Examples of LDAPAuthenticationProvider

• org.acegisecurity.providers.ldap.LdapAuthenticationProvider
  ymachine:389/dc=acegisecurity,dc=org"/> <property name="managerDn"><value>cn=manager,dc=acegisecurity,dc=org</value></property> <property name="managerPassword"><value>password</value></property> </bean> <bean id="ldapAuthProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg> <property name="userDnPatterns"><list><value>uid={0},ou=people</value></list></property> </bean> </constructor-arg> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg> <constructor-arg><value>ou=groups</value></constructor-arg> <property name="groupRoleAttribute"><value>ou</value></property> </bean> </constructor-arg> </bean>

  This would set up the provider to access an LDAP server with URL ldap://monkeymachine:389/dc=acegisecurity,dc=org. Authentication will be performed by attempting to bind with the DN uid=<user-login-name>,ou=people,dc=acegisecurity,dc=org. After successful authentication, roles will be assigned to the user by searching under the DN ou=groups,dc=acegisecurity,dc=org with the default filter (member=<user's-DN>). The role name will be taken from the "ou" attribute of each match.

  The authenticate method will reject empty passwords outright. LDAP servers may allow an anonymous bind operation with an empty password, even if a DN is supplied. In practice this means that if the LDAP directory is configured to allow unauthenitcated access, it might be possible to authenticate as any user just by supplying an empty password. More information on the misuse of unauthenticated access can be found in draft-ietf-ldapbis-authmeth-19.txt.

  @author Luke Taylor @version $Id: LdapAuthenticationProvider.java 1995 2007-08-30 21:12:16Z luke_t $ @see org.acegisecurity.providers.ldap.authenticator.BindAuthenticator @see org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
• org.geoserver.security.ldap.LDAPAuthenticationProvider
  LDAP authentication provider.

  This class doesn't really do anything, it delegates fully to {@link LdapAuthenticationProvider}.

  @author Justin Deoliveira, OpenGeo
• org.springframework.security.ldap.authentication.LdapAuthenticationProvider
  ymachine:389/dc=springframework,dc=org"/> <property name="userDn" value="cn=manager,dc=springframework,dc=org"/> <property name="password" value="password"/> </bean> <bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.ldap.authentication.BindAuthenticator"> <constructor-arg ref="contextSource"/> <property name="userDnPatterns"><list><value>uid={0},ou=people</value></list></property> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator"> <constructor-arg ref="contextSource"/> <constructor-arg value="ou=groups"/> <property name="groupRoleAttribute" value="ou"/> </bean> </constructor-arg> </bean>

  This would set up the provider to access an LDAP server with URL ldap://monkeymachine:389/dc=springframework,dc=org. Authentication will be performed by attempting to bind with the DN uid=<user-login-name>,ou=people,dc=springframework,dc=org. After successful authentication, roles will be assigned to the user by searching under the DN ou=groups,dc=springframework,dc=org with the default filter (member=<user's-DN>). The role name will be taken from the "ou" attribute of each match.

  The authenticate method will reject empty passwords outright. LDAP servers may allow an anonymous bind operation with an empty password, even if a DN is supplied. In practice this means that if the LDAP directory is configured to allow unauthenticated access, it might be possible to authenticate as any user just by supplying an empty password. More information on the misuse of unauthenticated access can be found in draft-ietf-ldapbis-authmeth-19.txt. @author Luke Taylor @see BindAuthenticator @see DefaultLdapAuthoritiesPopulator

Examples of org.acegisecurity.providers.ldap.LdapAuthenticationProvider

                groupSearchBase);
          String groupRoleAttribute = "ou";
          authoritiesPopulator.setGroupRoleAttribute(groupRoleAttribute);

            System.out.println("***********************************");
          LdapAuthenticationProvider ldapAuthenticationProvider =
            new LdapAuthenticationProvider(authenticator, authoritiesPopulator);
          LdapUserInfo user = authenticator.authenticate(userDetails.getUsername(),
              (String)authentication.getCredentials());
          if (user != null) {
              UserDetails u = ldapAuthenticationProvider.retrieveUser(userDetails.getUsername(),
                  authentication);
              System.out.println("user " + u);
          }
          else {
              throw new BadCredentialsException(messages.getMessage(

Examples of org.geoserver.security.ldap.LDAPAuthenticationProvider

                            error("Neither user dn pattern or user filter specified");
                            return;
                        }

                        LDAPSecurityProvider provider = new LDAPSecurityProvider(getSecurityManager());
                        LDAPAuthenticationProvider authProvider = (LDAPAuthenticationProvider) provider
                                .createAuthenticationProvider(ldapConfig);
                        Authentication authentication = authProvider
                                .authenticate(new UsernamePasswordAuthenticationToken(
                                        username, password));
                        if(authentication == null || !authentication.isAuthenticated()) {
                            throw new AuthenticationException("Cannot authenticate " + username);
                        }

Examples of org.springframework.security.ldap.authentication.LdapAuthenticationProvider

        BaseLdapPathContextSource contextSource = getContextSource();
        LdapAuthenticator ldapAuthenticator = createLdapAuthenticator(contextSource);

        LdapAuthoritiesPopulator authoritiesPopulator = getLdapAuthoritiesPopulator();

        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(
                ldapAuthenticator, authoritiesPopulator);
        SimpleAuthorityMapper simpleAuthorityMapper = new SimpleAuthorityMapper();
        simpleAuthorityMapper.setPrefix(rolePrefix);
        simpleAuthorityMapper.afterPropertiesSet();
        ldapAuthenticationProvider.setAuthoritiesMapper(simpleAuthorityMapper);
        if(userDetailsContextMapper != null) {
            ldapAuthenticationProvider.setUserDetailsContextMapper(userDetailsContextMapper);
        }
        return ldapAuthenticationProvider;
    }

Examples of org.springframework.security.ldap.authentication.LdapAuthenticationProvider

        return this;
    }

    @Override
    public void configure(B builder) throws Exception {
        LdapAuthenticationProvider provider = postProcess(build());
        builder.authenticationProvider(provider);
    }

Examples of org.springframework.security.ldap.authentication.LdapAuthenticationProvider

      FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, springSecurityContextSource);

      BindAuthenticator bindAuthenticator = new BindAuthenticator(springSecurityContextSource);
      bindAuthenticator.setUserSearch(userSearch);

      LdapAuthenticationProvider authenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, authoritiesPopulator);

      providerThreadLocal.set(authenticationProvider);
    }

    return providerThreadLocal.get();

Examples of org.springframework.security.ldap.authentication.LdapAuthenticationProvider

      FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, springSecurityContextSource);

      AmbariLdapBindAuthenticator bindAuthenticator = new AmbariLdapBindAuthenticator(springSecurityContextSource, configuration);
      bindAuthenticator.setUserSearch(userSearch);

      LdapAuthenticationProvider authenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, authoritiesPopulator);

      providerThreadLocal.set(authenticationProvider);
    }

    return providerThreadLocal.get();

Examples of org.springframework.security.ldap.authentication.LdapAuthenticationProvider

      FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, springSecurityContextSource);

      AmbariLdapBindAuthenticator bindAuthenticator = new AmbariLdapBindAuthenticator(springSecurityContextSource, configuration);
      bindAuthenticator.setUserSearch(userSearch);

      LdapAuthenticationProvider authenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, authoritiesPopulator);

      providerThreadLocal.set(authenticationProvider);
    }

    return providerThreadLocal.get();

Examples of org.springframework.security.ldap.authentication.LdapAuthenticationProvider

        DefaultLdapAuthoritiesPopulator authoritiesPopulator = new DefaultLdapAuthoritiesPopulator(
                contextSource, groupSearchBase);
        authoritiesPopulator.setGroupRoleAttribute(groupRoleAttribute);
        authoritiesPopulator.setGroupSearchFilter(groupSearchFilter);

        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(
                ldapAuthenticator, authoritiesPopulator);
        SimpleAuthorityMapper simpleAuthorityMapper = new SimpleAuthorityMapper();
        simpleAuthorityMapper.setPrefix(rolePrefix);
        simpleAuthorityMapper.afterPropertiesSet();
        ldapAuthenticationProvider.setAuthoritiesMapper(simpleAuthorityMapper);
        if(userDetailsContextMapper != null) {
            ldapAuthenticationProvider.setUserDetailsContextMapper(userDetailsContextMapper);
        }
        return ldapAuthenticationProvider;
    }

Examples of org.springframework.security.ldap.authentication.LdapAuthenticationProvider

        return this;
    }

    @Override
    public void configure(B builder) throws Exception {
        LdapAuthenticationProvider provider = postProcess(build());
        builder.authenticationProvider(provider);
    }

Examples of org.springframework.security.ldap.authentication.LdapAuthenticationProvider

            authenticator.setUserDnPatterns(new String[] { ldapConfig
                    .getUserDnPattern() });
        }

        LdapAuthoritiesPopulator authPopulator = null;
        LdapAuthenticationProvider provider = null;
        String ugServiceName = ldapConfig.getUserGroupServiceName();
        if (ugServiceName != null) {
            // use local user group service for loading authorities
            GeoServerUserGroupService ugService;
            try {
                ugService = securityManager.loadUserGroupService(ugServiceName);
                authPopulator = new UserDetailsServiceLdapAuthoritiesPopulator(
                        ugService);
                provider = new LdapAuthenticationProvider(authenticator,
                        authPopulator);
            } catch (IOException e) {
                LOGGER.log(Level.SEVERE, String.format(
                        "Unable to load user group service '%s', "
                                + "will use LDAP server for calculating roles",
                        ugServiceName), e);
            }
        }

        if (authPopulator == null) {
            // fall back to looking up roles via LDAP server, choosing
            // between default and binding populator
            if (ldapConfig.isBindBeforeGroupSearch()) {
                authPopulator = new BindingLdapAuthoritiesPopulator(
                        ldapContext, ldapConfig.getGroupSearchBase());
                if (ldapConfig.getGroupSearchFilter() != null) {
                    ((BindingLdapAuthoritiesPopulator) authPopulator)
                            .setGroupSearchFilter(ldapConfig
                                    .getGroupSearchFilter());
                }
                provider = new LdapAuthenticationProvider(authenticator,
                        authPopulator) {
                    /**
                     * We need to give authoritiesPopulator both username and
                     * password, so it can bind to the LDAP server. We encode
                     * them in the username:password format.
                     */
                    @Override
                    protected Collection<? extends GrantedAuthority> loadUserAuthorities(
                            DirContextOperations userData, String username,
                            String password) {
                        return getAuthoritiesPopulator().getGrantedAuthorities(
                                userData, username + ":" + password);
                    }
                };
            } else {
                authPopulator = new DefaultLdapAuthoritiesPopulator(
                        ldapContext, ldapConfig.getGroupSearchBase());

                if (ldapConfig.getGroupSearchFilter() != null) {
                    ((DefaultLdapAuthoritiesPopulator) authPopulator)
                            .setGroupSearchFilter(ldapConfig
                                    .getGroupSearchFilter());
                }
                provider = new LdapAuthenticationProvider(authenticator,
                        authPopulator);
            }

        }