=== modified file 'dhis-2/dhis-services/dhis-service-core/pom.xml'
--- dhis-2/dhis-services/dhis-service-core/pom.xml 2015-10-20 22:50:17 +0000
+++ dhis-2/dhis-services/dhis-service-core/pom.xml 2015-10-25 19:44:21 +0000
@@ -93,8 +93,12 @@
org.apache.jclouds.provideraws-s3
-
-
+
+ org.springframework.security
+ spring-security-ldap
+
+
+
org.smslib
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java 2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java 2015-10-25 20:30:23 +0000
@@ -1,49 +1,15 @@
package org.hisp.dhis.security;
-/*
- * Copyright (c) 2004-2015, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.hisp.dhis.user.UserAuthorityGroup;
+import org.hisp.dhis.system.util.SecurityUtils;
import org.hisp.dhis.user.UserCredentials;
import org.hisp.dhis.user.UserService;
import org.springframework.dao.DataAccessException;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.transaction.annotation.Transactional;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Set;
-
/**
* @author Torgeir Lorange Ostby
*/
@@ -88,25 +54,6 @@
boolean credentialsExpired = userService.credentialsNonExpired( credentials );
return new User( credentials.getUsername(), credentials.getPassword(),
- !credentials.isDisabled(), true, credentialsExpired, true, getGrantedAuthorities( credentials ) );
- }
-
- // -------------------------------------------------------------------------
- // Supportive methods
- // -------------------------------------------------------------------------
-
- private Collection getGrantedAuthorities( UserCredentials credentials )
- {
- Set authorities = new HashSet<>();
-
- for ( UserAuthorityGroup group : credentials.getUserAuthorityGroups() )
- {
- for ( String authority : group.getAuthorities() )
- {
- authorities.add( new SimpleGrantedAuthority( authority ) );
- }
- }
-
- return authorities;
+ !credentials.isDisabled(), true, credentialsExpired, true, SecurityUtils.getGrantedAuthorities( credentials ) );
}
}
=== added directory 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/ldap'
=== added directory 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/ldap/authentication'
=== added file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/ldap/authentication/DhisBindAuthenticator.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/ldap/authentication/DhisBindAuthenticator.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/ldap/authentication/DhisBindAuthenticator.java 2015-10-27 14:11:44 +0000
@@ -0,0 +1,70 @@
+package org.hisp.dhis.security.ldap.authentication;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.external.conf.DhisConfigurationProvider;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.ldap.core.support.BaseLdapPathContextSource;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.ldap.authentication.BindAuthenticator;
+
+/**
+ * Authenticator which checks whether LDAP authentication is configured. If not,
+ * the authentication will be aborted, otherwise authentication is delegated to
+ * Spring BindAuthenticator.
+ *
+ * @author Lars Helge Overland
+ */
+public class DhisBindAuthenticator
+ extends BindAuthenticator
+{
+ @Autowired
+ private DhisConfigurationProvider configurationProvider;
+
+ public DhisBindAuthenticator( BaseLdapPathContextSource contextSource )
+ {
+ super( contextSource );
+ }
+
+ @Override
+ public DirContextOperations authenticate( Authentication authentication )
+ {
+ boolean ldapConf = configurationProvider.isLdapConfigured();
+
+ System.out.println( "IS LDAP CONF " + ldapConf );
+ if ( !ldapConf )
+ {
+ throw new BadCredentialsException( "LDAP authentication is not configured" );
+ }
+
+ return super.authenticate( authentication );
+ }
+}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/security.xml 2015-08-25 13:54:00 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/security.xml 2015-10-27 14:11:44 +0000
@@ -21,13 +21,49 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -50,6 +86,5 @@
-
=== added directory 'dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf'
=== added file 'dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java'
--- dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java 2015-10-27 14:11:44 +0000
@@ -0,0 +1,71 @@
+package org.hisp.dhis.external.conf;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @author Lars Helge Overland
+ */
+public enum ConfigurationKey
+{
+ KEY_LDAP_URL( "ldap.url", "ldaps://0:1" ),
+ KEY_LDAP_MANAGER_DN( "ldap.manager.dn" ),
+ KEY_LDAP_MANAGER_PASSWORD( "ldap.manager.password" ),
+ KEY_LDAP_DN_PATTERNS( "ldap.dn.patterns", "" ),
+ KEY_FILESTORE_PROVIDER( "filestore.provider", "filesystem" ),
+ KEY_FILE_STORE_CONTAINER( "filestore.container" ),
+ KEY_FILE_STORE_LOCATION( "filestore.location" ),
+ KEY_FILE_STORE_IDENTITY( "filestore.identity" ),
+ KEY_FILE_STORE_SECRET( "filestore.secret" );
+
+ private final String key;
+
+ private final String defaultValue;
+
+ ConfigurationKey( String key )
+ {
+ this.key = key;
+ this.defaultValue = null;
+ }
+
+ ConfigurationKey( String key, String defaultValue )
+ {
+ this.key = key;
+ this.defaultValue = defaultValue;
+ }
+
+ public String getKey()
+ {
+ return key;
+ }
+
+ public String getDefaultValue()
+ {
+ return defaultValue;
+ }
+}
=== added file 'dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationPropertyFactoryBean.java'
--- dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationPropertyFactoryBean.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationPropertyFactoryBean.java 2015-10-27 03:18:11 +0000
@@ -0,0 +1,104 @@
+package org.hisp.dhis.external.conf;
+
+import java.util.List;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.springframework.beans.factory.FactoryBean;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.Assert;
+
+import com.google.common.collect.Lists;
+
+/**
+ * Factory bean which allows for DHIS configuration property values to be
+ * injected into target beans.
+ *
+ * @param key must reflect a {@link ConfigurationKey}.
+ *
+ * @author Lars Helge Overland
+ */
+public class ConfigurationPropertyFactoryBean
+ implements FactoryBean
+
+ org.springframework.security
+ spring-security-core
+
=== added file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/SecurityUtils.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/SecurityUtils.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/SecurityUtils.java 2015-10-25 20:30:23 +0000
@@ -0,0 +1,28 @@
+package org.hisp.dhis.system.util;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.hisp.dhis.user.UserAuthorityGroup;
+import org.hisp.dhis.user.UserCredentials;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
+public class SecurityUtils
+{
+ public static Collection getGrantedAuthorities( UserCredentials credentials )
+ {
+ Set authorities = new HashSet<>();
+
+ for ( UserAuthorityGroup group : credentials.getUserAuthorityGroups() )
+ {
+ for ( String authority : group.getAuthorities() )
+ {
+ authorities.add( new SimpleGrantedAuthority( authority ) );
+ }
+ }
+
+ return authorities;
+ }
+}
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DefaultAuthenticationSuccessHandler.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DefaultAuthenticationSuccessHandler.java 2015-08-06 14:04:41 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DefaultAuthenticationSuccessHandler.java 2015-10-27 03:18:11 +0000
@@ -41,6 +41,7 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.User;
+import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
/**
@@ -69,7 +70,16 @@
{
HttpSession session = request.getSession();
- String username = ((User)authentication.getPrincipal()).getUsername();
+ String username = null;
+
+ if ( User.class.isAssignableFrom( authentication.getClass() ) )
+ {
+ username = ((User)authentication.getPrincipal()).getUsername();
+ }
+ else if ( LdapUserDetailsImpl.class.isAssignableFrom( authentication.getClass() ) )
+ {
+ username = ((LdapUserDetailsImpl)authentication.getPrincipal()).getUsername();
+ }
session.setAttribute( "userIs", username);
session.setAttribute( LoginInterceptor.JLI_SESSION_VARIABLE, Boolean.TRUE );
=== modified file 'dhis-2/pom.xml'
--- dhis-2/pom.xml 2015-10-21 09:51:51 +0000
+++ dhis-2/pom.xml 2015-10-25 19:44:21 +0000
@@ -509,6 +509,11 @@
+
+ org.springframework.security
+ spring-security-ldap
+ ${spring.security.version}
+