close

Filter

Elastic Social Manual / Version 2107

Table Of Contents

4.7.4.2 LDAP Authentication

When using an LDAP server for user authentication the user database provided by the CommunityUserService can be used as a proxy so that the LDAP server will only be used for authentication and the user details will be copied to and queried from the Elastic Social user database.

In this case a different Spring Security configuration has to be used and a Maven dependency to org.springframework.security:spring-security-ldap has to be added. Please refer to the Spring Security LDAP documentation for details. Instead of the AuthenticationProvider provided by Elastic Social, an LdapAuthenticationProvider must be configured. To get access to extended user information, an InetOrgPersonContextMapper is used. And to copy the user details to the Elastic Social user database after successful authentication, an ApplicationListener must be implemented. 

package com.example.es.security.ldap;

import com.coremedia.cms.delivery.configuration.DeliveryConfigurationProperties;
import com.coremedia.elastic.core.api.users.UserService;
import com.coremedia.elastic.social.springsecurity.SocialWebSecurityConfigurerAdapter;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper;

@Configuration(proxyBeanMethods = false)
public class LdapAuthenticationConfiguration extends SocialWebSecurityConfigurerAdapter {

  private final UserService userService;

  public LdapAuthenticationConfiguration(DeliveryConfigurationProperties dcp,
                                         ObjectProvider<AuthenticationProvider> ap,
                                         UserService userService) {
    super(dcp, ap);
    this.userService = userService;
  }

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
            .ldapAuthentication()
            .userDnPatterns("uid={0},ou=people")
            .userDetailsContextMapper(new InetOrgPersonContextMapper())
            .contextSource().url("ldap://ldap.example.com:389/dc=example,dc=com");
  }

  @Bean
  public ExampleAuthenticationSuccessEventListener authenticationSuccessEventListener() {
    return new ExampleAuthenticationSuccessEventListener(userService);
  }
}

Example 4.20. Configuring LDAP Authentication


package com.example.es.security.ldap;

import com.coremedia.elastic.core.api.users.User;
import com.coremedia.elastic.core.api.users.UserService;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.ldap.userdetails.InetOrgPerson;

public class ExampleAuthenticationSuccessEventListener
        implements ApplicationListener<AuthenticationSuccessEvent> {

  private final UserService userService;

  public ExampleAuthenticationSuccessEventListener(UserService userService) {
    this.userService = userService;
  }

  @Override
  public void onApplicationEvent(AuthenticationSuccessEvent event) {
    InetOrgPerson principal = (InetOrgPerson) event.getAuthentication().getPrincipal();
    User user = userService.getUserByName(principal.getUsername());
    if (user == null) {
      user = userService.createUser(principal.getUsername(), principal.getMail());
      user.save();
    } else if (!user.getEmail().equals(principal.getMail())) {
      user.setEmail(principal.getMail());
      user.save();
    }
  }
}

Example 4.21. Implementing an ApplicationListener


<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
                             http://maven.apache.org/xsd/maven-4.0.0.xsd">
  ...
  <dependencies>
    ...
    <dependency>
      <groupId>com.coremedia.cms</groupId>
      <artifactId>cap-delivery-configuration</artifactId>
    </dependency>
    <dependency>
      <groupId>com.coremedia.elastic.social</groupId>
      <artifactId>social-spring-security</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-config</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-ldap</artifactId>
    </dependency>
  </dependencies>
  ...
</project>

Example 4.22. Spring LDAP dependencies


Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.