close

Filter

Elastic Social Manual / Version 2401

Table Of Contents

4.7.4.2 LDAP Authentication

When using an LDAP server for user authentication the user database provided by the CommunityUserService can be used as a proxy so that the LDAP server will only be used for authentication and the user details will be copied to and queried from the Elastic Social user database.

In this case a different Spring Security configuration has to be used and a Maven dependency to org.springframework.security:spring-security-ldap has to be added. Please refer to the Spring Security LDAP documentation for details. Instead of the SocialWebSecurityAutoConfiguration.authenticationProvider, an LdapAuthenticationProvider must be configured. To get access to extended user information, an InetOrgPersonContextMapper is used. And to copy the user details to the Elastic Social user database after successful authentication, an ApplicationListener must be implemented.

package com.example.es.security.ldap;

import com.coremedia.elastic.core.api.users.UserService;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory;
import org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper;

@Configuration(proxyBeanMethods = false)
public class LdapAuthenticationConfiguration {

  @Bean(BeanIds.AUTHENTICATION_MANAGER)
  @ConditionalOnMissingBean
  AuthenticationManager authenticationManager(BaseLdapPathContextSource contextSource) {
    LdapBindAuthenticationManagerFactory factory =
            new LdapBindAuthenticationManagerFactory(contextSource);
    factory.setUserDnPatterns("uid={0},ou=people");
    factory.setUserDetailsContextMapper(new InetOrgPersonContextMapper());
    return factory.createAuthenticationManager();
  }

  @Bean
  LdapContextSource contextSource() {
    LdapContextSource source = new LdapContextSource();
    source.setUrl("ldap://ldap.example.com:389/dc=example,dc=com");
    return source;
  }

  @Bean
  ExampleAuthenticationSuccessEventListener authenticationSuccessEventListener(UserService userService) {
    return new ExampleAuthenticationSuccessEventListener(userService);
  }
}

Example 4.20. Configuring LDAP Authentication


package com.example.es.security.ldap;

import com.coremedia.elastic.core.api.users.User;
import com.coremedia.elastic.core.api.users.UserService;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.ldap.userdetails.InetOrgPerson;

public class ExampleAuthenticationSuccessEventListener
        implements ApplicationListener<AuthenticationSuccessEvent> {

  private final UserService userService;

  public ExampleAuthenticationSuccessEventListener(UserService userService) {
    this.userService = userService;
  }

  @Override
  public void onApplicationEvent(AuthenticationSuccessEvent event) {
    InetOrgPerson principal = (InetOrgPerson) event.getAuthentication().getPrincipal();
    User user = userService.getUserByName(principal.getUsername());
    if (user == null) {
      user = userService.createUser(principal.getUsername(), principal.getMail());
      user.save();
    } else if (!user.getEmail().equals(principal.getMail())) {
      user.setEmail(principal.getMail());
      user.save();
    }
  }
}

Example 4.21. Implementing an ApplicationListener


<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
                             http://maven.apache.org/xsd/maven-4.0.0.xsd">
  ...
  <dependencies>
    ...
    <dependency>
      <groupId>com.coremedia.elastic.social</groupId>
      <artifactId>social-spring-security</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-config</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-ldap</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.ldap</groupId>
      <artifactId>spring-ldap-core</artifactId>
    </dependency>
  </dependencies>
  ...
</project>

Example 4.22. Spring LDAP dependencies


Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.