Category Archives: Coding

Using Active Directory for authentication in Spring with custom permissions (roles)

Recently at work, I had to work on setting up a Spring application to do Active Directory authentication and use our internal permissions service. After much googling and playing around I finally figured out how to get it all working. I suspect this may not be the best way to do this, but it works.

Set this up in your config XML

1
2
3
4
5
6
7
8
9
10
<!-- Connect to AD -->
<bean id="activeDirectoryAuthenticationProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<constructor -arg value="YOURDOMAIN"></constructor>
<constructor -arg value="ldap://YOURSERVER"></constructor>
<property name="userDetailsContextMapper" ref="customDetailsMapper"></property>
<property name="convertSubErrorCodesToExceptions" value="true"></property>
</bean>
 
<!-- add in your permissions -->
<bean id="customDetailsMapper" class="Full path to CustomDetailsMapper class"></bean>

Now, the CustomDetailsMapper

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package mypackage;
 
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
 
import org.apache.log4j.Logger;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
 
public class CustomUserDetailsMapper extends LdapUserDetailsMapper {
 
    protected static Logger logger = Logger.getLogger("CustomUserDetailsMapper");
    private static final Collection<string> DEFAULT_PERMS = Arrays.asList("login");
 
 
    @Override
    public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection< ? extends GrantedAuthority> authorities) {
        /**
         * at this point, the user has permissions based on groups in LDAP/AD. If
         * we used AD for permissions, this would be sufficient, but we want permissions
         * from elsewhere so we need to modify the permissions/authorities
         */
        logger.info(" old authorities: "+authorities);
        UserDetails user = super.mapUserFromContext( ctx, username, getPermissions(username));
        logger.info(" adjusted user: "+user);
 
        return user;
    }
 
    /**
     * gets permissions
     *
     * @param username the username to get permissions for
     * @return a Set of permissions for the user
     */
    private Set<grantedauthority> getPermissions(String username) {
        Set</grantedauthority><grantedauthority> permissions = new HashSet</grantedauthority><grantedauthority>();
 
        /**
         * get your permissions here - however you need to
         * then convert them to SimpleGrantedAuthority
         */
 
        for (String perm : permissionsFromOtherSource) {
            permissions.add(new SimpleGrantedAuthority(perm));
        }
        return permissions;
    }
}
</grantedauthority></string>

NOTE: the blog’s java code formatter is messing this code up a bit (specifically the GrantedAuthority parts), but you should be able to get the gist of it. Basically, after the user is filled out from AD, we get a handle to it and we change the permissions on it.

New side project

I had an idea for a website over the Christmas holiday, took a few hours over a few days and got some proof of concept code up and running. I bought a domain for it, and am now making it robust to handle some traffic. Today I played around with MongoDB and got it up and running and it works great. I’ll be hosting it on OpenShift (for now anyway). I’m hoping to launch the site later this month.

In the meantime, if you use Goodreads and Overdrive, let me know if you want to be a beta tester.

Using ant to exec mysql .sql files via a fileset

In trying to automate our DB development, we decided to use ant and Jenkins to run our SQL scripts for a deploy. We had a hard time getting ant to work and after much trial and error (and cussing and fussing) we finally got it to work. The key really was the addsourcefile=”false” attribute and the redirector. Since mysql can run sql from a file using redirection (< ) you have to use a redirector (which is poorly documented).

The ant apply task can apply an executable to every file in a fileset, so this will use the mysql executable to exec every *.sql file it finds.
Continue reading

Unit testing JavaBeans

I always just pretty much skipped unit testing JavaBeans since the work involved didn’t seem worth it. Today though, I was troubled by the lack of coverage on the Javabeans in our Emma code coverage reports so I googled and found this bit of unit testing brilliance: Unit Testing Javabeans. It’s a simple class that uses introspection to test the bean and works great!