Elastic Social Manual / Version 2110
Table Of Contents
When using an LDAP server for user authentication the user database provided by the
CommunityUserService
can be used as a proxy so that the LDAP server will only be used
for authentication and the user details will be copied to and queried from the Elastic Social user database.
In this case a different Spring Security configuration has to be used and a Maven dependency to
org.springframework.security:spring-security-ldap
has to be added. Please refer to the
Spring
Security LDAP documentation for details. Instead of the AuthenticationProvider
provided by Elastic Social, an LdapAuthenticationProvider
must be configured. To get access to extended user information, an
InetOrgPersonContextMapper
is used. And to copy the user details to the
Elastic Social user database after successful authentication, an
ApplicationListener
must be implemented.
package com.example.es.security.ldap; import com.coremedia.cms.delivery.configuration.DeliveryConfigurationProperties; import com.coremedia.elastic.core.api.users.UserService; import com.coremedia.elastic.social.springsecurity.SocialWebSecurityConfigurerAdapter; import org.springframework.beans.factory.ObjectProvider; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper; @Configuration(proxyBeanMethods = false) public class LdapAuthenticationConfiguration extends SocialWebSecurityConfigurerAdapter { private final UserService userService; public LdapAuthenticationConfiguration(DeliveryConfigurationProperties dcp, ObjectProvider<AuthenticationProvider> ap, UserService userService) { super(dcp, ap); this.userService = userService; } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .ldapAuthentication() .userDnPatterns("uid={0},ou=people") .userDetailsContextMapper(new InetOrgPersonContextMapper()) .contextSource().url("ldap://ldap.example.com:389/dc=example,dc=com"); } @Bean public ExampleAuthenticationSuccessEventListener authenticationSuccessEventListener() { return new ExampleAuthenticationSuccessEventListener(userService); } }
Example 4.20. Configuring LDAP Authentication
package com.example.es.security.ldap; import com.coremedia.elastic.core.api.users.User; import com.coremedia.elastic.core.api.users.UserService; import org.springframework.context.ApplicationListener; import org.springframework.security.authentication.event.AuthenticationSuccessEvent; import org.springframework.security.ldap.userdetails.InetOrgPerson; public class ExampleAuthenticationSuccessEventListener implements ApplicationListener<AuthenticationSuccessEvent> { private final UserService userService; public ExampleAuthenticationSuccessEventListener(UserService userService) { this.userService = userService; } @Override public void onApplicationEvent(AuthenticationSuccessEvent event) { InetOrgPerson principal = (InetOrgPerson) event.getAuthentication().getPrincipal(); User user = userService.getUserByName(principal.getUsername()); if (user == null) { user = userService.createUser(principal.getUsername(), principal.getMail()); user.save(); } else if (!user.getEmail().equals(principal.getMail())) { user.setEmail(principal.getMail()); user.save(); } } }
Example 4.21. Implementing an ApplicationListener
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> ... <dependencies> ... <dependency> <groupId>com.coremedia.cms</groupId> <artifactId>cap-delivery-configuration</artifactId> </dependency> <dependency> <groupId>com.coremedia.elastic.social</groupId> <artifactId>social-spring-security</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-ldap</artifactId> </dependency> </dependencies> ... </project>
Example 4.22. Spring LDAP dependencies