Luke Taylor
19 years ago
2 changed files with 0 additions and 259 deletions
@ -1,190 +0,0 @@
@@ -1,190 +0,0 @@
|
||||
package org.springframework.security.config; |
||||
|
||||
import org.springframework.security.ldap.DefaultSpringSecurityContextSource; |
||||
import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator; |
||||
import org.springframework.security.providers.ldap.LdapAuthenticationProvider; |
||||
import org.springframework.security.providers.ldap.authenticator.BindAuthenticator; |
||||
import org.springframework.beans.factory.config.BeanDefinition; |
||||
import org.springframework.beans.factory.support.RootBeanDefinition; |
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser; |
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser; |
||||
import org.springframework.beans.factory.xml.ParserContext; |
||||
import org.springframework.ldap.core.DirContextAdapter; |
||||
import org.springframework.util.Assert; |
||||
import org.springframework.util.StringUtils; |
||||
|
||||
import org.apache.commons.logging.Log; |
||||
import org.apache.commons.logging.LogFactory; |
||||
import org.apache.directory.server.configuration.MutableServerStartupConfiguration; |
||||
import org.apache.directory.server.core.partition.impl.btree.MutableBTreePartitionConfiguration; |
||||
import org.w3c.dom.Element; |
||||
|
||||
import javax.naming.NamingException; |
||||
import java.util.HashSet; |
||||
|
||||
/** |
||||
* Experimental "security:ldap" namespace configuration. |
||||
* |
||||
* |
||||
* @author Luke Taylor |
||||
* @version $Id$ |
||||
* @since 2.0 |
||||
*/ |
||||
public class LdapBeanDefinitionParser implements BeanDefinitionParser { |
||||
private Log logger = LogFactory.getLog(getClass()); |
||||
|
||||
/** Defines the Url of the ldap server to use. If not specified, an embedded apache DS instance will be created */ |
||||
private static final String URL_ATTRIBUTE = "url"; |
||||
private static final String AUTH_TYPE_ATTRIBUTE = "auth"; |
||||
private static final String PRINCIPAL_ATTRIBUTE = "manager-dn"; |
||||
private static final String PASSWORD_ATTRIBUTE = "manager-password"; |
||||
|
||||
// Properties which apply to embedded server only - when no Url is set
|
||||
|
||||
/** sets the configuration suffix (default is "dc=springframework,dc=org"). */ |
||||
public static final String ROOT_SUFFIX_ATTRIBUTE = "root"; |
||||
|
||||
/** |
||||
* Optionally defines an ldif resource to be loaded. Otherwise an attempt will be made to load all ldif files |
||||
* found on the classpath. |
||||
*/ |
||||
public static final String LDIF_FILE_ATTRIBUTE = "ldif"; |
||||
|
||||
/** Defines the port the LDAP server should run on */ |
||||
public static final String PORT_ATTRIBUTE = "port"; |
||||
public static final String DEFAULT_LDAP_PORT = "33389"; |
||||
|
||||
// Defaults
|
||||
private static final String DEFAULT_ROOT_SUFFIX = "dc=springframework,dc=org"; |
||||
// private static final String DEFAULT_PROVIDER_BEAN_ID = "_ldapAuthenticationProvider";
|
||||
private static final String DEFAULT_DN_PATTERN = "uid={0},ou=people"; |
||||
private static final String DEFAULT_GROUP_CONTEXT = "ou=groups"; |
||||
|
||||
|
||||
public BeanDefinition parse(Element elt, ParserContext parserContext) { |
||||
String url = elt.getAttribute(URL_ATTRIBUTE); |
||||
|
||||
RootBeanDefinition contextSource; |
||||
|
||||
if (!StringUtils.hasText(url)) { |
||||
contextSource = createEmbeddedServer(elt, parserContext); |
||||
} else { |
||||
contextSource = new RootBeanDefinition(DefaultSpringSecurityContextSource.class); |
||||
contextSource.getConstructorArgumentValues().addIndexedArgumentValue(0, url); |
||||
} |
||||
|
||||
String managerDn = elt.getAttribute(PRINCIPAL_ATTRIBUTE); |
||||
String managerPassword = elt.getAttribute(PASSWORD_ATTRIBUTE); |
||||
|
||||
if (StringUtils.hasText(managerDn)) { |
||||
Assert.hasText(managerPassword, "You must specify the " + PASSWORD_ATTRIBUTE + |
||||
" if you supply a " + managerDn); |
||||
|
||||
contextSource.getPropertyValues().addPropertyValue("userDn", managerDn); |
||||
contextSource.getPropertyValues().addPropertyValue("password", managerPassword); |
||||
} |
||||
|
||||
String id = elt.getAttribute(AbstractBeanDefinitionParser.ID_ATTRIBUTE); |
||||
String contextSourceId = "contextSource"; |
||||
|
||||
if (StringUtils.hasText(id)) { |
||||
contextSourceId = id + "." + contextSourceId; |
||||
} |
||||
|
||||
if (parserContext.getRegistry().containsBeanDefinition(contextSourceId)) { |
||||
logger.warn("Bean already exists with Id '" + contextSourceId + "'"); |
||||
} |
||||
|
||||
parserContext.getRegistry().registerBeanDefinition(contextSourceId, contextSource); |
||||
|
||||
RootBeanDefinition bindAuthenticator = new RootBeanDefinition(BindAuthenticator.class); |
||||
bindAuthenticator.getConstructorArgumentValues().addGenericArgumentValue(contextSource); |
||||
bindAuthenticator.getPropertyValues().addPropertyValue("userDnPatterns", new String[] {DEFAULT_DN_PATTERN}); |
||||
RootBeanDefinition authoritiesPopulator = new RootBeanDefinition(DefaultLdapAuthoritiesPopulator.class); |
||||
authoritiesPopulator.getConstructorArgumentValues().addGenericArgumentValue(contextSource); |
||||
authoritiesPopulator.getConstructorArgumentValues().addGenericArgumentValue(DEFAULT_GROUP_CONTEXT); |
||||
|
||||
RootBeanDefinition ldapProvider = new RootBeanDefinition(LdapAuthenticationProvider.class); |
||||
ldapProvider.getConstructorArgumentValues().addGenericArgumentValue(bindAuthenticator); |
||||
ldapProvider.getConstructorArgumentValues().addGenericArgumentValue(authoritiesPopulator); |
||||
|
||||
ConfigUtils.getRegisteredProviders(parserContext).add(ldapProvider); |
||||
|
||||
return null; |
||||
} |
||||
|
||||
|
||||
/** |
||||
* Will be called if no url attribute is supplied. |
||||
* |
||||
* Registers beans to create an embedded apache directory server. |
||||
* |
||||
* @param element |
||||
* @param parserContext |
||||
* |
||||
* @return the BeanDefinition for the ContextSource for the embedded server. |
||||
* |
||||
* @see ApacheDSContainer |
||||
*/ |
||||
private RootBeanDefinition createEmbeddedServer(Element element, ParserContext parserContext) { |
||||
MutableServerStartupConfiguration configuration = new MutableServerStartupConfiguration(); |
||||
MutableBTreePartitionConfiguration partition = new MutableBTreePartitionConfiguration(); |
||||
|
||||
partition.setName("springsecurity"); |
||||
|
||||
DirContextAdapter rootContext = new DirContextAdapter(); |
||||
rootContext.setAttributeValues("objectClass", new String[] {"top", "domain", "extensibleObject"}); |
||||
rootContext.setAttributeValue("dc", "springsecurity"); |
||||
|
||||
partition.setContextEntry(rootContext.getAttributes()); |
||||
|
||||
String suffix = element.getAttribute(ROOT_SUFFIX_ATTRIBUTE); |
||||
|
||||
if (!StringUtils.hasText(suffix)) { |
||||
suffix = DEFAULT_ROOT_SUFFIX; |
||||
} |
||||
|
||||
try { |
||||
partition.setSuffix(suffix); |
||||
} catch (NamingException e) { |
||||
// TODO: What exception should we be throwing here ?
|
||||
parserContext.getReaderContext().error("Failed to set root name suffix to " + suffix, element, e); |
||||
} |
||||
|
||||
HashSet partitions = new HashSet(1); |
||||
partitions.add(partition); |
||||
|
||||
String port = element.getAttribute(PORT_ATTRIBUTE); |
||||
|
||||
if (!StringUtils.hasText(port)) { |
||||
port = DEFAULT_LDAP_PORT; |
||||
} |
||||
|
||||
configuration.setLdapPort(Integer.parseInt(port)); |
||||
|
||||
// We shut down the server ourself when the app context is closed so we don't need
|
||||
// the extra shutdown hook from apache DS itself.
|
||||
configuration.setShutdownHookEnabled(false); |
||||
configuration.setExitVmOnShutdown(false); |
||||
configuration.setContextPartitionConfigurations(partitions); |
||||
|
||||
RootBeanDefinition contextSource = new RootBeanDefinition(DefaultSpringSecurityContextSource.class); |
||||
contextSource.getConstructorArgumentValues().addIndexedArgumentValue(0, "ldap://127.0.0.1:" + port + "/" + suffix); |
||||
|
||||
contextSource.getPropertyValues().addPropertyValue("userDn", "uid=admin,ou=system"); |
||||
contextSource.getPropertyValues().addPropertyValue("password", "secret"); |
||||
|
||||
RootBeanDefinition apacheDSStartStop = new RootBeanDefinition(ApacheDSContainer.class); |
||||
apacheDSStartStop.getConstructorArgumentValues().addGenericArgumentValue(configuration); |
||||
apacheDSStartStop.getConstructorArgumentValues().addGenericArgumentValue(contextSource); |
||||
|
||||
if (parserContext.getRegistry().containsBeanDefinition("_apacheDSStartStopBean")) { |
||||
parserContext.getReaderContext().error("Only one embedded server bean is allowed per application context", |
||||
element); |
||||
} |
||||
|
||||
parserContext.getRegistry().registerBeanDefinition("_apacheDSStartStopBean", apacheDSStartStop); |
||||
|
||||
return contextSource; |
||||
} |
||||
} |
||||
@ -1,69 +0,0 @@
@@ -1,69 +0,0 @@
|
||||
package org.springframework.security.config; |
||||
|
||||
import org.springframework.security.providers.ProviderManager; |
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken; |
||||
import org.springframework.security.providers.ldap.LdapAuthenticationProvider; |
||||
import org.springframework.security.Authentication; |
||||
import org.springframework.security.userdetails.ldap.LdapUserDetailsImpl; |
||||
import org.springframework.context.support.ClassPathXmlApplicationContext; |
||||
import org.springframework.ldap.core.LdapTemplate; |
||||
import org.springframework.ldap.core.support.BaseLdapPathContextSource; |
||||
import org.springframework.beans.BeansException; |
||||
|
||||
import org.junit.AfterClass; |
||||
import static org.junit.Assert.*; |
||||
import org.junit.BeforeClass; |
||||
import org.junit.Test; |
||||
import org.junit.Assert; |
||||
|
||||
|
||||
/** |
||||
* @author luke |
||||
* @version $Id$ |
||||
*/ |
||||
public class LdapBeanDefinitionParserTests { |
||||
private static ClassPathXmlApplicationContext appContext; |
||||
|
||||
@BeforeClass |
||||
public static void loadContext() { |
||||
|
||||
try { |
||||
appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/ldap-embedded-default.xml"); |
||||
} catch (BeansException e) { |
||||
e.printStackTrace(); |
||||
Assert.fail("Exception loading context " + e); |
||||
} |
||||
} |
||||
|
||||
@AfterClass |
||||
public static void closeContext() { |
||||
// Make sure apache ds shuts down
|
||||
if (appContext != null) { |
||||
appContext.close(); |
||||
} |
||||
} |
||||
|
||||
@Test |
||||
public void testContextContainsExpectedBeansAndData() { |
||||
BaseLdapPathContextSource idcf = (BaseLdapPathContextSource) appContext.getBean("contextSource"); |
||||
|
||||
// assertEquals("dc=springframework, dc=org", idcf.getBaseLdapPathAsString());
|
||||
|
||||
// Check data is loaded
|
||||
LdapTemplate template = new LdapTemplate(idcf); |
||||
|
||||
template.lookup("uid=ben,ou=people"); |
||||
|
||||
ProviderManager authManager = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER); |
||||
|
||||
assertEquals(1, authManager.getProviders().size()); |
||||
|
||||
LdapAuthenticationProvider provider = (LdapAuthenticationProvider) authManager.getProviders().get(0); |
||||
|
||||
Authentication auth = provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword")); |
||||
|
||||
LdapUserDetailsImpl ben = (LdapUserDetailsImpl) auth.getPrincipal(); |
||||
|
||||
assertEquals(2, ben.getAuthorities().length); |
||||
} |
||||
} |
||||
Loading…
Reference in new issue