Commit 2abdef05 authored by Sascha Herzinger's avatar Sascha Herzinger
Browse files

added untested LDAP authentication provider

parent be1688e9
Pipeline #11780 failed with stage
in 13 minutes and 4 seconds
package lcsb.mapviewer.web.config;
import com.unboundid.ldap.sdk.LDAPException;
import lcsb.mapviewer.common.Configuration;
import lcsb.mapviewer.model.user.User;
import lcsb.mapviewer.services.UserDTO;
import lcsb.mapviewer.services.interfaces.ILdapService;
import lcsb.mapviewer.services.interfaces.IUserService;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
@Service
public class LdapAuthenticationProvider implements AuthenticationProvider {
private IUserService userService;
private ILdapService ldapService;
private UserDetailsService userDetailsService;
private PasswordEncoder passwordEncoder;
public LdapAuthenticationProvider(IUserService userService,
ILdapService ldapService,
UserDetailsService userDetailsService,
PasswordEncoder passwordEncoder) {
this.userService = userService;
this.ldapService = ldapService;
this.userDetailsService = userDetailsService;
this.passwordEncoder = passwordEncoder;
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getName().toLowerCase();
if (username.isEmpty()) {
throw new UsernameNotFoundException("Invalid username.");
}
boolean ldapLoginSuccess;
try {
ldapLoginSuccess = ldapService.login(username, (String) authentication.getCredentials());
} catch (LDAPException e) {
throw new AuthenticationServiceException("Connection to LDAP service failed.", e);
}
if (!ldapLoginSuccess) {
throw new BadCredentialsException("Invalid credentials or username.");
}
boolean userExistsLocally = userService.getUserByLogin(username) != null;
if (!userExistsLocally) {
createLocalUser(authentication);
}
return new UsernamePasswordAuthenticationToken(
username,
authentication.getCredentials(),
userDetailsService.loadUserByUsername(username).getAuthorities()
);
}
@Override
public boolean supports(Class<?> authentication) {
if (authentication == null
|| authentication.getName().isEmpty()
|| !UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication)
|| authentication.getName().equals(Configuration.ANONYMOUS_LOGIN)) {
return false;
}
User user = userService.getUserByLogin(authentication.getName());
return user == null || user.isConnectedToLdap();
}
private void createLocalUser(Authentication authentication) {
UserDTO userDTO;
try {
userDTO = ldapService.getUserByLogin(authentication.getName());
} catch (LDAPException e) {
throw new UsernameNotFoundException("Could not find username in LDAP.", e);
}
User newUser = new User();
newUser.setLogin(userDTO.getLogin());
newUser.setCryptedPassword(passwordEncoder.encode((String) authentication.getCredentials()));
newUser.setConnectedToLdap(true);
newUser.setName(userDTO.getFirstName());
newUser.setSurname(userDTO.getLastName());
newUser.setEmail(userDTO.getEmail());
userService.addUser(newUser);
userService.grantDefaultPrivileges(newUser);
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment