dularion/DaoLdapUserDetailsService.groovy

## DaoLdapUserDetailsService.groovy
package project

import grails.converters.JSON
import grails.plugin.springsecurity.SpringSecurityUtils
import grails.plugin.springsecurity.userdetails.GrailsUser
import grails.plugin.springsecurity.userdetails.GrailsUserDetailsService
import grails.plugin.springsecurity.userdetails.NoStackUsernameNotFoundException
import grails.transaction.Transactional
import org.apache.commons.logging.Log
import org.apache.commons.logging.LogFactory
import org.grails.web.json.JSONObject
import org.springframework.security.core.authority.SimpleGrantedAuthority
import org.springframework.security.core.userdetails.UserDetails
import org.springframework.security.core.userdetails.UsernameNotFoundException

class DaoLdapUserDetailsService implements GrailsUserDetailsService {

  LdapConnectionService ldapConnectionService

  protected final Log logger = LogFactory.getLog(getClass());

  private static ldapAccountEnabled = true

  /**
   * Some Spring Security classes (e.g. RoleHierarchyVoter) expect at least
   * one role, so we give a user with no granted roles this one which gets
   * past that restriction but doesn't grant anything.
   */
  static final List NO_ROLES = [new SimpleGrantedAuthority(SpringSecurityUtils.NO_ROLE)]

  UserDetails loadUserByUsername(String username, boolean loadRoles)
    throws UsernameNotFoundException {
    return loadUserByUsername(username)
  }


  @Transactional
  def updateUserInfo(User user, ldapUser) {
    user.nameShort = ldapUser['shortname']
    //etc
    user.save(failOnError: true, flush: true)

    logger.debug('updateUserInfo ' + user.nameShort)
    UserInfo userInfo = UserInfo.findByUser(user)
    if (!userInfo) {
      return
    }

    user.nameLast = ldapUser['sn']
    user.importedId = ldapUser['uidNumber']
    user.nameShort = ldapUser['Nutzerkuerzel']
    if (user.nameLast != ldapUser['givenName']) {
      user.nameFirst = ldapUser['givenName']
    }

    user.enabled = !user.defaultTenant.deleted
    user.deleted = user.defaultTenant.deleted
    user.save(flush: true, failOnError: true)
    userInfo.metaData = (ldapUser as JSON).toString()
    userInfo.save(failOnError: true, flush: true)
  }


  @Transactional
  /**
   * fetchTenantsFromLdap
   * @return results.tenants List<Tenant>
   * @return results.default Tenant
   *
   */
  Map fetchTenantsFromLdap(ldapUser) {
    def result = [:]
    result.tenants = []

    def ldapRights = ldapUser['Berechtigungen']?.split(',')
//    logger.debug('berechtigung ' + ldapRights)
    Tenant defaultTenant
    ldapRights.each {
      if (it.isNumber()) {
        Tenant tenant = Tenant.findByExternalId(it)
        if (tenant) {
          result.tenants.push(tenant)
        } else {
          logger.error('TENANT not found by externalId  for ldapRights it !!' + it)
        }
      } else {
        def tenantId = it.toString().replace('!', '')
        if (tenantId.isNumber()) {
          result.default = Tenant.findByExternalId(tenantId)
          result.tenants.push(result.default)
        }
      }
    }

    if (!result.default && result.tenants.size() > 0) {
      result.default = result.tenants[0]
    }

    if (!result.default) {
      logger.warn('no tenants found by Berechtigungen user: ' + ldapUser.uid + ' ldapRights: ' + ldapRights
        + ' fallback to LDAP DN')
    }


    if (!result.default) {
      def msg = 'No tenant for user:' + ldapUser.uid + ' ldapRights: ' + ldapRights
      logger.error(msg)
      throw new Exception(msg)
    }

    result.tenants = result.tenants.unique()
    return result
  }

  @Transactional
  User createUserFromLdap(ldapUser) {
    logger.debug('createUserFromLdap ' + ldapUser)
    def tenantResult = fetchTenantsFromLdap(ldapUser)

    User user = new User(ldapUser.uid, UUID.randomUUID().toString())
    user.nameLast = ldapUser['sn']
    user.importedId = ldapUser['uidNumber']
    user.nameShort = ldapUser['Nutzerkuerzel']
    if (user.nameLast != ldapUser['givenName']) {
      user.nameFirst = ldapUser['givenName']
    }
//
    user.defaultTenant = tenantResult.default
    user.enabled = ldapAccountEnabled
    user.save(failOnError: true, flush: true)

    UserInfo userInfo = new UserInfo(metaData: (new JSONObject(ldapUser)).toString(), user: user)
    userInfo.save(failOnError: true, flush: true)

    //TODO: Berater or Onlineteam??? Berater soll es sein https://tackl.it/app/#/tackls?projectId=188&tenantId=6&filterId=120&tacklId=9990
    ShareRole defaultShareRole = ShareRole.findByNameOrId('Berater', 1)

    tenantResult.tenants.each { Tenant tenant ->
      Share share = new Share(user: user, shareRole: defaultShareRole)
      share.setEntity(tenant)
      share.save(failOnError: true, flush: true)
    }


    return user
  }


  /**
   *
   * @param username
   * @return
   * @throws UsernameNotFoundException
   */
  @Transactional(readOnly = false, noRollbackFor = [IllegalArgumentException, UsernameNotFoundException])
  UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

    def ldapUser = ldapConnectionService.loadUser(username)

    User user
    if (ldapUser) {
//      user = User.findByImportedId(ldapUser.uidNumber)
      user = User.findByUsername(ldapUser.uid)
    } else {
      user = User.findByUsername(username)
    }
    if (!user && ldapUser) {
      user = createUserFromLdap(ldapUser)

      return new GrailsUser(username, 'ldap_init', ldapAccountEnabled,
        true, true,
        true, NO_ROLES, user.id)
    }
    if (!user && !ldapUser){
      throw new NoStackUsernameNotFoundException()
    }

    if (user && ldapUser) {
      updateUserInfo(user, ldapUser)
    }

    def roles = user.authorities

    // or if you are using role groups:
    // def roles = user.authorities.collect { it.authorities }.flatten().unique()

    def authorities = roles.collect {
      new SimpleGrantedAuthority(it.authority)
    }

    return new GrailsUser(user.username, user.password, user.enabled,
      !user.accountExpired, !user.passwordExpired,
      !user.accountLocked, authorities ?: NO_ROLES, user.id)
  }
}
	package project

	import grails.converters.JSON
	import grails.plugin.springsecurity.SpringSecurityUtils
	import grails.plugin.springsecurity.userdetails.GrailsUser
	import grails.plugin.springsecurity.userdetails.GrailsUserDetailsService
	import grails.plugin.springsecurity.userdetails.NoStackUsernameNotFoundException
	import grails.transaction.Transactional
	import org.apache.commons.logging.Log
	import org.apache.commons.logging.LogFactory
	import org.grails.web.json.JSONObject
	import org.springframework.security.core.authority.SimpleGrantedAuthority
	import org.springframework.security.core.userdetails.UserDetails
	import org.springframework.security.core.userdetails.UsernameNotFoundException

	class DaoLdapUserDetailsService implements GrailsUserDetailsService {

	LdapConnectionService ldapConnectionService

	protected final Log logger = LogFactory.getLog(getClass());

	private static ldapAccountEnabled = true

	/**
	* Some Spring Security classes (e.g. RoleHierarchyVoter) expect at least
	* one role, so we give a user with no granted roles this one which gets
	* past that restriction but doesn't grant anything.
	*/
	static final List NO_ROLES = [new SimpleGrantedAuthority(SpringSecurityUtils.NO_ROLE)]

	UserDetails loadUserByUsername(String username, boolean loadRoles)
	throws UsernameNotFoundException {
	return loadUserByUsername(username)
	}


	@Transactional
	def updateUserInfo(User user, ldapUser) {
	user.nameShort = ldapUser['shortname']
	//etc
	user.save(failOnError: true, flush: true)

	logger.debug('updateUserInfo ' + user.nameShort)
	UserInfo userInfo = UserInfo.findByUser(user)
	if (!userInfo) {
	return
	}

	user.nameLast = ldapUser['sn']
	user.importedId = ldapUser['uidNumber']
	user.nameShort = ldapUser['Nutzerkuerzel']
	if (user.nameLast != ldapUser['givenName']) {
	user.nameFirst = ldapUser['givenName']
	}

	user.enabled = !user.defaultTenant.deleted
	user.deleted = user.defaultTenant.deleted
	user.save(flush: true, failOnError: true)
	userInfo.metaData = (ldapUser as JSON).toString()
	userInfo.save(failOnError: true, flush: true)
	}


	@Transactional
	/**
	* fetchTenantsFromLdap
	* @return results.tenants List<Tenant>
	* @return results.default Tenant
	*
	*/
	Map fetchTenantsFromLdap(ldapUser) {
	def result = [:]
	result.tenants = []

	def ldapRights = ldapUser['Berechtigungen']?.split(',')
	// logger.debug('berechtigung ' + ldapRights)
	Tenant defaultTenant
	ldapRights.each {
	if (it.isNumber()) {
	Tenant tenant = Tenant.findByExternalId(it)
	if (tenant) {
	result.tenants.push(tenant)
	} else {
	logger.error('TENANT not found by externalId for ldapRights it !!' + it)
	}
	} else {
	def tenantId = it.toString().replace('!', '')
	if (tenantId.isNumber()) {
	result.default = Tenant.findByExternalId(tenantId)
	result.tenants.push(result.default)
	}
	}
	}

	if (!result.default && result.tenants.size() > 0) {
	result.default = result.tenants[0]
	}

	if (!result.default) {
	logger.warn('no tenants found by Berechtigungen user: ' + ldapUser.uid + ' ldapRights: ' + ldapRights
	+ ' fallback to LDAP DN')
	}


	if (!result.default) {
	def msg = 'No tenant for user:' + ldapUser.uid + ' ldapRights: ' + ldapRights
	logger.error(msg)
	throw new Exception(msg)
	}

	result.tenants = result.tenants.unique()
	return result
	}

	@Transactional
	User createUserFromLdap(ldapUser) {
	logger.debug('createUserFromLdap ' + ldapUser)
	def tenantResult = fetchTenantsFromLdap(ldapUser)

	User user = new User(ldapUser.uid, UUID.randomUUID().toString())
	user.nameLast = ldapUser['sn']
	user.importedId = ldapUser['uidNumber']
	user.nameShort = ldapUser['Nutzerkuerzel']
	if (user.nameLast != ldapUser['givenName']) {
	user.nameFirst = ldapUser['givenName']
	}
	//
	user.defaultTenant = tenantResult.default
	user.enabled = ldapAccountEnabled
	user.save(failOnError: true, flush: true)

	UserInfo userInfo = new UserInfo(metaData: (new JSONObject(ldapUser)).toString(), user: user)
	userInfo.save(failOnError: true, flush: true)

	//TODO: Berater or Onlineteam??? Berater soll es sein https://tackl.it/app/#/tackls?projectId=188&tenantId=6&filterId=120&tacklId=9990
	ShareRole defaultShareRole = ShareRole.findByNameOrId('Berater', 1)

	tenantResult.tenants.each { Tenant tenant ->
	Share share = new Share(user: user, shareRole: defaultShareRole)
	share.setEntity(tenant)
	share.save(failOnError: true, flush: true)
	}



	return user
	}



	/**
	*
	* @param username
	* @return
	* @throws UsernameNotFoundException
	*/
	@Transactional(readOnly = false, noRollbackFor = [IllegalArgumentException, UsernameNotFoundException])
	UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

	def ldapUser = ldapConnectionService.loadUser(username)

	User user
	if (ldapUser) {
	// user = User.findByImportedId(ldapUser.uidNumber)
	user = User.findByUsername(ldapUser.uid)
	} else {
	user = User.findByUsername(username)
	}
	if (!user && ldapUser) {
	user = createUserFromLdap(ldapUser)

	return new GrailsUser(username, 'ldap_init', ldapAccountEnabled,
	true, true,
	true, NO_ROLES, user.id)
	}
	if (!user && !ldapUser){
	throw new NoStackUsernameNotFoundException()
	}

	if (user && ldapUser) {
	updateUserInfo(user, ldapUser)
	}

	def roles = user.authorities

	// or if you are using role groups:
	// def roles = user.authorities.collect { it.authorities }.flatten().unique()

	def authorities = roles.collect {
	new SimpleGrantedAuthority(it.authority)
	}

	return new GrailsUser(user.username, user.password, user.enabled,
	!user.accountExpired, !user.passwordExpired,
	!user.accountLocked, authorities ?: NO_ROLES, user.id)
	}
	}