Java Code Examples for org.springframework.security.ldap.search.FilterBasedLdapUserSearch

The following examples show how to use org.springframework.security.ldap.search.FilterBasedLdapUserSearch. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: apollo   Source File: AuthConfiguration.java    License: Apache License 2.0 7 votes vote down vote up
@Bean
public FilterBasedLdapUserSearch userSearch() {
  if (ldapExtendProperties.getGroup() == null || StringUtils
      .isBlank(ldapExtendProperties.getGroup().getGroupSearch())) {
    FilterBasedLdapUserSearch filterBasedLdapUserSearch = new FilterBasedLdapUserSearch("",
        ldapProperties.getSearchFilter(), ldapContextSource);
    filterBasedLdapUserSearch.setSearchSubtree(true);
    return filterBasedLdapUserSearch;
  }

  FilterLdapByGroupUserSearch filterLdapByGroupUserSearch = new FilterLdapByGroupUserSearch(
      ldapProperties.getBase(), ldapProperties.getSearchFilter(), ldapExtendProperties.getGroup().getGroupBase(),
      ldapContextSource, ldapExtendProperties.getGroup().getGroupSearch(),
      ldapExtendProperties.getMapping().getRdnKey(),
      ldapExtendProperties.getGroup().getGroupMembership(),ldapExtendProperties.getMapping().getLoginId());
  filterLdapByGroupUserSearch.setSearchSubtree(true);
  return filterLdapByGroupUserSearch;
}
 
Example 2
Source Project: data-highway   Source File: LdapSecurityConfiguration.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
public LdapUserSearch userSearch(
    @Value("${ldap.searchBase}") String searchBase,
    @Value("${ldap.searchFilter}") String searchFilter,
    BaseLdapPathContextSource contextSource) {
  return new FilterBasedLdapUserSearch(searchBase, searchFilter, contextSource);
}
 
Example 3
Source Project: heimdall   Source File: TokenAuthenticationService.java    License: Apache License 2.0 5 votes vote down vote up
private LdapAuthenticationProvider ldapProvider(Ldap ldap) {

        LdapContextSource contextSource = new LdapContextSource();
        contextSource.setUrl(ldap.getUrl());
        contextSource.setUserDn(ldap.getUserDn());
        contextSource.setPassword(ldap.getPassword());
        contextSource.setReferral("follow");
        contextSource.afterPropertiesSet();

        LdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch(ldap.getSearchBase(), ldap.getUserSearchFilter(), contextSource);

        BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource);
        bindAuthenticator.setUserSearch(ldapUserSearch);
        return new LdapAuthenticationProvider(bindAuthenticator, populator);
    }
 
Example 4
Source Project: atlas   Source File: AtlasLdapAuthenticationProvider.java    License: Apache License 2.0 5 votes vote down vote up
private BindAuthenticator getBindAuthenticator(
        FilterBasedLdapUserSearch userSearch,
        LdapContextSource ldapContextSource) throws Exception {
    BindAuthenticator bindAuthenticator = new BindAuthenticator(
            ldapContextSource);
    bindAuthenticator.setUserSearch(userSearch);
    String[] userDnPatterns = new String[] { ldapUserDNPattern };
    bindAuthenticator.setUserDnPatterns(userDnPatterns);
    bindAuthenticator.afterPropertiesSet();
    return bindAuthenticator;
}
 
Example 5
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public BindAuthenticator bindAuthenticator(FilterBasedLdapUserSearch userSearch){
    return new BindAuthenticator(contextSource()){{
        setUserSearch(userSearch);

    }};
}
 
Example 6
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public BindAuthenticator bindAuthenticator(FilterBasedLdapUserSearch userSearch){
    return new BindAuthenticator(contextSource()){{
        setUserSearch(userSearch);

    }};
}
 
Example 7
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public BindAuthenticator bindAuthenticator(FilterBasedLdapUserSearch userSearch){
    return new BindAuthenticator(contextSource()){{
        setUserSearch(userSearch);

    }};
}
 
Example 8
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public BindAuthenticator bindAuthenticator(FilterBasedLdapUserSearch userSearch){
    return new BindAuthenticator(contextSource()){{
        setUserSearch(userSearch);

    }};
}
 
Example 9
@Bean
public FilterBasedLdapUserSearch filterBasedLdapUserSearch()
{
    return new FilterBasedLdapUserSearch( configurationProvider.getProperty( ConfigurationKey.LDAP_SEARCH_BASE ),
        configurationProvider.getProperty( ConfigurationKey.LDAP_SEARCH_FILTER ),
        defaultSpringSecurityContextSource() );
}
 
Example 10
private LdapUserSearch createUserSearch() {
    if (userSearchFilter == null) {
        return null;
    }
    return new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter,
            contextSource);
}
 
Example 11
private BindAuthenticator getBindAuthenticator(
        FilterBasedLdapUserSearch userSearch,
        LdapContextSource ldapContextSource) throws Exception {
    BindAuthenticator bindAuthenticator = new BindAuthenticator(
            ldapContextSource);
    bindAuthenticator.setUserSearch(userSearch);
    String[] userDnPatterns = new String[] { ldapUserDNPattern };
    bindAuthenticator.setUserDnPatterns(userDnPatterns);
    bindAuthenticator.afterPropertiesSet();
    return bindAuthenticator;
}
 
Example 12
Source Project: ranger   Source File: AuthenticationCheck.java    License: Apache License 2.0 5 votes vote down vote up
private Authentication getADBindAuthentication(String ldapUrl, String bindDn, String bindPassword,
                                               String userName, String userPassword) {
    Authentication result = null;
    try {
        LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(ldapUrl);
        ldapContextSource.setUserDn(bindDn);
        ldapContextSource.setPassword(bindPassword);
        ldapContextSource.setReferral("follow");
        ldapContextSource.setCacheEnvironmentProperties(true);
        ldapContextSource.setAnonymousReadOnly(false);
        ldapContextSource.setPooled(true);
        ldapContextSource.afterPropertiesSet();

        String searchFilter="(sAMAccountName={0})";
        FilterBasedLdapUserSearch userSearch=new FilterBasedLdapUserSearch(adDomain, searchFilter,ldapContextSource);
        userSearch.setSearchSubtree(true);

        BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
        bindAuthenticator.setUserSearch(userSearch);
        bindAuthenticator.afterPropertiesSet();

        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);

        if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = new ArrayList<>();
            grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
            final UserDetails principal = new User(userName, userPassword, grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);

            result = ldapAuthenticationProvider.authenticate(finalAuthentication);
        }

    } catch (BadCredentialsException bce) {
        logFile.println("ERROR: LDAP Authentication Failed. Please verify values for ranger.admin.auth.sampleuser and " +
                "ranger.admin.auth.samplepassword\n");
    } catch (Exception e) {
        logFile.println("ERROR: LDAP Authentication Failed: " + e);
    }
    return result;
}
 
Example 13
Source Project: atlas   Source File: AtlasADAuthenticationProvider.java    License: Apache License 2.0 4 votes vote down vote up
private Authentication getADBindAuthentication (Authentication authentication) {
     try {
         String userName = authentication.getName();
         String userPassword = "";
         if (authentication.getCredentials() != null) {
             userPassword = authentication.getCredentials().toString();
         }

         LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(adURL);
         ldapContextSource.setUserDn(adBindDN);
         ldapContextSource.setPassword(adBindPassword);
         ldapContextSource.setReferral(adReferral);
         ldapContextSource.setCacheEnvironmentProperties(true);
         ldapContextSource.setAnonymousReadOnly(false);
         ldapContextSource.setPooled(true);
         ldapContextSource.afterPropertiesSet();

         FilterBasedLdapUserSearch userSearch=new FilterBasedLdapUserSearch(adBase, adUserSearchFilter,ldapContextSource);
         userSearch.setSearchSubtree(true);

         BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
         bindAuthenticator.setUserSearch(userSearch);
         bindAuthenticator.afterPropertiesSet();

LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);

         if (userName != null && userPassword != null
                 && !userName.trim().isEmpty()
                 && !userPassword.trim().isEmpty()) {
             final List<GrantedAuthority> grantedAuths = getAuthorities(userName);
             final UserDetails principal = new User(userName, userPassword,
                     grantedAuths);
             final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
                     principal, userPassword, grantedAuths);
             authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
             if (groupsFromUGI) {
                 authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
             }
             return authentication;
         } else {
             LOG.error("AD Authentication Failed userName or userPassword is null or empty");
             return null;
         }
     } catch (Exception e) {
         LOG.error("AD Authentication Failed:", e);
         return null;
     }
 }
 
Example 14
Source Project: atlas   Source File: AtlasLdapAuthenticationProvider.java    License: Apache License 2.0 4 votes vote down vote up
private Authentication getLdapBindAuthentication(
        Authentication authentication) {
    try {
        if (isDebugEnabled) {
            LOG.debug("==> AtlasLdapAuthenticationProvider getLdapBindAuthentication");
        }
        String userName = authentication.getName();
        String userPassword = "";
        if (authentication.getCredentials() != null) {
            userPassword = authentication.getCredentials().toString();
        }

        LdapContextSource ldapContextSource = getLdapContextSource();

        DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = getDefaultLdapAuthoritiesPopulator(ldapContextSource);

        if (ldapUserSearchFilter == null
                || ldapUserSearchFilter.trim().isEmpty()) {
            ldapUserSearchFilter = "(uid={0})";
        }

        FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(
                ldapBase, ldapUserSearchFilter, ldapContextSource);
        userSearch.setSearchSubtree(true);

        BindAuthenticator bindAuthenticator = getBindAuthenticator(
                userSearch, ldapContextSource);

        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(
                bindAuthenticator, defaultLdapAuthoritiesPopulator);

        if (userName != null && userPassword != null
                && !userName.trim().isEmpty()
                && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = getAuthorities(userName);
            final UserDetails principal = new User(userName, userPassword,
                    grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
                    principal, userPassword, grantedAuths);
            authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
            if(groupsFromUGI) {
                authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
            }
            return authentication;
        } else {
            LOG.error("LDAP Authentication::userName or userPassword is null or empty for userName "
                    + userName);
        }
    } catch (Exception e) {
        LOG.error(" getLdapBindAuthentication LDAP Authentication Failed:", e);
    }
    if (isDebugEnabled) {
        LOG.debug("<== AtlasLdapAuthenticationProvider getLdapBindAuthentication");
    }
    return authentication;
}
 
Example 15
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 4 votes vote down vote up
@Bean
public FilterBasedLdapUserSearch filterBasedLdapUserSearch(){
    return new FilterBasedLdapUserSearch("CN=Users", //user-search-base
            "(sAMAccountName={0})", //user-search-filter
            contextSource()); //ldapServer
}
 
Example 16
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 4 votes vote down vote up
@Bean
public FilterBasedLdapUserSearch filterBasedLdapUserSearch(){
    return new FilterBasedLdapUserSearch("", //user-search-base
            "(uid={0})", //user-search-filter
            contextSource()); //ldapServer
}
 
Example 17
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 4 votes vote down vote up
@Bean
public FilterBasedLdapUserSearch filterBasedLdapUserSearch(){
    return new FilterBasedLdapUserSearch("", //user-search-base
            "(uid={0})", //user-search-filter
            contextSource()); //ldapServer
}
 
Example 18
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 4 votes vote down vote up
@Bean
public FilterBasedLdapUserSearch filterBasedLdapUserSearch(){
    return new FilterBasedLdapUserSearch("CN=Users", //user-search-base
            "(sAMAccountName={0})", //user-search-filter
            contextSource()); //ldapServer
}
 
Example 19
private Authentication getADBindAuthentication (Authentication authentication) {
     try {
         String userName = authentication.getName();
         String userPassword = "";
         if (authentication.getCredentials() != null) {
             userPassword = authentication.getCredentials().toString();
         }

         LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(adURL);
         ldapContextSource.setUserDn(adBindDN);
         ldapContextSource.setPassword(adBindPassword);
         ldapContextSource.setReferral(adReferral);
         ldapContextSource.setCacheEnvironmentProperties(true);
         ldapContextSource.setAnonymousReadOnly(false);
         ldapContextSource.setPooled(true);
         ldapContextSource.afterPropertiesSet();

         if (adUserSearchFilter==null || adUserSearchFilter.trim().isEmpty()) {
             adUserSearchFilter="(sAMAccountName={0})";
         }
         FilterBasedLdapUserSearch userSearch=new FilterBasedLdapUserSearch(adBase, adUserSearchFilter,ldapContextSource);
         userSearch.setSearchSubtree(true);

         BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
         bindAuthenticator.setUserSearch(userSearch);
         bindAuthenticator.afterPropertiesSet();

LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);

         if (userName != null && userPassword != null
                 && !userName.trim().isEmpty()
                 && !userPassword.trim().isEmpty()) {
             final List<GrantedAuthority> grantedAuths = getAuthorities(userName);
             final UserDetails principal = new User(userName, userPassword,
                     grantedAuths);
             final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
                     principal, userPassword, grantedAuths);
             authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
             if (groupsFromUGI) {
                 authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
             }
             return authentication;
         } else {
             LOG.error("AD Authentication Failed userName or userPassword is null or empty");
             return null;
         }
     } catch (Exception e) {
         LOG.error("AD Authentication Failed:", e);
         return null;
     }
 }
 
Example 20
private Authentication getLdapBindAuthentication(
        Authentication authentication) {
    try {
        if (isDebugEnabled) {
            LOG.debug("==> AtlasLdapAuthenticationProvider getLdapBindAuthentication");
        }
        String userName = authentication.getName();
        String userPassword = "";
        if (authentication.getCredentials() != null) {
            userPassword = authentication.getCredentials().toString();
        }

        LdapContextSource ldapContextSource = getLdapContextSource();

        DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = getDefaultLdapAuthoritiesPopulator(ldapContextSource);

        if (ldapUserSearchFilter == null
                || ldapUserSearchFilter.trim().isEmpty()) {
            ldapUserSearchFilter = "(uid={0})";
        }

        FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(
                ldapBase, ldapUserSearchFilter, ldapContextSource);
        userSearch.setSearchSubtree(true);

        BindAuthenticator bindAuthenticator = getBindAuthenticator(
                userSearch, ldapContextSource);

        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(
                bindAuthenticator, defaultLdapAuthoritiesPopulator);

        if (userName != null && userPassword != null
                && !userName.trim().isEmpty()
                && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = getAuthorities(userName);
            final UserDetails principal = new User(userName, userPassword,
                    grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
                    principal, userPassword, grantedAuths);
            authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
            if(groupsFromUGI) {
                authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
            }
            return authentication;
        } else {
            LOG.error("LDAP Authentication::userName or userPassword is null or empty for userName "
                    + userName);
        }
    } catch (Exception e) {
        LOG.error(" getLdapBindAuthentication LDAP Authentication Failed:", e);
    }
    if (isDebugEnabled) {
        LOG.debug("<== AtlasLdapAuthenticationProvider getLdapBindAuthentication");
    }
    return authentication;
}
 
Example 21
Source Project: ranger   Source File: RangerAuthenticationProvider.java    License: Apache License 2.0 4 votes vote down vote up
private Authentication getADBindAuthentication(Authentication authentication) {
	try {
		String rangerADURL = PropertiesUtil.getProperty("ranger.ldap.ad.url", "");
		String rangerLdapADBase = PropertiesUtil.getProperty("ranger.ldap.ad.base.dn", "");
		String rangerADBindDN = PropertiesUtil.getProperty("ranger.ldap.ad.bind.dn", "");
		String rangerADBindPassword = PropertiesUtil.getProperty("ranger.ldap.ad.bind.password", "");
		String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
		String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.ad.referral", "follow");
		String rangerLdapUserSearchFilter = PropertiesUtil.getProperty("ranger.ldap.ad.user.searchfilter", "(sAMAccountName={0})");
		boolean rangerIsStartTlsEnabled = Boolean.valueOf(PropertiesUtil.getProperty(
				"ranger.ldap.starttls", "false"));
		String userName = authentication.getName();
		String userPassword = "";
		if (authentication.getCredentials() != null) {
			userPassword = authentication.getCredentials().toString();
		}

		LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(rangerADURL);
		ldapContextSource.setUserDn(rangerADBindDN);
		ldapContextSource.setPassword(rangerADBindPassword);
		ldapContextSource.setReferral(rangerLdapReferral);
		ldapContextSource.setCacheEnvironmentProperties(true);
		ldapContextSource.setAnonymousReadOnly(false);
		ldapContextSource.setPooled(true);
		if (rangerIsStartTlsEnabled) {
			ldapContextSource.setPooled(false);
			ldapContextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
		}
		ldapContextSource.afterPropertiesSet();

		//String searchFilter="(sAMAccountName={0})";
		if (rangerLdapUserSearchFilter==null || rangerLdapUserSearchFilter.trim().isEmpty()) {
			rangerLdapUserSearchFilter="(sAMAccountName={0})";
		}
		FilterBasedLdapUserSearch userSearch=new FilterBasedLdapUserSearch(rangerLdapADBase, rangerLdapUserSearchFilter,ldapContextSource);
		userSearch.setSearchSubtree(true);

		BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
		bindAuthenticator.setUserSearch(userSearch);
		bindAuthenticator.afterPropertiesSet();

		LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);

		if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
			final List<GrantedAuthority> grantedAuths = new ArrayList<>();
			grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
			final UserDetails principal = new User(userName, userPassword,grantedAuths);
			final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);

			authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
			authentication=getAuthenticationWithGrantedAuthority(authentication);
			return authentication;
		} else {
			return authentication;
		}
	} catch (Exception e) {
		logger.debug("AD Authentication Failed:", e);
	}
	return authentication;
}
 
Example 22
Source Project: ranger   Source File: RangerAuthenticationProvider.java    License: Apache License 2.0 4 votes vote down vote up
private Authentication getLdapBindAuthentication(Authentication authentication) {
	try {
		String rangerLdapURL = PropertiesUtil.getProperty("ranger.ldap.url", "");
		String rangerLdapUserDNPattern = PropertiesUtil.getProperty("ranger.ldap.user.dnpattern", "");
		String rangerLdapGroupSearchBase = PropertiesUtil.getProperty("ranger.ldap.group.searchbase", "");
		String rangerLdapGroupSearchFilter = PropertiesUtil.getProperty("ranger.ldap.group.searchfilter", "");
		String rangerLdapGroupRoleAttribute = PropertiesUtil.getProperty("ranger.ldap.group.roleattribute", "");
		String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
		String rangerLdapBase = PropertiesUtil.getProperty("ranger.ldap.base.dn", "");
		String rangerLdapBindDN = PropertiesUtil.getProperty("ranger.ldap.bind.dn", "");
		String rangerLdapBindPassword = PropertiesUtil.getProperty("ranger.ldap.bind.password", "");
		String rangerLdapReferral = PropertiesUtil.getProperty("ranger.ldap.referral", "follow");
		String rangerLdapUserSearchFilter = PropertiesUtil.getProperty("ranger.ldap.user.searchfilter", "(uid={0})");
		boolean rangerIsStartTlsEnabled = Boolean.valueOf(PropertiesUtil.getProperty(
				"ranger.ldap.starttls", "false"));
		String userName = authentication.getName();
		String userPassword = "";
		if (authentication.getCredentials() != null) {
			userPassword = authentication.getCredentials().toString();
		}

		LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(rangerLdapURL);
		ldapContextSource.setUserDn(rangerLdapBindDN);
		ldapContextSource.setPassword(rangerLdapBindPassword);
		ldapContextSource.setReferral(rangerLdapReferral);
		ldapContextSource.setCacheEnvironmentProperties(false);
		ldapContextSource.setAnonymousReadOnly(false);
		ldapContextSource.setPooled(true);
		if (rangerIsStartTlsEnabled) {
			ldapContextSource.setPooled(false);
			ldapContextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
		}
		ldapContextSource.afterPropertiesSet();

		DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContextSource, rangerLdapGroupSearchBase);
		defaultLdapAuthoritiesPopulator.setGroupRoleAttribute(rangerLdapGroupRoleAttribute);
		defaultLdapAuthoritiesPopulator.setGroupSearchFilter(rangerLdapGroupSearchFilter);
		defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);

		//String searchFilter="(uid={0})";
		if (rangerLdapUserSearchFilter==null||rangerLdapUserSearchFilter.trim().isEmpty()) {
			rangerLdapUserSearchFilter="(uid={0})";
		}
		FilterBasedLdapUserSearch userSearch=new FilterBasedLdapUserSearch(rangerLdapBase, rangerLdapUserSearchFilter,ldapContextSource);
		userSearch.setSearchSubtree(true);

		BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
		bindAuthenticator.setUserSearch(userSearch);
		String[] userDnPatterns = new String[] { rangerLdapUserDNPattern };
		bindAuthenticator.setUserDnPatterns(userDnPatterns);
		bindAuthenticator.afterPropertiesSet();

		LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator,defaultLdapAuthoritiesPopulator);

		if (userName != null && userPassword != null && !userName.trim().isEmpty()&& !userPassword.trim().isEmpty()) {
			final List<GrantedAuthority> grantedAuths = new ArrayList<>();
			grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
			final UserDetails principal = new User(userName, userPassword,grantedAuths);
			final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);

			authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
			authentication=getAuthenticationWithGrantedAuthority(authentication);
			return authentication;
		} else {
			return authentication;
		}
	} catch (Exception e) {
		logger.debug("LDAP Authentication Failed:", e);
	}
	return authentication;
}
 
Example 23
Source Project: ranger   Source File: AuthenticationCheck.java    License: Apache License 2.0 4 votes vote down vote up
private Authentication getLdapBindAuthentication(String ldapUrl, String bindDn, String bindPassword,
                                                 String userName, String userPassword) {
    Authentication result = null;
    try {
        LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(ldapUrl);
        ldapContextSource.setUserDn(bindDn);
        ldapContextSource.setPassword(bindPassword);
        ldapContextSource.setReferral("follow");
        ldapContextSource.setCacheEnvironmentProperties(false);
        ldapContextSource.setAnonymousReadOnly(true);
        ldapContextSource.setPooled(true);
        ldapContextSource.afterPropertiesSet();

        DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContextSource, groupSearchBase);
        defaultLdapAuthoritiesPopulator.setGroupRoleAttribute(roleAttribute);
        defaultLdapAuthoritiesPopulator.setGroupSearchFilter(groupSearchFilter);
        defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);

        String searchFilter="(uid={0})";
        FilterBasedLdapUserSearch userSearch=new FilterBasedLdapUserSearch(adDomain, searchFilter,ldapContextSource);
        userSearch.setSearchSubtree(true);

        BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
        bindAuthenticator.setUserSearch(userSearch);
        String[] userDnPatterns = new String[] { userDnPattern };
        bindAuthenticator.setUserDnPatterns(userDnPatterns);
        bindAuthenticator.afterPropertiesSet();

        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator,defaultLdapAuthoritiesPopulator);

        if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = new ArrayList<>();
            grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
            final UserDetails principal = new User(userName, userPassword, grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);

            result = ldapAuthenticationProvider.authenticate(finalAuthentication);
        }
    } catch (BadCredentialsException bce) {
        logFile.println("ERROR: LDAP Authentication Failed. Please verify values for ranger.admin.auth.sampleuser and " +
                "ranger.admin.auth.samplepassword\n");
    } catch (Exception e) {
        logFile.println("ERROR: LDAP Authentication Failed: " + e);
    }
    return result;
}
 
Example 24
Source Project: para   Source File: LDAPAuthenticator.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * Default constructor.
 * @param ldapSettings LDAP config map for an app
 */
public LDAPAuthenticator(Map<String, String> ldapSettings) {
	if (ldapSettings != null && ldapSettings.containsKey("security.ldap.server_url")) {
		String serverUrl = ldapSettings.get("security.ldap.server_url");
		String baseDN = ldapSettings.get("security.ldap.base_dn");
		String bindDN = Utils.noSpaces(ldapSettings.get("security.ldap.bind_dn"), "%20");
		String bindPass = ldapSettings.get("security.ldap.bind_pass");
		String userSearchBase = ldapSettings.get("security.ldap.user_search_base");
		String userSearchFilter = ldapSettings.get("security.ldap.user_search_filter");
		String userDnPattern = ldapSettings.get("security.ldap.user_dn_pattern");
		String passAttribute = ldapSettings.get("security.ldap.password_attribute");
		boolean usePasswordComparison = ldapSettings.containsKey("security.ldap.compare_passwords");

		DefaultSpringSecurityContextSource contextSource =
				new DefaultSpringSecurityContextSource(Arrays.asList(serverUrl), baseDN);
		contextSource.setAuthenticationSource(new SpringSecurityAuthenticationSource());
		contextSource.setCacheEnvironmentProperties(false);
		if (!bindDN.isEmpty()) {
			// this is usually not required for authentication - leave blank
			contextSource.setUserDn(bindDN);
		}
		if (!bindPass.isEmpty()) {
			// this is usually not required for authentication - leave blank
			contextSource.setPassword(bindPass);
		}
		LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, contextSource);

		if (usePasswordComparison) {
			PasswordComparisonAuthenticator p = new PasswordComparisonAuthenticator(contextSource);
			p.setPasswordAttributeName(passAttribute);
			p.setUserDnPatterns(getUserDnPatterns(userDnPattern));
			p.setUserSearch(userSearch);
			authenticator = p;
		} else {
			BindAuthenticator b = new BindAuthenticator(contextSource);
			b.setUserDnPatterns(getUserDnPatterns(userDnPattern));
			b.setUserSearch(userSearch);
			authenticator = b;
		}
	}
}
 
Example 25
private UsernamePasswordAuthenticationToken authentication(ServletContext servletContext) {
	ApplicationContext context = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);

	FilterBasedLdapUserSearch filterBasedLdapUserSearch = context.getBean(FilterBasedLdapUserSearch.class);

	DirContextOperations ldapUserDetails = filterBasedLdapUserSearch.searchForUser(username);
	
	List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(1);
	authorities.add(new SimpleGrantedAuthority(ldapUserDetails.getStringAttribute("sn")));

	return new UsernamePasswordAuthenticationToken(username, ldapUserDetails.getObjectAttribute("userpassword").toString(),
			authorities);
}