Merge pull request #21 from corsoft/master

spring-security-mvc-ldap - initial version

.gitignore

@@ -4,3 +4,23 @@
 *.jar
 *.war
 *.ear
+
+
+# Eclipse
+.classpath
+.project
+.settings/
+.prefs
+*.prefs
+
+# Intellij
+.idea/
+*.iml
+*.iws
+
+# Mac
+.DS_Store
+
+# Maven
+log/
+target/

spring-security-mvc-ldap/README.md

@@ -0,0 +1,17 @@
+
+## Spring Security with LDAP Example Project
+
+
+### Relevant Article: 
+- [Spring Security - security none, filters none, access permitAll](http://www.baeldung.com/security-none-filters-none-access-permitAll)
+- [Spring Security Basic Authentication](http://www.baeldung.com/spring-security-basic-authentication)
+
+
+### Notes
+- the project uses Spring Boot - simply run 'SampleLDAPApplication.java' to start up Spring Boot with a Tomcat container and embedded LDAP server.
+- Once started, open 'http://localhost:8080'
+- This will display the publicly available Home Page
+- Navigate to 'Secure Page' to trigger authentication
+- Username: 'baeldung', password: 'password'
+- This will authenticate you, and display your allocated roles (as defined in the 'users.ldif' file)
+

spring-security-mvc-ldap/pom.xml

@@ -0,0 +1,75 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<groupId>org.baeldung</groupId>
+	<artifactId>spring-security-mvc-ldap</artifactId>
+	<version>0.1-SNAPSHOT</version>
+
+	<name>spring-security-mvc-ldap</name>
+	<packaging>war</packaging>
+
+	<parent>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-parent</artifactId>
+		<version>1.1.1.RELEASE</version>
+	</parent>
+
+	<dependencies>
+
+		<!-- Spring Boot Dependencies -->
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-thymeleaf</artifactId>
+		</dependency>
+
+		<!-- LDAP Dependencies -->
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-ldap</artifactId>
+			<version>3.2.4.RELEASE</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.ldap</groupId>
+			<artifactId>spring-ldap-core</artifactId>
+			<version>2.0.2.RELEASE</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.ldap</groupId>
+			<artifactId>spring-ldap-core-tiger</artifactId>
+			<version>2.0.2.RELEASE</version>
+		</dependency>
+
+		<dependency>
+			<!-- Is the ApacheDS server - 1.5.6 and 1.5.7 don't work -->
+			<groupId>org.apache.directory.server</groupId>
+			<artifactId>apacheds-server-jndi</artifactId>
+			<version>1.5.5</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.mina</groupId>
+			<artifactId>mina-core</artifactId>
+			<version>2.0.7</version>
+		</dependency>
+
+	</dependencies>
+
+	<build>
+		<finalName>spring-security-mvc-ldap</finalName>
+		<resources>
+			<resource>
+				<directory>src/main/resources</directory>
+				<filtering>true</filtering>
+			</resource>
+		</resources>
+	</build>
+
+	<properties>
+
+	</properties>
+
+</project>

spring-security-mvc-ldap/src/main/java/org/baeldung/SampleLDAPApplication.java

@@ -0,0 +1,27 @@
+package org.baeldung;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+
+/**
+ * Main Application Class - uses Spring Boot. Just run this as a normal Java
+ * class to run up a Jetty Server (on http://localhost:8080)
+ * 
+ */
+@EnableAutoConfiguration
+@ComponentScan("org.baeldung")
+public class SampleLDAPApplication extends WebMvcConfigurerAdapter {
+
+	public static void main(String[] args) {
+		SpringApplication.run(SampleLDAPApplication.class, args);
+	}
+
+	@Override
+	public void addViewControllers(ViewControllerRegistry registry) {
+		registry.addViewController("/login").setViewName("login");
+	}
+
+}

spring-security-mvc-ldap/src/main/java/org/baeldung/controller/MyController.java

@@ -0,0 +1,74 @@
+package org.baeldung.controller;
+
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+/**
+ * Spring Controller Definitions.
+ */
+@Controller
+public class MyController {
+
+	@RequestMapping("/")
+	public String init(Map<String, Object> model, Principal principal) {
+		model.put("title", "PUBLIC AREA");
+		model.put("message", "Any user can view this page");
+	    model.put("username", getUserName(principal));
+	    model.put("userroles", getUserRoles(principal));
+		return "home";
+	}
+
+	@RequestMapping("/secure")
+	public String secure(Map<String, Object> model, Principal principal) {	
+		model.put("title", "SECURE AREA");
+		model.put("message", "Only Authorised Users Can See This Page");
+		model.put("username", getUserName(principal));
+		model.put("userroles", getUserRoles(principal));
+		return "home";
+	}
+	
+	private String getUserName(Principal principal){
+		
+		if(principal == null){
+			return "anonymous";
+		}else{
+			
+			final UserDetails currentUser = (UserDetails) ((Authentication) principal).getPrincipal(); 
+			Collection<? extends GrantedAuthority> authorities = currentUser.getAuthorities();
+			for(GrantedAuthority grantedAuthority : authorities) {
+				System.out.println(grantedAuthority.getAuthority());
+			}
+			return principal.getName();
+		}
+	}
+	
+	private Collection<String> getUserRoles(Principal principal){
+		
+		if(principal == null){
+			return Arrays.asList("none");
+		}else{
+			
+			Set<String> roles = new HashSet<String>();
+			
+			final UserDetails currentUser = (UserDetails) ((Authentication) principal).getPrincipal(); 
+			Collection<? extends GrantedAuthority> authorities = currentUser.getAuthorities();
+			for(GrantedAuthority grantedAuthority : authorities) {
+				roles.add(grantedAuthority.getAuthority());
+			}
+			return roles;
+		}
+	}
+	
+}
+

spring-security-mvc-ldap/src/main/java/org/baeldung/security/SecurityConfig.java

@@ -0,0 +1,51 @@
+package org.baeldung.security;
+
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.stereotype.Controller;
+
+/**
+ * Security Configuration - LDAP and HTTP Authorizations.
+ */
+@EnableAutoConfiguration
+@ComponentScan
+@Controller
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+	@Override
+	protected void configure(AuthenticationManagerBuilder auth)
+			throws Exception {
+		
+		auth.ldapAuthentication()
+		.userSearchBase("ou=people")
+		.userSearchFilter("(uid={0})")
+		.groupSearchBase("ou=groups")
+		.groupSearchFilter("member={0}")
+		.contextSource()
+		.root("dc=baeldung,dc=com")
+		.ldif("classpath:users.ldif");
+		
+	}
+	
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+
+        http
+        .authorizeRequests()
+            .antMatchers("/", "/home").permitAll()
+            .anyRequest().authenticated();
+		http
+        .formLogin()
+            .loginPage("/login")
+            .permitAll()
+            .and()
+        .logout()
+            .logoutSuccessUrl("/");
+
+	
+	}
+	
+}

spring-security-mvc-ldap/src/main/resources/logback.xml

@@ -0,0 +1,22 @@
+<configuration>
+
+	<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+		<encoder>
+			<pattern>web - %date [%thread] %-5level %logger{36} - %message%n
+			</pattern>
+		</encoder>
+	</appender>
+
+	<logger name="org.springframework" level="WARN" />
+	<logger name="org.springframework.transaction" level="WARN" />
+
+	<logger name="org.springframework.web.servlet.mvc" level="WARN" />
+
+	<logger name="org.springframework.boot" level="WARN" />
+	<logger name="org.springframework.security" level="WARN" />
+
+	<root level="INFO">
+		<appender-ref ref="STDOUT" />
+	</root>
+
+</configuration>

spring-security-mvc-ldap/src/main/resources/templates/error.html

@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+<title>Error</title>
+<link rel="stylesheet" th:href="@{/css/bootstrap.min.css}"
+	href="../../css/bootstrap.min.css" />
+</head>
+<body>
+	<div class="container">
+		<div class="navbar">
+			<div class="navbar-inner">
+				<a class="brand" href="http://www.thymeleaf.org"> Thymeleaf -
+					Plain </a>
+				<ul class="nav">
+					<li><a th:href="@{/}" href="home.html"> Home </a></li>
+					<li><a th:href="@{/secure}" href="secure.html"> Secure Page </a></li>
+				</ul>
+			</div>
+		</div>
+		<h1 th:text="${title}"></h1>
+		<div id="created" th:text="${#dates.format(timestamp)}"></div>
+		<div>
+			There was an unexpected error (type=<span th:text="${error}">Bad</span>, status=<span th:text="${status}">500</span>).
+		</div>
+		<div th:text="${message}">Fake content</div>
+		<div>
+			Please contact the operator with the above information.
+		</div>
+		
+	</div>
+</body>
+</html>

spring-security-mvc-ldap/src/main/resources/templates/home.html

@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+<title th:text="${title}">Title</title>
+<link rel="stylesheet" th:href="@{/css/bootstrap.min.css}"
+	href="../../css/bootstrap.min.css" />
+</head>
+<body>
+	<div class="container">
+	
+		<div class="navbar">
+			<div class="navbar-inner">
+				<a class="brand" href="http://www.thymeleaf.org"> Thymeleaf -
+					Plain </a>
+				<ul class="nav">
+					<li><a th:href="@{/}" href="home.html"> Home </a></li>
+					<li><a th:href="@{/secure}" href="home.html"> Secure Page </a></li>
+				</ul>
+			</div>
+		</div>
+		
+		
+		<div id="content">
+			<p>
+				<h1 th:text="${title}"></h1>
+				<h2 th:text="${message}"></h2>
+			</p>
+		</div>
+		
+		<div id="footer">
+			<p>
+				Logged in as: <span th:text="${username}"></span>, Roles: <span th:text="${userroles}"></span>
+			</p>
+		</div>
+	</div>
+</body>
+</html>

spring-security-mvc-ldap/src/main/resources/templates/login.html

@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+<title>Login</title>
+<link rel="stylesheet" th:href="@{/css/bootstrap.min.css}"
+	href="../../css/bootstrap.min.css" />
+</head>
+<body onload="document.f.username.focus();">
+	<div class="container">
+		<div class="navbar">
+			<div class="navbar-inner">
+				<a class="brand" href="http://www.thymeleaf.org"> Thymeleaf -
+					Plain </a>
+				<ul class="nav">
+					<li><a th:href="@{/}" href="home.html"> Home </a></li>
+					<li><a th:href="@{/secure}" href="home.html"> Secure Page </a></li>
+				</ul>
+			</div>
+		</div>
+		<div class="content">
+			<p th:if="${param.logout}" class="alert">You have been logged out</p>
+			<p th:if="${param.error}" class="alert alert-error">There was an error, please try again</p>
+			<h2>Login with Username and Password</h2>
+			<form name="form" th:action="@{/login}" action="/login" method="POST">
+				<fieldset>
+					<input type="text" name="username" value="" placeholder="Username" />
+					<input type="password" name="password" placeholder="Password" />
+				</fieldset>
+				<input type="submit" id="login" value="Login"
+					class="btn btn-primary" />
+			</form>
+		</div>
+		
+	</div>
+</body>
+</html>

spring-security-mvc-ldap/src/main/resources/users.ldif

@@ -0,0 +1,31 @@
+dn: ou=groups,dc=baeldung,dc=com
+objectclass: top
+objectclass: organizationalUnit
+ou: groups
+
+dn: ou=people,dc=baeldung,dc=com
+objectclass: top
+objectclass: organizationalUnit
+ou: people
+
+dn: uid=baeldung,ou=people,dc=baeldung,dc=com
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+cn: Jim Beam
+sn: Beam
+uid: baeldung
+userPassword: password
+
+dn: cn=admin,ou=groups,dc=baeldung,dc=com
+objectclass: top
+objectclass: groupOfNames
+cn: admin
+member: uid=baeldung,ou=people,dc=baeldung,dc=com
+
+dn: cn=user,ou=groups,dc=baeldung,dc=com
+objectclass: top
+objectclass: groupOfNames
+cn: user
+member: uid=baeldung,ou=people,dc=baeldung,dc=com

spring-security-mvc-ldap/src/test/resources/.gitignore

@@ -0,0 +1,13 @@
+*.class
+
+#folders#
+/target
+/neoDb*
+/data
+/src/main/webapp/WEB-INF/classes
+*/META-INF/*
+
+# Packaged files #
+*.jar
+*.war
+*.ear