package flint.forms
import flint.forms.ActiveDirectoryConfig
import flint.forms.Static
import flint.forms.Tenant
import flint.forms.User
import grails.gorm.multitenancy.Tenants
import org.apache.http.config.ConnectionConfig
import org.springframework.ldap.NamingException
import org.springframework.ldap.core.AttributesMapper
import org.springframework.ldap.core.DirContextOperations
import org.springframework.ldap.core.LdapTemplate
import org.springframework.ldap.core.support.LdapContextSource
import org.springframework.ldap.filter.AndFilter
import org.springframework.ldap.filter.EqualsFilter
import org.springframework.ldap.filter.Filter
import org.springframework.ldap.query.LdapQueryBuilder
import org.springframework.security.authentication.AuthenticationProvider
import org.springframework.security.authentication.BadCredentialsException
import org.springframework.security.authentication.InternalAuthenticationServiceException
import org.springframework.security.authentication.LockedException
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
import org.springframework.security.core.Authentication
import org.springframework.security.core.AuthenticationException
import org.springframework.security.core.GrantedAuthority
import org.springframework.security.core.authority.SimpleGrantedAuthority
import org.springframework.security.core.context.SecurityContextHolder
import org.springframework.security.core.userdetails.UserDetails
import org.springframework.security.core.userdetails.UsernameNotFoundException
import org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
import org.springframework.security.ldap.authentication.BindAuthenticator
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider
import org.springframework.security.ldap.authentication.LdapAuthenticator
import org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator
import org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator
import org.springframework.security.ldap.ppolicy.PasswordPolicyException
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator
import flint.forms.MyUserDetailsContextMapper
import org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator
import org.xml.sax.Attributes
import static grails.gorm.multitenancy.Tenants.withId
class CustomLdapAuthProvider extends AbstractLdapAuthenticationProvider{
static LdapContextSource ldapContextSource1
static def groupSearchBase
@java.lang.Override
protected DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken auth) {
List<ActiveDirectoryConfig> activeDirectoryConfigList = getAllActiveDirectories()
System.out.println("------------"+activeDirectoryConfigList)
def userData
for(ActiveDirectoryConfig activeDirectory in activeDirectoryConfigList) {
System.out.println("-------------------------------------" + activeDirectory.port)
String url = "ldap://"+activeDirectory.server+":"+activeDirectory.port
ldapContextSource1 = new LdapContextSource();
ldapContextSource1.setUrl(url);
ldapContextSource1.setUserDn(activeDirectory.managerDn);
ldapContextSource1.setPassword(activeDirectory.managerPassword);
/*DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator =
new DefaultLdapAuthoritiesPopulator(ldapContextSource, activeDirectory.groupSearchBase);*/
BindAuthenticator authenticator = new BindAuthenticator(ldapContextSource1);
authenticator.setUserSearch(new FilterBasedLdapUserSearch(activeDirectory.searchBase,activeDirectory.searchFilter,ldapContextSource1))
// LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator,defaultLdapAuthoritiesPopulator)
try {
ldapContextSource1.afterPropertiesSet();
userData = authenticator.authenticate(auth);
groupSearchBase = activeDirectory.groupSearchBase
System.out.println("-------------------------------------" + userData)
return userData
} catch (BadCredentialsException e) {
logger.debug("auth failed : BadCredentialsException(" + auth.principal + ")");
throw e;
} catch (Exception e) {
logger.error("auth failed for unexpected exception: " + e.getMessage());
return null;
}
}
}
@java.lang.Override
protected java.util.Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations userData, java.lang.String username, java.lang.String password) {
System.out.println("-========================"+userData.attributes+"username"+username+"passwod"+password)
List<GrantedAuthority> userPermission = new ArrayList<>();
userPermission = new DefaultLdapAuthoritiesPopulator(ldapContextSource1,groupSearchBase).getGrantedAuthorities(userData,username)
def myNewUser = new flint.forms.MyUserDetailsContextMapper().mapUserFromContext(userData,username,userPermission);
System.out.println(userPermission)
return userPermission
}
def getAllActiveDirectories(){
List<ActiveDirectoryConfig> activeDirectoryConfigList
//Find current tenant
String currentTenantId = Tenants.currentId()
//Find current tenant details
Tenant tenant = withId(Static.FIELDS.PRIMARY_SCHEMA) { Tenant.findByDomain(currentTenantId) }
//Find all Active directory config of current tenant
withId(currentTenantId) {
activeDirectoryConfigList = ActiveDirectoryConfig.findAllByTenantId(
tenant.id)
}
return activeDirectoryConfigList
}
}