Announcement Announcement Module
Collapse
No announcement yet.
Athentication & Authorization in 3 steps Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Athentication & Authorization in 3 steps

    Hi!

    I want to do the authentication and authorization in three phases. The steps are:

    *Go to the database with the username and get the information about his enterprise's ldap (ldap's connections info aren't static and they are load from database)

    *With the info of the step 1. Get the authentication from ldap.

    *And as the last step get the user's roles from db.

    I had implemented the two last phases but I did it with static info for the ldap.

    I want to know how i can get dinamic ContextSource for the Ldap connection. Should I implement a new ContextSource?

    Tanks!

  • #2
    I solved the problem.

    I did my own provider that implements AuthenticationProvider and it have a four parameter's constructor:

    public FiltroProvider(DefaultSpringSecurityContextSource contextSource,MyConfiguratior configurator,BindAuthenticator authenticator, LdapAuthoritiesPopulator authoritiesPopulator)

    The class MyConfigurator extends JdbcDaoSupport and it have this method
    that gets the ldap parameters from BBDD:

    public String[] loadLdapConfigUser(String username)

    my Provider has this method for authentication:

    Code:
    public Authentication authenticate(Authentication authentication)
        throws AuthenticationException
    {
    UsernamePasswordAuthenticationToken userToken;
        String username;
        String password;
        Assert.isInstanceOf(org.springframework.security.providers.UsernamePasswordAuthenticationToken.class, authentication, messages.getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports", "Only UsernamePasswordAuthenticationToken is supported"));
        userToken = (UsernamePasswordAuthenticationToken)authentication;
        username = userToken.getName();
        if(!StringUtils.hasLength(username))
            throw new BadCredentialsException(messages.getMessage("LdapAuthenticationProvider.emptyUsername", "Empty Username"));
        password = (String)authentication.getCredentials();
        Assert.notNull(password, "Null password was supplied in authentication token");
        if(password.length() == 0)
        {
            logger.debug("Rejecting empty password for user " + username);
            throw new BadCredentialsException(messages.getMessage("LdapAuthenticationProvider.emptyPassword", "Empty Password"));
        }
        try{
        UserDetails user;
        String[] configParams = configurator.loadLdapConfigUser(username);
        if(configParams == null){
        	throw new BadCredentialsException(messages.getMessage("LdapAuthenticationProvider.missingEnterprise", "No enterprise were found"));
        }
        contextSource.setUserDn(configParams[1]);
        contextSource.setPassword(configParams[2]);
        contextSource.setUrl(configParams[0]);
        authenticator.setUserDnPatterns(new String[]{configParams[3]});
        
        DirContextOperations userData = getAuthenticator().authenticate(authentication);
        GrantedAuthority extraAuthorities[] = loadUserAuthorities(userData, username, password);
        user = userDetailsContextMapper.mapUserFromContext(userData, username, extraAuthorities);
        return createSuccessfulAuthentication(userToken, user);
        }catch( NamingException e){
        	 throw new AuthenticationServiceException(e.getMessage(), e);
        }
    }
    And the contextSecurity xml file is:

    Code:
    <!-- this is an default value-->
    <bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    			<constructor-arg value="ldap://localhost:389"/>
    			<property name="userDn" value="CN=ldapuser,OU=junest,DC=extrec,DC=com"/>
    			<property name="password" value="*****"/>
    	</bean>
    
    		
    	<bean id="ldapAuthProvider"
    		class="com.quantobit.filtro.FiltroProvider">
    			<constructor-arg ref="contextSource"/>
    			<constructor-arg ref="configurator"/>
    			<constructor-arg ref="authenticator"/>
    	                 <constructor-arg ref="populator"/>
    	        <s:custom-authentication-provider/>
    	</bean> 
    	
    	
    	<bean id="configurator" class="com.secret.MyConfiguratior">
    		<constructor-arg>
    		 	<ref local="seguridadDataSource"/>
    		 </constructor-arg>
    	</bean>
    
    	<bean id="authenticator" class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
    	            <constructor-arg ref="contextSource"/>
    	            <property name="userDnPatterns">
    	                <list>
    	                    <value>cn={0},,OU=junest,DC=extrec,DC=com</value>
    	                </list>
    	            </property>
    	</bean>
    
    	<bean id="populator" class="com.secret.MyLdapFilter">
    		 <constructor-arg>
    		 	<ref local="jdbcUserService"/>
    		 </constructor-arg>
    	</bean>
    
    
        <bean id="seguridadDataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" destroy-method="close"
                   p:driverClassName="com.mysql.jdbc.Driver" p:url="jdbc:mysql://localhost:3306/solveexample?autoReconnect=true"
                   p:username="root" p:password="root"/>
        
    	<bean id="jdbcUserService" class="com.quantobit.filtro.FiltroUserDetailsService">
            <property name="dataSource" ref="seguridadDataSource" />
    	</bean>
    thanks!

    Comment


    • #3
      I think you can implement your own scope for getting target ContextSource, or create proxy for it.

      It looks like similar to having multiple DataSourceS:

      http://forum.springframework.org/showthread.php?t=64382

      http://mdeinum.wordpress.com/2007/01...ient-database/

      Comment

      Working...
      X