SEC-271: added ldap authentication parser

sandbox/spring-security-config/.classpath

@@ -7,7 +7,7 @@
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
 	<classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.1/commons-collections-3.1-sources.jar"/>
 	<classpathentry kind="var" path="M2_REPO/cas/casclient/2.0.11/casclient-2.0.11.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/2.0.4/spring-beans-2.0.4.jar"/>
+	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-beans/2.0.4/spring-beans-2.0.4.jar" sourcepath="/spring"/>
 	<classpathentry kind="var" path="M2_REPO/jdbm/jdbm/1.0/jdbm-1.0.jar"/>
 	<classpathentry kind="var" path="M2_REPO/org/apache/directory/shared/shared-asn1/0.9.5.3/shared-asn1-0.9.5.3.jar"/>
 	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-support/2.0.4/spring-support-2.0.4.jar"/>
@@ -39,6 +39,6 @@
 	<classpathentry kind="var" path="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT.jar" sourcepath="M2_REPO/org/acegisecurity/acegi-security/1.0.5-SNAPSHOT/acegi-security-1.0.5-SNAPSHOT-sources.jar"/>
 	<classpathentry kind="var" path="M2_REPO/org/apache/directory/server/apacheds-core-shared/1.0.0/apacheds-core-shared-1.0.0.jar"/>
 	<classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4.jar" sourcepath="M2_REPO/net/sf/ehcache/ehcache/1.2.4/ehcache-1.2.4-sources.jar"/>
-	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/2.0.4/spring-core-2.0.4.jar" sourcepath="/spring"/>
+	<classpathentry kind="var" path="M2_REPO/org/springframework/spring-core/2.0.4/spring-core-2.0.4.jar"/>
 	<classpathentry kind="output" path="target/classes"/>
 </classpath>

sandbox/spring-security-config/.project

@@ -1,20 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
 <projectDescription>
 	<name>spring-security-config</name>
 	<comment>Acegi Security System for Spring</comment>
-  <projects/>
+	<projects>
+	</projects>
 	<buildSpec>
 		<buildCommand>
 			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
 		</buildCommand>
 		<buildCommand>
 			<name>org.eclipse.wst.validation.validationbuilder</name>
-    </buildCommand>
+			<arguments>
-    <buildCommand>
+			</arguments>
-      <name>org.springframework.ide.eclipse.core.springbuilder</name>
 		</buildCommand>
 	</buildSpec>
 	<natures>
-    <nature>org.springframework.ide.eclipse.core.springnature</nature>
 		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
 		<nature>org.eclipse.jdt.core.javanature</nature>
 		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>

sandbox/spring-security-config/.settings/org.eclipse.wst.common.project.facet.core.xml

@@ -2,5 +2,5 @@
   <fixed facet="jst.java"/>
   <fixed facet="jst.utility"/>
   <installed facet="jst.utility" version="1.0"/>
-  <installed facet="jst.java" version="1.3"/>
+  <installed facet="jst.java" version="5.0"/>
 </faceted-project>

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthenticationMechanismBeanDefinitionParser.java

@@ -13,7 +13,13 @@
  * limitations under the License.
  */
 package org.acegisecurity.config;
+
+import org.acegisecurity.ldap.DefaultInitialDirContextFactory;
 import org.acegisecurity.providers.ProviderManager;
+import org.acegisecurity.providers.ldap.LdapAuthenticationProvider;
+import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator;
+import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
+import org.acegisecurity.util.BeanDefinitionParserUtils;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.AbstractBeanDefinition;
 import org.springframework.beans.factory.support.ManagedList;
@@ -23,14 +29,15 @@ import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
+import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
 /**
- * * {@link BeanDefinitionParser} for the <code>authentication-mechanism</code> tag, 
+ * * {@link BeanDefinitionParser} for the <code>authentication-mechanism</code>
- * resolves to  {@link org.acegisecurity.providers.ProviderManager} </br>
+ * tag, resolves to {@link org.acegisecurity.providers.ProviderManager} </br>
-	
+ * 
  * @author vpuri
  * @see {@link org.springframework.beans.factory.BeanFactory}
  * @see {@link org.acegisecurity.providers.ProviderManager}
@@ -43,6 +50,8 @@ public class AuthenticationMechanismBeanDefinitionParser extends AbstractBeanDef
 
 	private static final String AUTHENTICATION_JDBC = "authentication-jdbc";
 	
+	private static final String AUTHENTICATION_LDAP="authentication-ldap";
+
 	private static final String REF = "ref";
 
 	// ~ Methods
@@ -67,15 +76,16 @@ public class AuthenticationMechanismBeanDefinitionParser extends AbstractBeanDef
 						// create a beandefinition
 						providers.add(new RuntimeBeanReference(attribute));
 					}
-
+				} else if (AUTHENTICATION_LDAP.equals(node.getLocalName())){
+					providers.add(createLdapAuthencticationProviderBeanDefinition(childElement, parserContext));
 				}
-				// TODO:Add other providers here
 			}
 			authMechanismBeanDef.getPropertyValues().addPropertyValue("providers", providers);
 
 		}
 		return authMechanismBeanDef;
 	}
+
 	/**
 	 * Creates a default bean definition.
 	 * @return
@@ -83,7 +93,8 @@ public class AuthenticationMechanismBeanDefinitionParser extends AbstractBeanDef
 	protected static RootBeanDefinition createAndRegisterBeanDefinitionWithDefaults(ParserContext parserContext) {
 		RootBeanDefinition beanDefinition = new RootBeanDefinition(ProviderManager.class);
 		ManagedList providers = new ManagedList();
-		// create authentication-repository (DaoAuthenticationProvider) and add that to list
+		// create authentication-repository (DaoAuthenticationProvider) and add
+		// that to list
 		RootBeanDefinition authRepo = AuthenticationRepositoryBeanDefinitionParser.createBeanDefinitionWithDefaults();
 		providers.add(authRepo);
 		beanDefinition.getPropertyValues().addPropertyValue("providers", providers);
@@ -91,4 +102,42 @@ public class AuthenticationMechanismBeanDefinitionParser extends AbstractBeanDef
 		return beanDefinition;
 	}
 
+	protected static RootBeanDefinition createLdapAuthencticationProviderBeanDefinition(Element element,
+			ParserContext parserContext) {
+		// element ldap
+		RootBeanDefinition ldapAuthProvider = new RootBeanDefinition(LdapAuthenticationProvider.class);
+		RootBeanDefinition initialDirContextFactory = createInitialDirContextFactoryBeanDefinition(element);
+		RootBeanDefinition ldapAuthoritiesPopulator = new RootBeanDefinition(DefaultLdapAuthoritiesPopulator.class);
+
+		RootBeanDefinition bindAuthenticator = new RootBeanDefinition(BindAuthenticator.class);
+		Element property = DomUtils.getChildElementByTagName(element, "property");
+		Assert.notNull(property);
+		parserContext.getDelegate().parsePropertyElement(property, bindAuthenticator);
+		bindAuthenticator.getConstructorArgumentValues().addIndexedArgumentValue(0, initialDirContextFactory);
+		
+		// LdapAuthenticator
+		ldapAuthProvider.getConstructorArgumentValues().addIndexedArgumentValue(0, bindAuthenticator);
+
+		ldapAuthoritiesPopulator.getConstructorArgumentValues().addIndexedArgumentValue(0, initialDirContextFactory);
+		BeanDefinitionParserUtils.setConstructorArgumentIfAvailable(1, element, "groupSearchBase", false,
+				ldapAuthoritiesPopulator);
+		BeanDefinitionParserUtils.setPropertyIfAvailable(element, "groupRoleAttribute", "groupRoleAttribute", ldapAuthoritiesPopulator);
+		
+		//LdapAuthoritiesPopulator
+		ldapAuthProvider.getConstructorArgumentValues().addIndexedArgumentValue(1, ldapAuthoritiesPopulator);
+
+		return ldapAuthProvider;
+
+	}
+
+	private static RootBeanDefinition createInitialDirContextFactoryBeanDefinition(Element element) {
+		RootBeanDefinition initialDirContextFactory = new RootBeanDefinition(DefaultInitialDirContextFactory.class);
+		BeanDefinitionParserUtils.setConstructorArgumentIfAvailable(0, element, "ldapUrl", false,
+				initialDirContextFactory);
+		BeanDefinitionParserUtils.setPropertyIfAvailable(element, "managerDn", "managerDn", initialDirContextFactory);
+		BeanDefinitionParserUtils.setPropertyIfAvailable(element, "managerPassword", "managerPassword",
+				initialDirContextFactory);
+		return initialDirContextFactory;
+	}
+
 }

sandbox/spring-security-config/src/main/java/org/acegisecurity/util/BeanDefinitionParserUtils.java

@@ -0,0 +1,42 @@
+/**
+ * 
+ */
+package org.acegisecurity.util;
+
+import org.springframework.beans.factory.config.RuntimeBeanNameReference;
+import org.springframework.beans.factory.support.BeanDefinitionReaderUtils;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.util.StringUtils;
+import org.w3c.dom.Element;
+
+/**
+ * @author Vishal Puri
+ * 
+ */
+public class BeanDefinitionParserUtils {
+	/**
+	 * Prevents instantiation
+	 */
+	private BeanDefinitionParserUtils() {
+	}
+
+	public static void setConstructorArgumentIfAvailable(int index, Element element, String attribute,
+			boolean isRunTimeBeanReference, RootBeanDefinition definition) {
+		String propertyValue = element.getAttribute(attribute);
+		if (StringUtils.hasText(propertyValue)) {
+			if(!isRunTimeBeanReference){
+				definition.getConstructorArgumentValues().addIndexedArgumentValue(index, propertyValue);
+			} else {
+				definition.getConstructorArgumentValues().addIndexedArgumentValue(index, new RuntimeBeanNameReference(propertyValue));
+			}
+		}
+	}
+
+	public static void setPropertyIfAvailable(Element element, String attribute, String property,
+			RootBeanDefinition definition) {
+		String propertyValue = element.getAttribute(attribute);
+		if (StringUtils.hasText(propertyValue)) {
+			definition.getPropertyValues().addPropertyValue(property, propertyValue);
+		}
+	}
+}

sandbox/spring-security-config/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd

@@ -3,8 +3,10 @@
 <xsd:schema xmlns="http://www.springframework.org/schema/security"
 	xmlns:xsd="http://www.w3.org/2001/XMLSchema"
 	targetNamespace="http://www.springframework.org/schema/security"
+	xmlns:beans="http://www.springframework.org/schema/beans"
 	elementFormDefault="qualified" attributeFormDefault="unqualified">
 
+	<xsd:import namespace="http://www.springframework.org/schema/beans" />
 
 	<xsd:element name="autoconfig" />
 
@@ -88,7 +90,8 @@
 	<xsd:element name="authentication-remember-me-filter"
 		type="RememberMeFilter">
 		<xsd:annotation>
-				<xsd:documentation source="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
+			<xsd:documentation
+				source="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
 				<![CDATA[
 	makes the filter, but does little else, as it auto-detects everything
 				]]>
@@ -289,12 +292,61 @@
 				]]>
 			</xsd:documentation>
 		</xsd:annotation>
+
+		<xsd:complexType>
+	 
+			<xsd:sequence>
+				<xsd:element name="property">
 					<xsd:complexType>
-			<xsd:attribute name="ref" type="xsd:string">
+						<xsd:complexContent>
+							<xsd:extension base="beans:propertyType"></xsd:extension>
+						</xsd:complexContent>
+					</xsd:complexType>
+				</xsd:element>
+			</xsd:sequence>
+
+			<xsd:attribute name="ldapUrl" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>
+						<![CDATA[
+	The LDAP url of the server (and root context) to connect to.
+					]]>
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:attribute>
+			<xsd:attribute name="managerDn" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>
+						<![CDATA[
+	The LDAP url of the server (and root context) to connect to.
+					]]>
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:attribute>
+			<xsd:attribute name="managerPassword" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>
+						<![CDATA[
+	The manager user's password.
+					]]>
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:attribute>
+			<xsd:attribute name="groupSearchBase" type="xsd:string">
 				<xsd:annotation>
 					<xsd:documentation>
 						<![CDATA[
-	A short-cut alternative to a nested "<ref bean='...'/>" element.
+	
+					]]>
+					</xsd:documentation>
+				</xsd:annotation>
+			</xsd:attribute>
+			<xsd:attribute name="groupRoleAttribute"
+				type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>
+						<![CDATA[
+	
 					]]>
 					</xsd:documentation>
 				</xsd:annotation>
@@ -475,4 +527,5 @@
 
 
 
+
 </xsd:schema>

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/LdapAuthenticationProviderBeanDefinitionParserTests.java

@@ -0,0 +1,52 @@
+package org.acegisecurity.config;
+
+import junit.framework.TestCase;
+
+import org.acegisecurity.ldap.InitialDirContextFactory;
+import org.acegisecurity.providers.ldap.LdapAuthenticationProvider;
+import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator;
+import org.springframework.beans.PropertyValue;
+import org.springframework.beans.PropertyValues;
+import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
+import org.springframework.beans.factory.support.ManagedList;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+/**
+ * @author Vishal Puri
+ * 
+ */
+public class LdapAuthenticationProviderBeanDefinitionParserTests extends TestCase {
+
+	public void testBeanDefinitionCreation() {
+		ApplicationContext context = new ClassPathXmlApplicationContext("org/acegisecurity/config/ldap-config.xml");
+		ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
+		BeanDefinition def = (RootBeanDefinition) bf.getBeanDefinition("authenticationManager");
+		assertNotNull(def);
+		PropertyValues values = def.getPropertyValues();
+		PropertyValue value = values.getPropertyValue("providers");
+		assertNotNull(value);
+		ManagedList list = (ManagedList) value.getValue();
+		assertEquals(1, list.size());
+
+		RootBeanDefinition definition = (RootBeanDefinition) list.get(0);
+		assertEquals(LdapAuthenticationProvider.class, definition.getBeanClass());
+
+		assertEquals(2, definition.getConstructorArgumentValues().getArgumentCount());
+
+		ValueHolder holder = definition.getConstructorArgumentValues().getArgumentValue(0, BindAuthenticator.class);
+		assertNotNull(holder.getConvertedValue() instanceof BindAuthenticator);
+		RootBeanDefinition authenticatorDefinition = (RootBeanDefinition) holder.getValue();
+		assertEquals(1, authenticatorDefinition.getConstructorArgumentValues().getArgumentCount());
+
+		RootBeanDefinition initialContextDir = (RootBeanDefinition) authenticatorDefinition
+				.getConstructorArgumentValues().getArgumentValue(0, InitialDirContextFactory.class).getValue();
+		assertEquals("cn=manager,dc=acegisecurity,dc=org", initialContextDir.getPropertyValues().getPropertyValue(
+				"managerDn").getValue());
+		assertEquals("ldap://monkeymachine:389/dc=acegisecurity,dc=org", initialContextDir.getConstructorArgumentValues()
+				.getArgumentValue(0, String.class).getValue());
+	}
+}

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authentication-beanRef-attributes.xml

@@ -3,9 +3,7 @@
 <beans xmlns="http://www.springframework.org/schema/beans"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
 	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
 	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
 
 	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/exception-translation-autodetect-handler.xml

@@ -3,9 +3,7 @@
 <beans xmlns="http://www.springframework.org/schema/beans"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
 	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
 
 	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/ldap-config.xml

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:beans="http://www.springframework.org/schema/beans"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd  	
+	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->
+	<!-- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd" -->
+
+	<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order  -->
+	<security:authentication-mechanism id="authenticationManager">
+		<security:authentication-ldap 
+			ldapUrl="ldap://monkeymachine:389/dc=acegisecurity,dc=org"
+			managerDn="cn=manager,dc=acegisecurity,dc=org"
+			managerPassword="password" groupSearchBase="ou=groups"
+			groupRoleAttribute="ou">
+			<security:property name="userDnPatterns">
+				<list>
+					<value>uid={0},ou=people</value>
+				</list>
+			</security:property>
+		</security:authentication-ldap>
+	</security:authentication-mechanism>
+
+
+	<!--<bean id="initialDirContextFactory"
+		class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
+		<constructor-arg
+		value="ldap://monkeymachine:389/dc=acegisecurity,dc=org" />
+		<property name="managerDn">
+		<value>cn=manager,dc=acegisecurity,dc=org</value>
+		</property>
+		<property name="managerPassword">
+		<value>password</value>
+		</property>
+		</bean>
+		
+		<bean id="ldapAuthProvider"
+		class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
+		<constructor-arg>
+		<bean
+		class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
+		<constructor-arg>
+		<ref local="initialDirContextFactory" />
+		</constructor-arg>
+		<property name="userDnPatterns">
+		<list>
+		<value>uid={0},ou=people</value>
+		</list>
+		</property>
+		</bean>
+		</constructor-arg>
+		<constructor-arg>
+		<bean
+		class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
+		<constructor-arg>
+		<ref local="initialDirContextFactory" />
+		</constructor-arg>
+		<constructor-arg>
+		<value>ou=groups</value>
+		</constructor-arg>
+		<property name="groupRoleAttribute">
+		<value>ou</value>
+		</property>
+		</bean>
+		</constructor-arg>
+		</bean>
+	-->
+
+</beans>

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/principal-repository-jdbc.xml

@@ -3,9 +3,7 @@
 <beans xmlns="http://www.springframework.org/schema/beans"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:util="http://www.springframework.org/schema/util"
 	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
 http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd">
 
 	<!-- http://www.springframework.org/schema/security file:/Users/vpuri/interface21/acegisecurity/trunk/acegisecurity/core/src/main/resources/org/acegisecurity/config/spring-security-2.0.xsd -->