Facing issue in custom login using Grails, Spring Security, LDAP (AD) user

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Facing issue in custom login using Grails, Spring Security, LDAP (AD) user

Gaurav Kothawade
Hi 

I am able to logged in using  LDAP user account credentials, but getting following error:

Class
org.codehaus.groovy.runtime.powerassert.PowerAssertionError
Message
null
Caused by
assert principal instanceof GrailsUser | | | false org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@997fcdf4: Dn: cn=Gaurav Kothwade,cn=Users,dc=infiverve,dc=com; Username: gaurav123; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_FLINT_USER, ROLE_FLINT_ADMIN, ROLE_DOMAIN ADMINS, ROLE_DOMAIN CONTROLLERS



Here is my custom class please help.

thanks in advance.

package flint.forms
import flint.forms.ActiveDirectoryConfig
import flint.forms.Static
import flint.forms.Tenant
import flint.forms.User
import grails.gorm.multitenancy.Tenants
import org.apache.http.config.ConnectionConfig
import org.springframework.ldap.NamingException
import org.springframework.ldap.core.AttributesMapper
import org.springframework.ldap.core.DirContextOperations
import org.springframework.ldap.core.LdapTemplate
import org.springframework.ldap.core.support.LdapContextSource
import org.springframework.ldap.filter.AndFilter
import org.springframework.ldap.filter.EqualsFilter
import org.springframework.ldap.filter.Filter
import org.springframework.ldap.query.LdapQueryBuilder
import org.springframework.security.authentication.AuthenticationProvider
import org.springframework.security.authentication.BadCredentialsException
import org.springframework.security.authentication.InternalAuthenticationServiceException
import org.springframework.security.authentication.LockedException
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
import org.springframework.security.core.Authentication
import org.springframework.security.core.AuthenticationException
import org.springframework.security.core.GrantedAuthority
import org.springframework.security.core.authority.SimpleGrantedAuthority
import org.springframework.security.core.context.SecurityContextHolder
import org.springframework.security.core.userdetails.UserDetails
import org.springframework.security.core.userdetails.UsernameNotFoundException
import org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
import org.springframework.security.ldap.authentication.BindAuthenticator
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider
import org.springframework.security.ldap.authentication.LdapAuthenticator
import org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator
import org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator
import org.springframework.security.ldap.ppolicy.PasswordPolicyException
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator
import flint.forms.MyUserDetailsContextMapper
import org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator
import org.xml.sax.Attributes

import static grails.gorm.multitenancy.Tenants.withId


class CustomLdapAuthProvider extends  AbstractLdapAuthenticationProvider{


    static LdapContextSource ldapContextSource1
    static def groupSearchBase

    @java.lang.Override
    protected DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken auth) {

        

        List<ActiveDirectoryConfig> activeDirectoryConfigList = getAllActiveDirectories()

        System.out.println("------------"+activeDirectoryConfigList)

        def userData

        for(ActiveDirectoryConfig activeDirectory in activeDirectoryConfigList) {

           System.out.println("-------------------------------------" + activeDirectory.port)


           String url = "ldap://"+activeDirectory.server+":"+activeDirectory.port

            ldapContextSource1 = new LdapContextSource();
            ldapContextSource1.setUrl(url);
            ldapContextSource1.setUserDn(activeDirectory.managerDn);
            ldapContextSource1.setPassword(activeDirectory.managerPassword);

            /*DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator =
                    new DefaultLdapAuthoritiesPopulator(ldapContextSource, activeDirectory.groupSearchBase);*/

            BindAuthenticator authenticator = new BindAuthenticator(ldapContextSource1);
            authenticator.setUserSearch(new FilterBasedLdapUserSearch(activeDirectory.searchBase,activeDirectory.searchFilter,ldapContextSource1))


           // LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator,defaultLdapAuthoritiesPopulator)

            try {
                ldapContextSource1.afterPropertiesSet();

                userData = authenticator.authenticate(auth);

                
                groupSearchBase = activeDirectory.groupSearchBase

                System.out.println("-------------------------------------" + userData)

                return userData

            } catch (BadCredentialsException e) {
                logger.debug("auth failed : BadCredentialsException(" + auth.principal + ")");
                throw e;
            } catch (Exception e) {
                logger.error("auth failed for unexpected exception: " + e.getMessage());
                return null;
            }





        }

    }

    @java.lang.Override
    protected java.util.Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations userData, java.lang.String username, java.lang.String password) {
        System.out.println("-========================"+userData.attributes+"username"+username+"passwod"+password)

            List<GrantedAuthority> userPermission = new ArrayList<>();

            userPermission = new DefaultLdapAuthoritiesPopulator(ldapContextSource1,groupSearchBase).getGrantedAuthorities(userData,username)

      
           def  myNewUser = new flint.forms.MyUserDetailsContextMapper().mapUserFromContext(userData,username,userPermission);

            System.out.println(userPermission)

            return userPermission

    }

    def getAllActiveDirectories(){

        List<ActiveDirectoryConfig> activeDirectoryConfigList

        //Find current tenant
        String currentTenantId = Tenants.currentId()

        //Find current tenant details
        Tenant tenant = withId(Static.FIELDS.PRIMARY_SCHEMA) { Tenant.findByDomain(currentTenantId) }


        System.out.println("------------"+tenant.id)

        //Find all Active directory config of current tenant
        withId(currentTenantId) {
            activeDirectoryConfigList = ActiveDirectoryConfig.findAllByTenantId(tenant.id)
        }

        return activeDirectoryConfigList


    }


}

--
You received this message because you are subscribed to the Google Groups "Grails Dev Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/grails-dev-discuss/6a1d0b9b-d49f-44b9-b812-f48012f94675%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...