Created
August 27, 2017 13:07
-
-
Save dularion/73e71eba8b025730b21e3cc843474b9b to your computer and use it in GitHub Desktop.
Ldap Auth for Springsecurity
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package project | |
| import org.apache.commons.logging.Log | |
| import org.apache.commons.logging.LogFactory | |
| import org.springframework.ldap.core.LdapTemplate | |
| import org.springframework.ldap.core.support.LdapContextSource | |
| import org.springframework.ldap.filter.EqualsFilter | |
| import org.springframework.ldap.filter.Filter | |
| import javax.naming.Context | |
| import javax.naming.NamingEnumeration | |
| import javax.naming.directory.Attributes | |
| import javax.naming.directory.DirContext | |
| import javax.naming.directory.InitialDirContext | |
| import javax.naming.directory.SearchControls | |
| import javax.naming.directory.SearchResult | |
| class LdapConnectionService { | |
| protected final Log logger = LogFactory.getLog(getClass()); | |
| private LdapTemplate ldapTemplate | |
| boolean allowLdapFakeLogin = false | |
| String ldapUrl = "..." | |
| private static String ldapBase = "..." | |
| private static String ldapUserDn = "..." | |
| private static String ldapUserPass = "..." | |
| LdapTemplate getLdapTemplate() { | |
| if (!this.ldapTemplate) { | |
| LdapContextSource ctxSrc = new LdapContextSource(); | |
| ctxSrc.setUrl(ldapUrl); | |
| ctxSrc.setBase(ldapBase); | |
| ctxSrc.setUserDn(ldapUserDn) | |
| ctxSrc.setPassword(ldapUserPass) | |
| ctxSrc.afterPropertiesSet(); /* ! */ | |
| this.ldapTemplate = new LdapTemplate(ctxSrc) | |
| } | |
| return this.ldapTemplate | |
| } | |
| boolean auth(String username, String password) { | |
| try { | |
| def ldapTemplate = getLdapTemplate() | |
| Filter filter = new EqualsFilter("uid", username) | |
| boolean authed = ldapTemplate.authenticate("", | |
| filter.encode(), | |
| password); | |
| return authed | |
| } | |
| catch (e) { | |
| logger.error("LDAP AUTH EXCEPTION on user $username", e) | |
| } | |
| } | |
| private Map getInfoFromDN(String dn) { | |
| def res = [:] | |
| def splitted = dn.split(',') | |
| splitted.each { | |
| def keyVal = it.split('=') | |
| res[keyVal[0]] = keyVal[1] | |
| } | |
| return res | |
| } | |
| def loadUser(String userName) { | |
| def res | |
| try { | |
| Hashtable env = new Hashtable(); | |
| env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); | |
| env.put(Context.PROVIDER_URL, ldapUrl + ldapBase); | |
| env.put(Context.SECURITY_AUTHENTICATION, "simple"); | |
| env.put(Context.SECURITY_PRINCIPAL, ldapUserDn); | |
| env.put(Context.SECURITY_CREDENTIALS, ldapUserPass); | |
| DirContext ctx = null; | |
| NamingEnumeration results = null; | |
| ctx = new InitialDirContext(env); | |
| SearchControls controls = new SearchControls(); | |
| controls.setSearchScope(SearchControls.SUBTREE_SCOPE); | |
| results = ctx.search("", "(|(uid=$userName)(mail=$userName))", controls); | |
| if (!results.hasMore()) { | |
| return | |
| } | |
| SearchResult searchResult = (SearchResult) results.next(); | |
| if (!searchResult) { | |
| logger.error('no searchResult') | |
| return | |
| } | |
| Attributes attrs = searchResult.getAttributes(); | |
| def dn = searchResult.getName() | |
| def dnInfo = getInfoFromDN(dn) | |
| res = [ | |
| dn: dn, | |
| o : dnInfo.o, | |
| dc: dnInfo.dc | |
| ] | |
| attrs.IDs.toList().each { | |
| if (it == 'password') { | |
| return | |
| } | |
| res[it] = attrs.get(it)?.get() | |
| } | |
| } | |
| catch (e) { | |
| logger.error('LDAP EXCEPTION', e) | |
| } | |
| return res | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment