.util.Set; + +import javax.annotation.Resource; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; +import org.springframework.security.ldap.authentication.LdapAuthenticationProvider; + +/** + * Maps groups defined in LDAP to roles for a specific user. + */ +@Resource +public class LDAPAuthorityMapper implements GrantedAuthoritiesMapper { + + private static final Log logger = LogFactory.getLog(LDAPAuthorityMapper.class); + + public LDAPAuthorityMapper() { + } +/* + public Collection mapAuthorities(final Collection authorities) { + + Set roles = EnumSet.noneOf(PCacheLDAPAuthority.class); + roles.add(PCacheLDAPAuthority.ROLE_LDAP_USER); + logger.info("LDAPAuthorityMapper: set new role ROLE_LDAP_USER"); + * + * for (GrantedAuthority authority : authorities) { if + * (ROLE_CUSTOMER_SERVICE_OFFICER.equals(authority.getAuthority())) { + * roles.add(PCacheLDAPAuthority.ROLE_USER); } else if + * (ROLE_ADMIN.equals(authority.getAuthority())) { + * roles.add(PCacheLDAPAuthority.ROLE_ADMIN); } } + * + return roles; + }*/ + + + public Collection mapAuthorities(final Collection authorities) { + SimpleGrantedAuthority sa = new SimpleGrantedAuthority("ROLE_LDAP_USER"); + Set roles = new HashSet(); + roles.add(sa); + logger.info("LDAPAuthorityMapper: set new role ROLE_LDAP_USER"); + + return roles; + } +} diff --git a/server/compbio/spring/security/PCacheLDAPAuthority.java b/server/compbio/spring/security/PCacheLDAPAuthority.java new file mode 100644 index 0000000..dde6d87 --- /dev/null +++ b/server/compbio/spring/security/PCacheLDAPAuthority.java @@ -0,0 +1,45 @@ +package compbio.spring.security; + +import org.springframework.security.core.GrantedAuthority; +import org.springframework.util.Assert; + +/** + * Maps groups defined in LDAP to roles for a specific user. + */ +/* + * public enum PCacheLDAPAuthority implements GrantedAuthority { ROLE_LDAP_USER; + * public String getAuthority() { return name(); } } + */ +public final class PCacheLDAPAuthority implements GrantedAuthority { + + private static final long serialVersionUID = 1; + + private String role = "ROLE_LDAP_USER"; + + public PCacheLDAPAuthority(String role) { + Assert.hasText(role, "A granted authority textual representation is required"); + this.role = role; + } + + public String getAuthority() { + return role; + } + + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj instanceof PCacheLDAPAuthority) { + return role.equals(((PCacheLDAPAuthority) obj).role); + } + return false; + } + + public int hashCode() { + return this.role.hashCode(); + } + + public String toString() { + return this.role; + } +} diff --git a/webapp/view/fragments/mainmenu.jsp b/webapp/view/fragments/mainmenu.jsp index 9b3316c..f310fbf 100644 --- a/webapp/view/fragments/mainmenu.jsp +++ b/webapp/view/fragments/mainmenu.jsp @@ -38,8 +38,10 @@