Last active
August 29, 2015 14:24
-
-
Save henri-tremblay/4c52cabee36eeef3092f to your computer and use it in GitHub Desktop.
Add LDAP to JHispter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<dependency> | |
<groupId>org.springframework.security</groupId> | |
<artifactId>spring-security-ldap</artifactId> | |
<version>${spring-security.version}</version> | |
</dependency> | |
<dependency> | |
<groupId>org.apache.directory.server</groupId> | |
<artifactId>apacheds-server-jndi</artifactId> | |
<version>1.5.5</version> | |
</dependency> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@Inject | |
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { | |
configureLdap(auth); | |
} | |
private void configureLdap(AuthenticationManagerBuilder auth) { | |
String rootDn = env.getRequiredProperty("ldap.rootDn"); | |
String domain = env.getRequiredProperty("ldap.domain"); | |
String url = env.getRequiredProperty("ldap.url"); | |
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(domain, url); | |
provider.setSearchFilter("(&(objectClass=user)(login={0}))"); | |
// Used when we are using hybrid authentication. The roles are coming from our database. By default. | |
// the LDAP provider is taking the from the memberOf field. So we will clear that and put our own stuff | |
provider.setUserDetailsContextMapper(userDetailsContextMapper); | |
auth.authenticationProvider(provider); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@Component("userDetailsContextMapper") | |
public class UserDetailsContextMapper | |
implements org.springframework.security.ldap.userdetails.UserDetailsContextMapper { | |
private final Logger log = LoggerFactory.getLogger(UserDetailsContextMapper.class); | |
@Inject | |
private UserDetailsService userDetailsService; | |
@Override public UserDetails mapUserFromContext(DirContextOperations ctx, String username, | |
Collection<? extends GrantedAuthority> authorities) { | |
return userDetailsService.loadUserByUsername(username); | |
} | |
@Override public void mapUserToContext(UserDetails user, DirContextAdapter ctx) { | |
throw new UnsupportedOperationException("UserDetailsService only supports reading from a context. Please" + | |
"use a subclass if mapUserToContext() is required."); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment