package net.marioosh.ldapdemo;
import java.util.Arrays;
import java.util.Collection;
import org.springframework.context.annotation.Configuration;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest()
.fullyAuthenticated()
.and().formLogin();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.userSearchBase("OU=Workstations,DC=test,DC=local")
.userSearchFilter("(&(objectClass=user)(sAMAccountName={0}))")
.ldapAuthoritiesPopulator(ldapAuthoritiesPopulator())
.contextSource()
.url("ldap://ad.test.local:389")
.managerDn("CN=admin,CN=Users,DC=test,DC=local")
.managerPassword("adminPassword");
}
/**
* populator that doesn't check user's attributes
* just return ROLE_USER
* @return
*/
private LdapAuthoritiesPopulator ldapAuthoritiesPopulator() {
return new LdapAuthoritiesPopulator() {
@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData,
String username) {
return Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"));
}
};
}
/**
* not required
* to have UserDetailsService as bean for using in other components
*/
@Bean
@Override
protected UserDetailsService userDetailsService() {
return super.userDetailsService();
}
} |
package net.marioosh.ldapdemo;
import java.util.Arrays;
import java.util.Collection;
import org.springframework.context.annotation.Configuration;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest()
.fullyAuthenticated()
.and().formLogin();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.userSearchBase("OU=Workstations,DC=test,DC=local")
.userSearchFilter("(&(objectClass=user)(sAMAccountName={0}))")
.ldapAuthoritiesPopulator(ldapAuthoritiesPopulator())
.contextSource()
.url("ldap://ad.test.local:389")
.managerDn("CN=admin,CN=Users,DC=test,DC=local")
.managerPassword("adminPassword");
}
/**
* populator that doesn't check user's attributes
* just return ROLE_USER
* @return
*/
private LdapAuthoritiesPopulator ldapAuthoritiesPopulator() {
return new LdapAuthoritiesPopulator() {
@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData,
String username) {
return Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"));
}
};
}
/**
* not required
* to have UserDetailsService as bean for using in other components
*/
@Bean
@Override
protected UserDetailsService userDetailsService() {
return super.userDetailsService();
}
}