I solved the problem.
I did my own provider that implements AuthenticationProvider and it have a four parameter's constructor:
public FiltroProvider(DefaultSpringSecurityContextSource contextSource,MyConfiguratior configurator,BindAuthenticator authenticator, LdapAuthoritiesPopulator authoritiesPopulator)
The class MyConfigurator extends JdbcDaoSupport and it have this method
that gets the ldap parameters from BBDD:
public String[] loadLdapConfigUser(String username)
my Provider has this method for authentication:
Code:
public Authentication authenticate(Authentication authentication)
throws AuthenticationException
{
UsernamePasswordAuthenticationToken userToken;
String username;
String password;
Assert.isInstanceOf(org.springframework.security.providers.UsernamePasswordAuthenticationToken.class, authentication, messages.getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports", "Only UsernamePasswordAuthenticationToken is supported"));
userToken = (UsernamePasswordAuthenticationToken)authentication;
username = userToken.getName();
if(!StringUtils.hasLength(username))
throw new BadCredentialsException(messages.getMessage("LdapAuthenticationProvider.emptyUsername", "Empty Username"));
password = (String)authentication.getCredentials();
Assert.notNull(password, "Null password was supplied in authentication token");
if(password.length() == 0)
{
logger.debug("Rejecting empty password for user " + username);
throw new BadCredentialsException(messages.getMessage("LdapAuthenticationProvider.emptyPassword", "Empty Password"));
}
try{
UserDetails user;
String[] configParams = configurator.loadLdapConfigUser(username);
if(configParams == null){
throw new BadCredentialsException(messages.getMessage("LdapAuthenticationProvider.missingEnterprise", "No enterprise were found"));
}
contextSource.setUserDn(configParams[1]);
contextSource.setPassword(configParams[2]);
contextSource.setUrl(configParams[0]);
authenticator.setUserDnPatterns(new String[]{configParams[3]});
DirContextOperations userData = getAuthenticator().authenticate(authentication);
GrantedAuthority extraAuthorities[] = loadUserAuthorities(userData, username, password);
user = userDetailsContextMapper.mapUserFromContext(userData, username, extraAuthorities);
return createSuccessfulAuthentication(userToken, user);
}catch( NamingException e){
throw new AuthenticationServiceException(e.getMessage(), e);
}
}
And the contextSecurity xml file is:
Code:
<!-- this is an default value-->
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://localhost:389"/>
<property name="userDn" value="CN=ldapuser,OU=junest,DC=extrec,DC=com"/>
<property name="password" value="*****"/>
</bean>
<bean id="ldapAuthProvider"
class="com.quantobit.filtro.FiltroProvider">
<constructor-arg ref="contextSource"/>
<constructor-arg ref="configurator"/>
<constructor-arg ref="authenticator"/>
<constructor-arg ref="populator"/>
<s:custom-authentication-provider/>
</bean>
<bean id="configurator" class="com.secret.MyConfiguratior">
<constructor-arg>
<ref local="seguridadDataSource"/>
</constructor-arg>
</bean>
<bean id="authenticator" class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg ref="contextSource"/>
<property name="userDnPatterns">
<list>
<value>cn={0},,OU=junest,DC=extrec,DC=com</value>
</list>
</property>
</bean>
<bean id="populator" class="com.secret.MyLdapFilter">
<constructor-arg>
<ref local="jdbcUserService"/>
</constructor-arg>
</bean>
<bean id="seguridadDataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" destroy-method="close"
p:driverClassName="com.mysql.jdbc.Driver" p:url="jdbc:mysql://localhost:3306/solveexample?autoReconnect=true"
p:username="root" p:password="root"/>
<bean id="jdbcUserService" class="com.quantobit.filtro.FiltroUserDetailsService">
<property name="dataSource" ref="seguridadDataSource" />
</bean>
thanks!
Athentication & Authorization in 3 steps
