Elastic Social Manual / Version 2307
Table Of Contents
When using an LDAP server for user authentication the user database provided by the
CommunityUserService
can be used as a proxy so that the LDAP server will only be used
for authentication and the user details will be copied to and queried from the Elastic Social user database.
In this case a different Spring Security configuration has to be used and a Maven dependency to
org.springframework.security:spring-security-ldap
has to be added. Please refer to the
Spring Security LDAP documentation
for details. Instead of the SocialWebSecurityAutoConfiguration.authenticationProvider
,
an LdapAuthenticationProvider
must be configured. To get access to extended user
information, an InetOrgPersonContextMapper
is used. And to copy the user details
to the Elastic Social user database after successful authentication, an
ApplicationListener
must be implemented.
package com.example.es.security.ldap; import com.coremedia.elastic.core.api.users.UserService; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.ldap.core.support.BaseLdapPathContextSource; import org.springframework.ldap.core.support.LdapContextSource; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.BeanIds; import org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory; import org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper; @Configuration(proxyBeanMethods = false) public class LdapAuthenticationConfiguration { @Bean(BeanIds.AUTHENTICATION_MANAGER) @ConditionalOnMissingBean AuthenticationManager authenticationManager(BaseLdapPathContextSource contextSource) { LdapBindAuthenticationManagerFactory factory = new LdapBindAuthenticationManagerFactory(contextSource); factory.setUserDnPatterns("uid={0},ou=people"); factory.setUserDetailsContextMapper(new InetOrgPersonContextMapper()); return factory.createAuthenticationManager(); } @Bean LdapContextSource contextSource() { LdapContextSource source = new LdapContextSource(); source.setUrl("ldap://ldap.example.com:389/dc=example,dc=com"); return source; } @Bean ExampleAuthenticationSuccessEventListener authenticationSuccessEventListener(UserService userService) { return new ExampleAuthenticationSuccessEventListener(userService); } }
Example 4.20. Configuring LDAP Authentication
package com.example.es.security.ldap; import com.coremedia.elastic.core.api.users.User; import com.coremedia.elastic.core.api.users.UserService; import org.springframework.context.ApplicationListener; import org.springframework.security.authentication.event.AuthenticationSuccessEvent; import org.springframework.security.ldap.userdetails.InetOrgPerson; public class ExampleAuthenticationSuccessEventListener implements ApplicationListener<AuthenticationSuccessEvent> { private final UserService userService; public ExampleAuthenticationSuccessEventListener(UserService userService) { this.userService = userService; } @Override public void onApplicationEvent(AuthenticationSuccessEvent event) { InetOrgPerson principal = (InetOrgPerson) event.getAuthentication().getPrincipal(); User user = userService.getUserByName(principal.getUsername()); if (user == null) { user = userService.createUser(principal.getUsername(), principal.getMail()); user.save(); } else if (!user.getEmail().equals(principal.getMail())) { user.setEmail(principal.getMail()); user.save(); } } }
Example 4.21. Implementing an ApplicationListener
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> ... <dependencies> ... <dependency> <groupId>com.coremedia.elastic.social</groupId> <artifactId>social-spring-security</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-ldap</artifactId> </dependency> <dependency> <groupId>org.springframework.ldap</groupId> <artifactId>spring-ldap-core</artifactId> </dependency> </dependencies> ... </project>
Example 4.22. Spring LDAP dependencies