When using an LDAP server for user authentication the user database provided by the
CommunityUserService can be used as a proxy so that the LDAP server will only be used
for authentication and the user details will be copied to and queried from the Elastic Social user database.
In this case a different Spring Security configuration has to be used and a Maven dependency to
org.springframework.security:spring-security-ldap has to be added. Please refer to the
Spring
Security LDAP documentation for details. Instead of the AuthenticationProvider
provided by Elastic Social, a LdapAuthenticationProvider
must be configured. To get access to extended user information, an
InetOrgPersonContextMapper is used. And to copy the user details to the
Elastic Social user database after successful authentication, an
ApplicationListener must be implemented.
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/ \
spring-security.xsd">
...
<security:ldap-server url="ldap://ldap.example.com:389/ \
dc=example,dc=com"/>
<security:authentication-manager alias="authenticationManager">
<security:ldap-authentication-provider
user-dn-pattern="uid={0},ou=people"
user-context-mapper-ref="userDetailsContextMapper"/>
</security:authentication-manager>
<bean id="userDetailsContextMapper"
class="org.springframework.security.ldap. \
userdetails.InetOrgPersonContextMapper"/>
<bean class="com.example.authentication. \
ExampleAuthenticationSuccessEventListener"/>
...
</beans>
Example 4.22. Configuring LDAP Authentication
package com.example.authentication;
import com.coremedia.elastic.core.api.user.User;
import com.coremedia.elastic.core.api.user.UserService;
import javax.inject.Inject;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event. \
AuthenticationSuccessEvent;
import org.springframework.security.ldap.userdetails.InetOrgPerson;
public class ExampleAuthenticationSuccessEventListener
implements ApplicationListener<AuthenticationSuccessEvent> {
@Inject
public UserService userService;
public void onApplicationEvent(AuthenticationSuccessEvent event) {
InetOrgPerson principal = (InetOrgPerson)
event.getAuthentication().getPrincipal();
User user = userService.getUserByName(principal.getUsername());
if (user == null) {
user = userService.createUser(principal.getUsername(), null,
principal.getMail(), true);
user.save();
} else {
if (!user.getEmail().equals(principal.getMail())) {
user.setEmail(principal.getMail());
user.save();
}
}
}
}
Example 4.23. Implementing an ApplicationListener
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd">
...
<dependencies>
...
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>3.1.0.RELEASE</version>
</dependency>
</dependencies>
...
</project>
Example 4.24. Spring LDAP dependency
 |  |  |
 |