1 | /* Copyright 2006-2009 the original author or authors. |
---|
2 | * |
---|
3 | * Licensed under the Apache License, Version 2.0 (the "License"); |
---|
4 | * you may not use this file except in compliance with the License. |
---|
5 | * You may obtain a copy of the License at |
---|
6 | * |
---|
7 | * http://www.apache.org/licenses/LICENSE-2.0 |
---|
8 | * |
---|
9 | * Unless required by applicable law or agreed to in writing, software |
---|
10 | * distributed under the License is distributed on an "AS IS" BASIS, |
---|
11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
---|
12 | * See the License for the specific language governing permissions and |
---|
13 | * limitations under the License. |
---|
14 | */ |
---|
15 | package org.codehaus.groovy.grails.plugins.springsecurity.ldap |
---|
16 | |
---|
17 | import org.codehaus.groovy.grails.plugins.springsecurity.ldap.GrailsLdapUser |
---|
18 | |
---|
19 | import org.springframework.ldap.core.DirContextOperations |
---|
20 | import org.springframework.security.GrantedAuthority |
---|
21 | import org.springframework.security.userdetails.UserDetails |
---|
22 | import org.springframework.security.userdetails.ldap.LdapUserDetails |
---|
23 | import org.springframework.security.userdetails.ldap.LdapUserDetailsMapper |
---|
24 | |
---|
25 | /** |
---|
26 | * Extends the default to return a {@link GrailsLdapUser} implementing |
---|
27 | * both {@link GrailsUser} and {@link LdapUserDetails}. |
---|
28 | * |
---|
29 | * @author <a href='mailto:beckwithb@studentsonly.com'>Burt Beckwith</a> |
---|
30 | */ |
---|
31 | class GrailsLdapUserDetailsMapper extends LdapUserDetailsMapper { |
---|
32 | |
---|
33 | /** |
---|
34 | * Dependency injection for the user details service. |
---|
35 | */ |
---|
36 | def userDetailsService |
---|
37 | |
---|
38 | /** |
---|
39 | * Dependency injection for whether to use passwords retrieved from LDAP. |
---|
40 | */ |
---|
41 | boolean usePassword |
---|
42 | |
---|
43 | /** |
---|
44 | * Dependency injection for whether to retrieve roles from the database in addition to LDAP |
---|
45 | */ |
---|
46 | boolean retrieveDatabaseRoles |
---|
47 | |
---|
48 | /** |
---|
49 | * {@inheritDoc} |
---|
50 | * @see org.springframework.security.userdetails.ldap.LdapUserDetailsMapper#mapUserFromContext( |
---|
51 | * org.springframework.ldap.core.DirContextOperations, java.lang.String, |
---|
52 | * org.springframework.security.GrantedAuthority[]) |
---|
53 | */ |
---|
54 | @Override |
---|
55 | UserDetails mapUserFromContext(DirContextOperations ctx, String username, GrantedAuthority[] authorities) { |
---|
56 | |
---|
57 | def dbDetails = userDetailsService.loadUserByUsername(username, retrieveDatabaseRoles) |
---|
58 | authorities = mergeDatabaseRoles(dbDetails, authorities) |
---|
59 | |
---|
60 | LdapUserDetails ldapDetails = (LdapUserDetails)super.mapUserFromContext(ctx, username, authorities) |
---|
61 | if (usePassword) { |
---|
62 | return new GrailsLdapUser(ldapDetails, dbDetails.domainClass) |
---|
63 | } |
---|
64 | |
---|
65 | // use a dummy password to avoid an exception from the User base class |
---|
66 | return new GrailsLdapUser(details.username, 'not_used', details.enabled, |
---|
67 | details.accountNonExpired, details.credentialsNonExpired, |
---|
68 | details.accountNonLocked, details.authorities, |
---|
69 | details.attributes, details.dn, dbDetails.domainClass) |
---|
70 | } |
---|
71 | |
---|
72 | private GrantedAuthority[] mergeDatabaseRoles(details, GrantedAuthority[] authorities) { |
---|
73 | List merged = [] |
---|
74 | if (authorities) { |
---|
75 | merged.addAll(authorities as List) |
---|
76 | } |
---|
77 | |
---|
78 | if (details.authorities) { |
---|
79 | merged.addAll(details.authorities as List) |
---|
80 | } |
---|
81 | |
---|
82 | return merged as GrantedAuthority[] |
---|
83 | } |
---|
84 | } |
---|