How to use Spring Security CustomAuthenticationProvider

 

SecurityConfiguration

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Autowired
@Qualifier(“customUserDetailsService”)
UserDetailsService userDetailsService;

@Autowired
PersistentTokenRepository tokenRepository;

@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
auth.authenticationProvider(customAuthenticationProvider());

}

@Override
protected void configure(HttpSecurity http) throws Exception {

http.anonymous().disable()
.authorizeRequests().antMatchers(“/”)
.access(“hasRole(‘USER’)”)

.antMatchers(“/newSecurity” )
.access(“hasRole(‘SECURITY GUARD’)”)

.antMatchers(“/edit-user-*”,”/usersList” ,”/userProfilesList”)
.access(“hasRole(‘ADMIN’)”)

.antMatchers(“/download-document-*”, “/delete-request-*”,”/edit-request-*” )
.access(“hasRole(‘USER’)”)

.and().formLogin().loginPage(“/login”)
.loginProcessingUrl(“/login”).usernameParameter(“ssoId”).passwordParameter(“password”).and()
.rememberMe().rememberMeParameter(“remember-me”).tokenRepository(tokenRepository)
.tokenValiditySeconds(18400).and().csrf().and().exceptionHandling().accessDeniedPage(“/Access_Denied”);
}

@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}

@Bean
public CustomAuthenticationProvider customAuthenticationProvider() {
CustomAuthenticationProvider customAuthenticationProvider = new CustomAuthenticationProvider();

return customAuthenticationProvider;
}

@Bean
public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices() {
PersistentTokenBasedRememberMeServices tokenBasedservice = new PersistentTokenBasedRememberMeServices(
“remember-me”, userDetailsService, tokenRepository);
return tokenBasedservice;
}

@Bean
public AuthenticationTrustResolver getAuthenticationTrustResolver() {
return new AuthenticationTrustResolverImpl();
}

}

---

CustomUserDetailsService

import java.util.ArrayList;
import java.util.List;

import com.abc.dcim.common.Utils;
import com.abc.dcim.controller.AppController;
import com.abc.dcim.model.AppUser;
import com.abc.dcim.model.UserProfile;
import com.abc.dcim.service.UserService;
import com.abc.dcim.uiinterfaces.LoginDetailsUi;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service(“customUserDetailsService”)
public class CustomUserDetailsService implements UserDetailsService,LoginDetailsUi{

static final Logger logger = LoggerFactory.getLogger(CustomUserDetailsService.class);

@Autowired
private UserService userService;

private String pwd;

private boolean ldapStatus=false;

@Transactional(readOnly=true)
public UserDetails loadUserByUsername(String ssoId)
throws UsernameNotFoundException {

if(ldapStatus){
logger.info(“User not found in AD”);
throw new UsernameNotFoundException(“Username not found”);
}

if(ssoId.split(“:”).length>0){
ssoId = ssoId.split(“:”)[1];
}

AppUser user = userService.findBySSO(ssoId);
logger.info(“User : {}”, user);
if(user==null){
logger.info(“User not found”);
throw new UsernameNotFoundException(“Username not found”);
}
return new org.springframework.security.core.userdetails.User(user.getSsoId(), pwd,getGrantedAuthorities(user));

}

private List<GrantedAuthority> getGrantedAuthorities(AppUser user){
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

for(UserProfile userProfile : user.getUserProfiles()){
logger.info(“UserProfile : {}”, userProfile);
authorities.add(new SimpleGrantedAuthority(“ROLE_”+userProfile.getName()));
}
logger.info(“authorities : {}”, authorities);
return authorities;
}

@Override
public String getUserEnteredPassword(String pwd) {
this.pwd=pwd;
return this.pwd;
}

@Override
public boolean getAuthenticationFromLDAP(boolean status) {
// TODO Auto-generated method stub
this.ldapStatus =status;
return ldapStatus;
}

}

---

LoginDetailsUi

public interface LoginDetailsUi {

String getUserEnteredPassword(String pwd);

boolean getAuthenticationFromLDAP(boolean status);

}

---

CustomAuthenticationProvider

import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

import com.abc.dcim.common.Utils;
import com.abc.dcim.uiinterfaces.LoginDetailsUi;

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

public static final String CONTEXT_FACTORY= “com.sun.jndi.ldap.LdapCtxFactory”;

public static final String ACTIVE_D_URL= “ldap://10.100.100.100:389″;

//functional IDDCIMAD
public static final String USERNAME =”tharakadinesh@abc.com”;

//encrypted functional ID PSWD
public static final String PASSWORD =”da38ZfYL/r7i/U3ggU93gw==”;

@Autowired
private UserService userService;

@Autowired
private SupportStaffService supportStaffService;

@Autowired
private LoginDetailsUi CustomUserDetailsService;

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {

String name = authentication.getName().split(“:”)[1];

if(authentication.getCredentials()!=null){
String password = authentication.getCredentials().toString();//user enters passwd
CustomUserDetailsService.getUserEnteredPassword(password);

    if (authenticateAgainstThirdPartySystem(name,password,authentication.getName().split(“:”)[0])) {
// use the credentials
// and authenticate against the third-party system
return null;
} else {

return null;
}

}
return null;
}

private boolean authenticateAgainstThirdPartySystem(String ssoId, String pwd, String reg) {
// TODO Auto-generated method stub
ssoId = ssoId+”@abc.com”;

LdapContext ldapPer = getLdapContext(ssoId,pwd,reg);

return getUserBasicAttributes(Utils.findUserName(ssoId), pwd,reg, ldapPer);
}

@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}

public boolean getUserBasicAttributes(String username,String password, String reg, LdapContext ctx) {
try {

if(ctx==null){
//error msg for login
CustomUserDetailsService.getAuthenticationFromLDAP(true);
}else{
CustomUserDetailsService.getAuthenticationFromLDAP(false);
}

SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);

String[] attrIDs = { “distinguishedName”, “sn”, “givenname”, “mail”, “telephonenumber”, “memberOf”, “CN”,”department” };
constraints.setReturningAttributes(attrIDs);

NamingEnumeration<?> answer = ctx.search(“DC=”+reg+”,DC=1bank,DC=abc,DC=com”,
“sAMAccountName=” + username, constraints);

    if (answer.hasMore()) {

Attributes attrs = ((SearchResult) answer.next()).getAttributes();

System.out.println(“distinguishedName ” + attrs.get(“distinguishedName”));
System.out.println(“givenname ” + attrs.get(“givenname”));
System.out.println(“sn ” + attrs.get(“sn”));
System.out.println(“mail ” + attrs.get(“mail”));
System.out.println(“memberof ” + attrs.get(“memberof”));

String emailId =attrs.get(“mail”).get().toString();
String dep =attrs.get(“department”)==null?””:attrs.get(“department”).get().toString();
String contact =attrs.get(“telephonenumber”)==null?””:attrs.get(“telephonenumber”).get().toString();

return true;
} else {
CustomUserDetailsService.getAuthenticationFromLDAP(true);
throw new Exception(“Invalid User”);
}

} catch (Exception ex) {
CustomUserDetailsService.getAuthenticationFromLDAP(true);
ex.printStackTrace();
}
return false;
}

public LdapContext getLdapContext(String userName,String password,String reg) {
LdapContext ctx = null;

try {
Hashtable<String, String> env = new Hashtable<String, String>();

env.put(Context.INITIAL_CONTEXT_FACTORY, CONTEXT_FACTORY);
env.put(Context.SECURITY_AUTHENTICATION, “Simple”);
env.put(Context.SECURITY_PRINCIPAL, userName);
env.put(Context.SECURITY_CREDENTIALS, password);
env.put(Context.SECURITY_PROTOCOL, “TLSv1.2”);
env.put(Context.PROVIDER_URL, ACTIVE_D_URL);
ctx = new InitialLdapContext(env, null);

         System.out.println(“Connection Successful”);

} catch (NamingException nex) {
System.out.println(“LDAP Connection: FAILED”);
nex.printStackTrace();
}catch (Exception e) {
e.printStackTrace();
}

return ctx;
}

public static String getPassword(){

try {
Utils utils = new Utils();
return utils.decrypt(PASSWORD);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return null;
}

public String checkNull(Attribute attribute) throws NamingException{

if(attribute==null){
return “”;
}else{
return attribute.get().toString();
}
}

}