=== modified file 'dhis-2/dhis-services/dhis-service-core/pom.xml' --- dhis-2/dhis-services/dhis-service-core/pom.xml 2015-10-20 22:50:17 +0000 +++ dhis-2/dhis-services/dhis-service-core/pom.xml 2015-10-25 19:44:21 +0000 @@ -93,8 +93,12 @@ org.apache.jclouds.provider aws-s3 - - + + org.springframework.security + spring-security-ldap + + + org.smslib === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java 2015-01-17 07:41:26 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java 2015-10-25 20:30:23 +0000 @@ -1,49 +1,15 @@ package org.hisp.dhis.security; -/* - * Copyright (c) 2004-2015, University of Oslo - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * Neither the name of the HISP project nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -import org.hisp.dhis.user.UserAuthorityGroup; +import org.hisp.dhis.system.util.SecurityUtils; import org.hisp.dhis.user.UserCredentials; import org.hisp.dhis.user.UserService; import org.springframework.dao.DataAccessException; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.transaction.annotation.Transactional; -import java.util.Collection; -import java.util.HashSet; -import java.util.Set; - /** * @author Torgeir Lorange Ostby */ @@ -88,25 +54,6 @@ boolean credentialsExpired = userService.credentialsNonExpired( credentials ); return new User( credentials.getUsername(), credentials.getPassword(), - !credentials.isDisabled(), true, credentialsExpired, true, getGrantedAuthorities( credentials ) ); - } - - // ------------------------------------------------------------------------- - // Supportive methods - // ------------------------------------------------------------------------- - - private Collection getGrantedAuthorities( UserCredentials credentials ) - { - Set authorities = new HashSet<>(); - - for ( UserAuthorityGroup group : credentials.getUserAuthorityGroups() ) - { - for ( String authority : group.getAuthorities() ) - { - authorities.add( new SimpleGrantedAuthority( authority ) ); - } - } - - return authorities; + !credentials.isDisabled(), true, credentialsExpired, true, SecurityUtils.getGrantedAuthorities( credentials ) ); } } === added directory 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/ldap' === added directory 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/ldap/authentication' === added file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/ldap/authentication/DhisBindAuthenticator.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/ldap/authentication/DhisBindAuthenticator.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/ldap/authentication/DhisBindAuthenticator.java 2015-10-27 14:11:44 +0000 @@ -0,0 +1,70 @@ +package org.hisp.dhis.security.ldap.authentication; + +/* + * Copyright (c) 2004-2015, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import org.hisp.dhis.external.conf.DhisConfigurationProvider; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.ldap.core.DirContextOperations; +import org.springframework.ldap.core.support.BaseLdapPathContextSource; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.core.Authentication; +import org.springframework.security.ldap.authentication.BindAuthenticator; + +/** + * Authenticator which checks whether LDAP authentication is configured. If not, + * the authentication will be aborted, otherwise authentication is delegated to + * Spring BindAuthenticator. + * + * @author Lars Helge Overland + */ +public class DhisBindAuthenticator + extends BindAuthenticator +{ + @Autowired + private DhisConfigurationProvider configurationProvider; + + public DhisBindAuthenticator( BaseLdapPathContextSource contextSource ) + { + super( contextSource ); + } + + @Override + public DirContextOperations authenticate( Authentication authentication ) + { + boolean ldapConf = configurationProvider.isLdapConfigured(); + + System.out.println( "IS LDAP CONF " + ldapConf ); + if ( !ldapConf ) + { + throw new BadCredentialsException( "LDAP authentication is not configured" ); + } + + return super.authenticate( authentication ); + } +} === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/security.xml' --- dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/security.xml 2015-08-25 13:54:00 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/security.xml 2015-10-27 14:11:44 +0000 @@ -21,13 +21,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -50,6 +86,5 @@ - === added directory 'dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf' === added file 'dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java' --- dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java 2015-10-27 14:11:44 +0000 @@ -0,0 +1,71 @@ +package org.hisp.dhis.external.conf; + +/* + * Copyright (c) 2004-2015, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * @author Lars Helge Overland + */ +public enum ConfigurationKey +{ + KEY_LDAP_URL( "ldap.url", "ldaps://0:1" ), + KEY_LDAP_MANAGER_DN( "ldap.manager.dn" ), + KEY_LDAP_MANAGER_PASSWORD( "ldap.manager.password" ), + KEY_LDAP_DN_PATTERNS( "ldap.dn.patterns", "" ), + KEY_FILESTORE_PROVIDER( "filestore.provider", "filesystem" ), + KEY_FILE_STORE_CONTAINER( "filestore.container" ), + KEY_FILE_STORE_LOCATION( "filestore.location" ), + KEY_FILE_STORE_IDENTITY( "filestore.identity" ), + KEY_FILE_STORE_SECRET( "filestore.secret" ); + + private final String key; + + private final String defaultValue; + + ConfigurationKey( String key ) + { + this.key = key; + this.defaultValue = null; + } + + ConfigurationKey( String key, String defaultValue ) + { + this.key = key; + this.defaultValue = defaultValue; + } + + public String getKey() + { + return key; + } + + public String getDefaultValue() + { + return defaultValue; + } +} === added file 'dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationPropertyFactoryBean.java' --- dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationPropertyFactoryBean.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationPropertyFactoryBean.java 2015-10-27 03:18:11 +0000 @@ -0,0 +1,104 @@ +package org.hisp.dhis.external.conf; + +import java.util.List; + +/* + * Copyright (c) 2004-2015, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import org.springframework.beans.factory.FactoryBean; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.util.Assert; + +import com.google.common.collect.Lists; + +/** + * Factory bean which allows for DHIS configuration property values to be + * injected into target beans. + * + * @param key must reflect a {@link ConfigurationKey}. + * + * @author Lars Helge Overland + */ +public class ConfigurationPropertyFactoryBean + implements FactoryBean +{ + // ------------------------------------------------------------------------- + // Dependencies + // ------------------------------------------------------------------------- + + @Autowired + private DhisConfigurationProvider configurationProvider; + + private ConfigurationKey key; + + public ConfigurationPropertyFactoryBean( ConfigurationKey key ) + { + this.key = key; + } + + private boolean list; + + public void setList( boolean list ) + { + this.list = list; + } + + // ------------------------------------------------------------------------- + // FactoryBean implementation + // ------------------------------------------------------------------------- + + @Override + public Object getObject() + throws Exception + { + Assert.notNull( key, "Configuration key must be specified" ); + + String value = configurationProvider.getProperty( key ); + + if ( list ) + { + return value != null ? Lists.newArrayList( value.split( ";" ) ) : value; + } + else + { + return value; + } + } + + @Override + public Class getObjectType() + { + return list ? List.class : String.class; + } + + @Override + public boolean isSingleton() + { + return true; + } +} === added file 'dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/DefaultDhisConfigurationProvider.java' --- dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/DefaultDhisConfigurationProvider.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/DefaultDhisConfigurationProvider.java 2015-10-27 14:11:44 +0000 @@ -0,0 +1,136 @@ +package org.hisp.dhis.external.conf; + +/* + * Copyright (c) 2004-2015, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import java.io.IOException; +import java.io.InputStream; +import java.util.Properties; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.hisp.dhis.external.location.LocationManager; +import org.hisp.dhis.external.location.LocationManagerException; + +/** + * @author Lars Helge Overland + */ +public class DefaultDhisConfigurationProvider + implements DhisConfigurationProvider +{ + private static final Log log = LogFactory.getLog( DefaultDhisConfigurationProvider.class ); + + private static final String CONF_FILENAME = "dhis.conf"; + + // ------------------------------------------------------------------------- + // Dependencies + // ------------------------------------------------------------------------- + + private LocationManager locationManager; + + public void setLocationManager( LocationManager locationManager ) + { + this.locationManager = locationManager; + } + + /** + * Cache for properties. + */ + private Properties properties; + + public void init() + { + InputStream in = null; + + try + { + in = locationManager.getInputStream( CONF_FILENAME ); + } + catch ( LocationManagerException ex1 ) + { + log.debug( "Could not load dhis.conf" ); + + try // Deprecated + { + in = locationManager.getInputStream( "hibernate.properties" ); + } + catch ( LocationManagerException ex2 ) + { + log.debug( "Could not load hibernate.properties" ); + } + } + + Properties properties = new Properties(); + + if ( in != null ) + { + try + { + properties.load( in ); + } + catch ( IOException ex ) + { + throw new IllegalStateException( "Properties could not be loaded", ex ); + } + } + + this.properties = properties; + } + + // ------------------------------------------------------------------------- + // DhisConfigurationProvider implementation + // ------------------------------------------------------------------------- + + @Override + public Properties getProperties() + { + return properties; + } + + @Override + public String getProperty( ConfigurationKey key ) + { + return properties.getProperty( key.getKey(), key.getDefaultValue() ); + } + + @Override + public String getPropertyOrDefault( ConfigurationKey key, String defaultValue ) + { + return properties.getProperty( key.getKey(), defaultValue ); + } + + @Override + public boolean isLdapConfigured() + { + String ldapUrl = getProperty( ConfigurationKey.KEY_LDAP_URL ); + String dnPatterns = getProperty( ConfigurationKey.KEY_LDAP_DN_PATTERNS ); + + return !( ConfigurationKey.KEY_LDAP_URL.getDefaultValue().equals( ldapUrl ) || + ConfigurationKey.KEY_LDAP_DN_PATTERNS.getDefaultValue().equals( dnPatterns ) ); + } +} === added file 'dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/DhisConfigurationProvider.java' --- dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/DhisConfigurationProvider.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/DhisConfigurationProvider.java 2015-10-27 14:11:44 +0000 @@ -0,0 +1,73 @@ +package org.hisp.dhis.external.conf; + +/* + * Copyright (c) 2004-2015, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import java.util.Properties; + +/** + * Interface which provides access to the DHIS 2 configuration specified through + * the dhis.config or hibernate.properties file. + * + * @author Lars Helge Overland + */ +public interface DhisConfigurationProvider +{ + /** + * Get configuration as a set of properties. + * + * @return a Properties instance. + */ + Properties getProperties(); + + /** + * Get the property value for the given key, or the default value for the + * configuration key if not exists. + * + * @param key the configuration key. + * @return the property value. + */ + String getProperty( ConfigurationKey key ); + + /** + * Get the property value for the given key, or the default value if not + * exists. + * + * @param key the configuration key. + * @param defaultValue the default value. + * @return the property value. + */ + String getPropertyOrDefault( ConfigurationKey key, String defaultValue ); + + /** + * Indicates whether LDAP authentication is configured. + * + * @return true if LDAP authentication is configured. + */ + boolean isLdapConfigured(); +} === modified file 'dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/location/DefaultLocationManager.java' --- dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/location/DefaultLocationManager.java 2015-10-01 13:14:27 +0000 +++ dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/location/DefaultLocationManager.java 2015-10-27 03:18:11 +0000 @@ -44,7 +44,6 @@ /** * @author Lars Helge Overland - * @version $Id$ */ public class DefaultLocationManager implements LocationManager === modified file 'dhis-2/dhis-support/dhis-support-external/src/main/resources/META-INF/dhis/beans.xml' --- dhis-2/dhis-support/dhis-support-external/src/main/resources/META-INF/dhis/beans.xml 2014-12-04 06:39:46 +0000 +++ dhis-2/dhis-support/dhis-support-external/src/main/resources/META-INF/dhis/beans.xml 2015-10-27 03:18:11 +0000 @@ -13,10 +13,13 @@ + + + + - === modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/ConnectionPropertyFactoryBean.java' --- dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/ConnectionPropertyFactoryBean.java 2015-02-19 09:18:17 +0000 +++ dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/ConnectionPropertyFactoryBean.java 2015-10-27 03:18:11 +0000 @@ -33,7 +33,6 @@ /** * @author Lars Helge Overland - * @version $Id$ */ public class ConnectionPropertyFactoryBean implements FactoryBean === modified file 'dhis-2/dhis-support/dhis-support-system/pom.xml' --- dhis-2/dhis-support/dhis-support-system/pom.xml 2015-10-20 22:50:17 +0000 +++ dhis-2/dhis-support/dhis-support-system/pom.xml 2015-10-25 20:30:23 +0000 @@ -60,6 +60,10 @@ org.springframework spring-jdbc + + org.springframework.security + spring-security-core + === added file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/SecurityUtils.java' --- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/SecurityUtils.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/SecurityUtils.java 2015-10-25 20:30:23 +0000 @@ -0,0 +1,28 @@ +package org.hisp.dhis.system.util; + +import java.util.Collection; +import java.util.HashSet; +import java.util.Set; + +import org.hisp.dhis.user.UserAuthorityGroup; +import org.hisp.dhis.user.UserCredentials; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; + +public class SecurityUtils +{ + public static Collection getGrantedAuthorities( UserCredentials credentials ) + { + Set authorities = new HashSet<>(); + + for ( UserAuthorityGroup group : credentials.getUserAuthorityGroups() ) + { + for ( String authority : group.getAuthorities() ) + { + authorities.add( new SimpleGrantedAuthority( authority ) ); + } + } + + return authorities; + } +} === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DefaultAuthenticationSuccessHandler.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DefaultAuthenticationSuccessHandler.java 2015-08-06 14:04:41 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DefaultAuthenticationSuccessHandler.java 2015-10-27 03:18:11 +0000 @@ -41,6 +41,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.User; +import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; /** @@ -69,7 +70,16 @@ { HttpSession session = request.getSession(); - String username = ((User)authentication.getPrincipal()).getUsername(); + String username = null; + + if ( User.class.isAssignableFrom( authentication.getClass() ) ) + { + username = ((User)authentication.getPrincipal()).getUsername(); + } + else if ( LdapUserDetailsImpl.class.isAssignableFrom( authentication.getClass() ) ) + { + username = ((LdapUserDetailsImpl)authentication.getPrincipal()).getUsername(); + } session.setAttribute( "userIs", username); session.setAttribute( LoginInterceptor.JLI_SESSION_VARIABLE, Boolean.TRUE ); === modified file 'dhis-2/pom.xml' --- dhis-2/pom.xml 2015-10-21 09:51:51 +0000 +++ dhis-2/pom.xml 2015-10-25 19:44:21 +0000 @@ -509,6 +509,11 @@ + + org.springframework.security + spring-security-ldap + ${spring.security.version} +