added ldap support

2018-11-19 17:48:34 +01:00
parent ed0892b1dc
commit c822b30ca0
3 changed files with 83 additions and 56 deletions
--- a/account-ui/src/main/filters/development.properties
+++ b/account-ui/src/main/filters/development.properties
@ -1 +1,7 @@
 jsf.projectStage=Development
+
+shiro.contextFactory = # not defined
+shiro.passwordMatcher= passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher${line.separator}passwordMatcher.passwordService = $passwordService
+shiro.ldapRealm = # not defined
+shiro.authcStrategy  = org.apache.shiro.authc.pam.AllSuccessfulStrategy
+shiro.realms = $jdbcRealm
--- a/account-ui/src/main/filters/production.properties
+++ b/account-ui/src/main/filters/production.properties
@ -1 +1,16 @@
 jsf.projectStage=Production
+
+ldap.url = ldaps://your.domain.com
+ldap.user = user
+ldap.password = secret
+ldap.suffix = @your.domain.com
+ldap.fallbackSuffix = @your.domain2
+ldap.searchBase = dc=com,dc=domain,dc.your
+ldap.searchFilter = (&(objectClass=*)(mail={0}))
+
+## NO CHANGES BEHIND THIS LINE REQUIRED
+shiro.contextFactory = contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory${line.separator}contextFactory.url = ${ldap.url}${line.separator}contextFactory.systemUsername = ${ldap.user}${line.separator}contextFactory.systemPassword = ${ldap.password}${line.separator}contextFactory.environment[java.naming.security.protocol] = ssl
+shiro.passwordMatcher= passwordMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
+shiro.ldapRealm = ldapRealm = de.muehlencord.shared.account.util.UserNameActiveDirectoryRealm${line.separator}ldapRealm.principalSuffix = ${ldap.suffix}${line.separator}ldapRealm.fallbackPrincipalSuffix = ${ldap.fallbackSuffix}${line.separator}ldapRealm.ldapContextFactory = $contextFactory${line.separator}ldapRealm.searchBase = ${ldap.searchBase}${line.separator}ldapRealm.searchFilter = ${ldap.searchFilter}${line.separator}ldapRealm.permissionsLookupEnabled=false
+shiro.authcStrategy  = org.apache.shiro.authc.pam.AllSuccessfulStrategy
+shiro.realms=$jdbcRealm,$ldapRealm
--- a/account-ui/src/main/webapp/WEB-INF/shiro.ini
+++ b/account-ui/src/main/webapp/WEB-INF/shiro.ini
@ -1,4 +1,8 @@
 [main]
+
+# Context factory required for LDAP
+${shiro.contextFactory}
+
 cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
 securityManager.cacheManager = $cacheManager

@ -18,8 +22,10 @@ passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
 passwordService.hashService = $hashService

 # Required password matcher
-passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
-passwordMatcher.passwordService = $passwordService
+${shiro.passwordMatcher}
+
+# LDAP Realm setup
+${shiro.ldapRealm}

 # JDBC Realm setup
 jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
@ -31,8 +37,8 @@ jdbcRealm.credentialsMatcher = $passwordMatcher
 jdbcRealm.dataSource = $datasource

 # Activate realms
-authcStrategy  = org.apache.shiro.authc.pam.AllSuccessfulStrategy
-securityManager.realms = $jdbcRealm
+authcStrategy  = ${shiro.authcStrategy}
+securityManager.realms = ${shiro.realms}
 securityManager.authenticator.authenticationStrategy = $authcStrategy

 # Setup authentication filter