java - Spring security switch to Ldap authentication and database authorities -

-

i implemented database authentication web page , web service. work both, have add ldap authentication. have authenticate through remote ldap server (using username , password) , if user exists have use database user roles (in database username same username of ldap). have switch actual code ldap , database authentication above explained. code is: securityconfig class

@configuration @enablewebsecurity @enableglobalmethodsecurity(securedenabled = true, prepostenabled = true, proxytargetclass = true) public class securityconfig extends websecurityconfigureradapter {      @autowired     @qualifier("userdetailsservice")     userdetailsservice userdetailsservice;      @autowired     public void configureglobal(authenticationmanagerbuilder auth) throws exception {         auth.userdetailsservice(userdetailsservice).passwordencoder(passwordencoder());     }      @bean     public passwordencoder passwordencoder(){         passwordencoder encoder = new bcryptpasswordencoder();         return encoder;     }      @configuration     @order(1)     public static class apiwebsecurityconfig extends websecurityconfigureradapter{         @override         protected void configure(httpsecurity http) throws exception {              http.csrf().disable()              .antmatcher("/client/**")              .authorizerequests()              .anyrequest().authenticated()              .and()              .httpbasic();         }     }      @configuration     @order(2)     public static class formwebsecurityconfig extends websecurityconfigureradapter{          @override         public void configure(websecurity web) throws exception {             web             //spring security ignores request static resources such css or js files.             .ignoring()             .antmatchers("/static/**");         }          @override         protected void configure(httpsecurity http) throws exception {             http             .authorizerequests() //authorize request configuration                 //the / , /register path accepted without login                 //.antmatchers("/", "/register").permitall()                 //the /acquisition/** need admin role                 //.antmatchers("/acquisition/**").hasrole("admin")                 //.and().exceptionhandling().accessdeniedpage("/access_denied");                 //all path need authentication                 .anyrequest().authenticated()                 .and() //login form configuration others             .formlogin()                 .loginpage("/login")                 //important because otherwise goes in loop because login page require authentication , authentication require login page                     .permitall()             .and()             .logout()                 .logoutsuccessurl("/login?logout")                 .permitall();              // csrf tokens handling         }     }

myuserdetailsservice class

@service("userdetailsservice") public class myuserdetailsservice implements userdetailsservice {      @autowired     private userservices userservices;     static final logger log = loggerfactory.getlogger(myuserdetailsservice.class);      @transactional(readonly=true)     @override     public userdetails loaduserbyusername(final string username){         try{             com.domain.user user = userservices.findbyid(username);             if (user==null)                 log.error("threw exception in myuserdetailsservice::loaduserbyusername : user doesn't exist" );              else{                 list<grantedauthority> authorities = builduserauthority(user.getuserrole());                 return builduserforauthentication(user, authorities);             }         }catch(exception e){             log.error("threw exception in myuserdetailsservice::loaduserbyusername : " + errorexceptionbuilder.builderrorresponse(e));  }         return null;     }      // converts com.users.model.user user     // org.springframework.security.core.userdetails.user     private user builduserforauthentication(com.domain.user user, list<grantedauthority> authorities) {         return new user(user.getusername(), user.getpassword(), user.isenabled(), true, true, true, authorities);     }      private list<grantedauthority> builduserauthority(set<userrole> userroles) {          set<grantedauthority> setauths = new hashset<grantedauthority>();          // build user's authorities         (userrole userrole : userroles) {             setauths.add(new simplegrantedauthority(userrole.getuserrolekeys().getrole()));         }          list<grantedauthority> result = new arraylist<grantedauthority>(setauths);          return result;     }

so have to:

1)access of user login page web pages , username , password web services. has done through ldap.

2)the username of user needs database query authenticate user. have idea how can implement this? thanks

update right code: following @m. deinum advice create myauthoritiespopulator class instead of myuserdetailsservice , authentication database , ldap works:

    @service("myauthpopulator") public class myauthoritiespopulator implements ldapauthoritiespopulator {      @autowired     private userservices userservices;     static final logger log = loggerfactory.getlogger(myauthoritiespopulator.class);      @transactional(readonly=true)     @override     public collection<? extends grantedauthority> getgrantedauthorities(dircontextoperations userdata, string username) {         set<grantedauthority> authorities = new hashset<grantedauthority>();         try{             com.domain.user user = userservices.findbyid(username);             if (user==null)                 log.error("threw exception in myauthoritiespopulator::getgrantedauthorities : user doesn't exist ats database" );               else{                 for(userrole userrole : user.getuserrole()) {                     authorities.add(new simplegrantedauthority(userrole.getuserrolekeys().getrole()));                 }                 return authorities;             }         }catch(exception e){             log.error("threw exception in myauthoritiespopulator::getgrantedauthorities : " + errorexceptionbuilder.builderrorresponse(e)); }         return authorities;     } }

and changed securityconfig below:

@configuration @enablewebsecurity @enableglobalmethodsecurity(securedenabled = true, prepostenabled = true, proxytargetclass = true) public class securityconfig extends websecurityconfigureradapter {      @autowired     @qualifier("myauthpopulator")     ldapauthoritiespopulator myauthpopulator;      @autowired     public void configureglobal(authenticationmanagerbuilder auth) throws exception {           auth.ldapauthentication()           .contextsource()             .url("ldap://127.0.0.1:10389/dc=example,dc=com") //          .managerdn("") //          .managerpassword("")           .and()                .usersearchbase("ou=people")             .usersearchfilter("(uid={0})")             .ldapauthoritiespopulator(myauthpopulator);          }      @configuration     @order(1)     public static class apiwebsecurityconfig extends websecurityconfigureradapter{         @override         protected void configure(httpsecurity http) throws exception {              http.csrf().disable()              .antmatcher("/client/**")              .authorizerequests()              //excluede send file authentication because doesn't work spring authentication              //todo add java authentication send method              .antmatchers(httpmethod.post, "/client/file").permitall()              .anyrequest().authenticated()              .and()              .httpbasic();         }     }      @configuration     @order(2)     public static class formwebsecurityconfig extends websecurityconfigureradapter{          @override         public void configure(websecurity web) throws exception {             web             //spring security ignores request static resources such css or js files.             .ignoring()             .antmatchers("/static/**");         }          @override         protected void configure(httpsecurity http) throws exception {             http             .authorizerequests() //authorize request configuration                 //the "/" , "/register" path accepted without login                 //.antmatchers("/", "/register").permitall()                 //the /acquisition/** need admin role                 //.antmatchers("/acquisition/**").hasrole("admin")                 //.and().exceptionhandling().accessdeniedpage("/access_denied");                 //all path need authentication                 .anyrequest().authenticated()                 .and() //login form configuration others             .formlogin()                 .loginpage("/login")                 //important because otherwise goes in loop because login page require authentication , authentication require login page                     .permitall()             .and()             .logout()                 .logoutsuccessurl("/login?logout")                 .permitall();         }     } }

my ldap development environment created in apache directory studio

ldap

spring security supports ldap out-of-the-box. has whole chapter on this.

to use , configure ldap add spring-security-ldap dependency , next use authenticationmanagerbuilder.ldapauthentication configure it. ldapauthenticationproviderconfigurer allows set needed things up. 

@autowired public void configureglobal(authenticationmanagerbuilder auth) throws exception {     auth.ldapauthentication()       .contextsource()         .url(...)         .port(...)         .managerdn(...)         .managerpassword(...)       .and()         .passwordencoder(passwordencoder())         .usersearchbase(...)                 .ldapauthoritiespopulator(new userserviceldapauthoritiespopulater(this.userservice));       }

something (it should give @ least idea on what/how configure things) there more options check javadocs that. if cannot use userservice retrieve roles (because roles in database) implement own ldapauthoritiespopulator that.


Comments

Post a Comment

Popular posts from this blog

Capture and play voice with Asterisk ARI -

-
there channel ari demo in wich can control channel state: ring, answer, play silence, play tone or audio-file ( https://github.com/asterisk/ari-examples/tree/master/channel-state , https://wiki.asterisk.org/wiki/display/ast/ari+and+channels%3a+manipulating+channel+state ) possible receive chunks (parts, buffers, etc.) of call voice (which created remote subscriber) or write chunks of voice, example array of bytes (not file) in audio format (alaw, ulow etc). you can use asterisk eagi interface voice data. other option use record or mixmonitor app record channel(channel have put stasis allow dialplan control ari) "write chunks of voice" can done application playback also can create own application using c/c++, compile asterisk , result want. no, can't redirect voice directly using ari.
Read more

c++ - Can not find the "fiostream.h" file -

-
i'm learning c++ now. here question: #include <fiostream.h> no matter used: #include <fiostream> #include "fiostream" #include "fiostream.h" i can not find "fiostream.h" file anywhere. where can find "fiostream.h" file? does "iostream.h" include "fiostream.h"'s functions? what's difference between "fiostream.h" , "iostream.h"? thank you~~ what's difference between "fiostream.h" , "iostream.h"? the difference “f”. neither header exists. iostream does, fiostream doesn’t (but fstream does).
Read more

java - Why database contraints in HSQLDB are only checked during a commit when using transactions in Hibernate? -

-
i spotted odd behavior in hsql, seems when using database transactions database contraints not checked during sql inserts during sql commits , when transaction rollbacked not checked @ all. i have spring integration test: @runwith(springjunit4classrunner.class) @transactionconfiguration(defaultrollback=true, transactionmanager="transactionmanager") @transactional public class integrationtest { with test creates new entity instance , calls hibernate's persist on it. it works fine, when change defaultrollback false fails: caught exception while allowing testexecutionlistener [org.springframework.test.context.transaction.transactionaltestexecutionlistener@517a2b0] process 'after' execution test: method [public void myintegrationtest.test()], instance [myintegrationtest@546e61d5], exception [null] org.springframework.dao.dataintegrityviolationexception: not execute statement; sql [n/a]; constraint [null]; nested exception org.hibernate.exception.const...
Read more