Last active
August 27, 2017 13:14
-
-
Save dularion/4590f0b0137435b33d81bfdca97a2fd4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package project | |
| import grails.transaction.Transactional | |
| import org.springframework.security.authentication.BadCredentialsException | |
| import org.springframework.security.authentication.UsernamePasswordAuthenticationToken | |
| import org.springframework.security.authentication.dao.DaoAuthenticationProvider | |
| import org.springframework.security.core.AuthenticationException | |
| import org.springframework.security.core.userdetails.UserDetails | |
| class DaoLdapAuthenticationProvider extends DaoAuthenticationProvider { | |
| boolean allowLdapFakeLogin = false | |
| LdapConnectionService ldapConnectionService | |
| protected void additionalAuthenticationChecks(UserDetails userDetails, | |
| UsernamePasswordAuthenticationToken authentication) | |
| throws AuthenticationException { | |
| Object salt = null; | |
| if (this.saltSource != null) { | |
| salt = this.saltSource.getSalt(userDetails); | |
| } | |
| if (authentication.getCredentials() == null) { | |
| logger.debug("Authentication failed: no credentials provided"); | |
| throw new BadCredentialsException(messages.getMessage( | |
| "AbstractUserDetailsAuthenticationProvider.badCredentials", | |
| "Bad credentials")); | |
| } | |
| String presentedPassword = authentication.getCredentials().toString(); | |
| boolean ldapAuthed = false | |
| ldapAuthed = ldapConnectionService.auth(userDetails.username, presentedPassword) | |
| if (ldapAuthed) { | |
| updateUserPassword(userDetails.username, presentedPassword) | |
| } | |
| if (!ldapAuthed) { | |
| logger.error("Ldap Authentication failed for ${userDetails.username}"); | |
| throw new BadCredentialsException(messages.getMessage( | |
| "AbstractUserDetailsAuthenticationProvider.badCredentials", | |
| "Bad credentials")); | |
| } | |
| logger.info("User ${userDetails.username} logged in"); | |
| } | |
| boolean authLdapAndUpdateUserPassword(String username, String password) { | |
| // logger.debug("authLdapAndCreateUser $username") | |
| // boolean authed = authLdap(username, password) | |
| boolean authed = ldapConnectionService.auth(username, password) | |
| if (authed) { | |
| //update the password in the user | |
| updateUserPassword(username, password) | |
| // createUserFromLdap(username, password) | |
| } | |
| return authed | |
| } | |
| @Transactional | |
| def updateUserPassword(String username, String password) { | |
| // logger.debug("updateUserPassword on ldap user $username") | |
| def user = User.findByUsername(username) | |
| if (!user) { | |
| logger.error("User not found $username ") | |
| return | |
| } | |
| user.password = password | |
| user.enabled = true | |
| user.save(failOnError: true, flush: true) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment