Deleted original Ldap BD parser.
This commit is contained in:
Luke Taylor
parent
14e68618a5
commit
9d671fbdbf
|
|
@ -1,190 +0,0 @@
|
|||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
|
||||
import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
|
||||
import org.springframework.security.providers.ldap.LdapAuthenticationProvider;
|
||||
import org.springframework.security.providers.ldap.authenticator.BindAuthenticator;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.ldap.core.DirContextAdapter;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.apache.directory.server.configuration.MutableServerStartupConfiguration;
|
||||
import org.apache.directory.server.core.partition.impl.btree.MutableBTreePartitionConfiguration;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
import javax.naming.NamingException;
|
||||
import java.util.HashSet;
|
||||
|
||||
/**
|
||||
* Experimental "security:ldap" namespace configuration.
|
||||
*
|
||||
*
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
* @since 2.0
|
||||
*/
|
||||
public class LdapBeanDefinitionParser implements BeanDefinitionParser {
|
||||
private Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
/** Defines the Url of the ldap server to use. If not specified, an embedded apache DS instance will be created */
|
||||
private static final String URL_ATTRIBUTE = "url";
|
||||
private static final String AUTH_TYPE_ATTRIBUTE = "auth";
|
||||
private static final String PRINCIPAL_ATTRIBUTE = "manager-dn";
|
||||
private static final String PASSWORD_ATTRIBUTE = "manager-password";
|
||||
|
||||
// Properties which apply to embedded server only - when no Url is set
|
||||
|
||||
/** sets the configuration suffix (default is "dc=springframework,dc=org"). */
|
||||
public static final String ROOT_SUFFIX_ATTRIBUTE = "root";
|
||||
|
||||
/**
|
||||
* Optionally defines an ldif resource to be loaded. Otherwise an attempt will be made to load all ldif files
|
||||
* found on the classpath.
|
||||
*/
|
||||
public static final String LDIF_FILE_ATTRIBUTE = "ldif";
|
||||
|
||||
/** Defines the port the LDAP server should run on */
|
||||
public static final String PORT_ATTRIBUTE = "port";
|
||||
public static final String DEFAULT_LDAP_PORT = "33389";
|
||||
|
||||
// Defaults
|
||||
private static final String DEFAULT_ROOT_SUFFIX = "dc=springframework,dc=org";
|
||||
// private static final String DEFAULT_PROVIDER_BEAN_ID = "_ldapAuthenticationProvider";
|
||||
private static final String DEFAULT_DN_PATTERN = "uid={0},ou=people";
|
||||
private static final String DEFAULT_GROUP_CONTEXT = "ou=groups";
|
||||
|
||||
|
||||
public BeanDefinition parse(Element elt, ParserContext parserContext) {
|
||||
String url = elt.getAttribute(URL_ATTRIBUTE);
|
||||
|
||||
RootBeanDefinition contextSource;
|
||||
|
||||
if (!StringUtils.hasText(url)) {
|
||||
contextSource = createEmbeddedServer(elt, parserContext);
|
||||
} else {
|
||||
contextSource = new RootBeanDefinition(DefaultSpringSecurityContextSource.class);
|
||||
contextSource.getConstructorArgumentValues().addIndexedArgumentValue(0, url);
|
||||
}
|
||||
|
||||
String managerDn = elt.getAttribute(PRINCIPAL_ATTRIBUTE);
|
||||
String managerPassword = elt.getAttribute(PASSWORD_ATTRIBUTE);
|
||||
|
||||
if (StringUtils.hasText(managerDn)) {
|
||||
Assert.hasText(managerPassword, "You must specify the " + PASSWORD_ATTRIBUTE +
|
||||
" if you supply a " + managerDn);
|
||||
|
||||
contextSource.getPropertyValues().addPropertyValue("userDn", managerDn);
|
||||
contextSource.getPropertyValues().addPropertyValue("password", managerPassword);
|
||||
}
|
||||
|
||||
String id = elt.getAttribute(AbstractBeanDefinitionParser.ID_ATTRIBUTE);
|
||||
String contextSourceId = "contextSource";
|
||||
|
||||
if (StringUtils.hasText(id)) {
|
||||
contextSourceId = id + "." + contextSourceId;
|
||||
}
|
||||
|
||||
if (parserContext.getRegistry().containsBeanDefinition(contextSourceId)) {
|
||||
logger.warn("Bean already exists with Id '" + contextSourceId + "'");
|
||||
}
|
||||
|
||||
parserContext.getRegistry().registerBeanDefinition(contextSourceId, contextSource);
|
||||
|
||||
RootBeanDefinition bindAuthenticator = new RootBeanDefinition(BindAuthenticator.class);
|
||||
bindAuthenticator.getConstructorArgumentValues().addGenericArgumentValue(contextSource);
|
||||
bindAuthenticator.getPropertyValues().addPropertyValue("userDnPatterns", new String[] {DEFAULT_DN_PATTERN});
|
||||
RootBeanDefinition authoritiesPopulator = new RootBeanDefinition(DefaultLdapAuthoritiesPopulator.class);
|
||||
authoritiesPopulator.getConstructorArgumentValues().addGenericArgumentValue(contextSource);
|
||||
authoritiesPopulator.getConstructorArgumentValues().addGenericArgumentValue(DEFAULT_GROUP_CONTEXT);
|
||||
|
||||
RootBeanDefinition ldapProvider = new RootBeanDefinition(LdapAuthenticationProvider.class);
|
||||
ldapProvider.getConstructorArgumentValues().addGenericArgumentValue(bindAuthenticator);
|
||||
ldapProvider.getConstructorArgumentValues().addGenericArgumentValue(authoritiesPopulator);
|
||||
|
||||
ConfigUtils.getRegisteredProviders(parserContext).add(ldapProvider);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Will be called if no url attribute is supplied.
|
||||
*
|
||||
* Registers beans to create an embedded apache directory server.
|
||||
*
|
||||
* @param element
|
||||
* @param parserContext
|
||||
*
|
||||
* @return the BeanDefinition for the ContextSource for the embedded server.
|
||||
*
|
||||
* @see ApacheDSContainer
|
||||
*/
|
||||
private RootBeanDefinition createEmbeddedServer(Element element, ParserContext parserContext) {
|
||||
MutableServerStartupConfiguration configuration = new MutableServerStartupConfiguration();
|
||||
MutableBTreePartitionConfiguration partition = new MutableBTreePartitionConfiguration();
|
||||
|
||||
partition.setName("springsecurity");
|
||||
|
||||
DirContextAdapter rootContext = new DirContextAdapter();
|
||||
rootContext.setAttributeValues("objectClass", new String[] {"top", "domain", "extensibleObject"});
|
||||
rootContext.setAttributeValue("dc", "springsecurity");
|
||||
|
||||
partition.setContextEntry(rootContext.getAttributes());
|
||||
|
||||
String suffix = element.getAttribute(ROOT_SUFFIX_ATTRIBUTE);
|
||||
|
||||
if (!StringUtils.hasText(suffix)) {
|
||||
suffix = DEFAULT_ROOT_SUFFIX;
|
||||
}
|
||||
|
||||
try {
|
||||
partition.setSuffix(suffix);
|
||||
} catch (NamingException e) {
|
||||
// TODO: What exception should we be throwing here ?
|
||||
parserContext.getReaderContext().error("Failed to set root name suffix to " + suffix, element, e);
|
||||
}
|
||||
|
||||
HashSet partitions = new HashSet(1);
|
||||
partitions.add(partition);
|
||||
|
||||
String port = element.getAttribute(PORT_ATTRIBUTE);
|
||||
|
||||
if (!StringUtils.hasText(port)) {
|
||||
port = DEFAULT_LDAP_PORT;
|
||||
}
|
||||
|
||||
configuration.setLdapPort(Integer.parseInt(port));
|
||||
|
||||
// We shut down the server ourself when the app context is closed so we don't need
|
||||
// the extra shutdown hook from apache DS itself.
|
||||
configuration.setShutdownHookEnabled(false);
|
||||
configuration.setExitVmOnShutdown(false);
|
||||
configuration.setContextPartitionConfigurations(partitions);
|
||||
|
||||
RootBeanDefinition contextSource = new RootBeanDefinition(DefaultSpringSecurityContextSource.class);
|
||||
contextSource.getConstructorArgumentValues().addIndexedArgumentValue(0, "ldap://127.0.0.1:" + port + "/" + suffix);
|
||||
|
||||
contextSource.getPropertyValues().addPropertyValue("userDn", "uid=admin,ou=system");
|
||||
contextSource.getPropertyValues().addPropertyValue("password", "secret");
|
||||
|
||||
RootBeanDefinition apacheDSStartStop = new RootBeanDefinition(ApacheDSContainer.class);
|
||||
apacheDSStartStop.getConstructorArgumentValues().addGenericArgumentValue(configuration);
|
||||
apacheDSStartStop.getConstructorArgumentValues().addGenericArgumentValue(contextSource);
|
||||
|
||||
if (parserContext.getRegistry().containsBeanDefinition("_apacheDSStartStopBean")) {
|
||||
parserContext.getReaderContext().error("Only one embedded server bean is allowed per application context",
|
||||
element);
|
||||
}
|
||||
|
||||
parserContext.getRegistry().registerBeanDefinition("_apacheDSStartStopBean", apacheDSStartStop);
|
||||
|
||||
return contextSource;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,69 +0,0 @@
|
|||
package org.springframework.security.config;
|
||||
|
||||
import org.springframework.security.providers.ProviderManager;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.providers.ldap.LdapAuthenticationProvider;
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.userdetails.ldap.LdapUserDetailsImpl;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.ldap.core.LdapTemplate;
|
||||
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
|
||||
import org.springframework.beans.BeansException;
|
||||
|
||||
import org.junit.AfterClass;
|
||||
import static org.junit.Assert.*;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.junit.Assert;
|
||||
|
||||
|
||||
/**
|
||||
* @author luke
|
||||
* @version $Id$
|
||||
*/
|
||||
public class LdapBeanDefinitionParserTests {
|
||||
private static ClassPathXmlApplicationContext appContext;
|
||||
|
||||
@BeforeClass
|
||||
public static void loadContext() {
|
||||
|
||||
try {
|
||||
appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/ldap-embedded-default.xml");
|
||||
} catch (BeansException e) {
|
||||
e.printStackTrace();
|
||||
Assert.fail("Exception loading context " + e);
|
||||
}
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
public static void closeContext() {
|
||||
// Make sure apache ds shuts down
|
||||
if (appContext != null) {
|
||||
appContext.close();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testContextContainsExpectedBeansAndData() {
|
||||
BaseLdapPathContextSource idcf = (BaseLdapPathContextSource) appContext.getBean("contextSource");
|
||||
|
||||
// assertEquals("dc=springframework, dc=org", idcf.getBaseLdapPathAsString());
|
||||
|
||||
// Check data is loaded
|
||||
LdapTemplate template = new LdapTemplate(idcf);
|
||||
|
||||
template.lookup("uid=ben,ou=people");
|
||||
|
||||
ProviderManager authManager = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
|
||||
|
||||
assertEquals(1, authManager.getProviders().size());
|
||||
|
||||
LdapAuthenticationProvider provider = (LdapAuthenticationProvider) authManager.getProviders().get(0);
|
||||
|
||||
Authentication auth = provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
|
||||
|
||||
LdapUserDetailsImpl ben = (LdapUserDetailsImpl) auth.getPrincipal();
|
||||
|
||||
assertEquals(2, ben.getAuthorities().length);
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue