Sunday, 3 August 2014

Spring Security with Google, Open-id and LDAP

In this tutorial you will Learn how to integrate Spring security with Gmail, OpenId or Ldap based authentication.

Technologies used :
  1. Spring 3.2.8.RELEASE
  2. Spring Security 3.2.3.RELEASE
  3. JDK 1.7
  4. Maven 3
  5. OpenLDap or Apache DS
For using this tutorial it is assumed that the user alraedy have Google account ,OpenId account and set up LDAP (using Open-LDAP or Apache DS).

Directory Structure

 Spring Security Configuration
Defined your custom login form in Spring XML file. See explanation below :
  1. login-page=”/login” – The page to display the custom login form
  2. authentication-failure-url=”/login?error” – If authentication failed, forward to page /login?error
  3. logout-success-url=”/login?logout” – If logout successful, forward to view /logout
  4. username-parameter=”username” – The name of the request which contains the “username”. In HTML, this is the name of the input text.
  5. <csrf/> – Enable the Cross Site Request Forgery (CSRF) protection,, by default, CSRF protection is disabled.Also you need to add _csrf.token in login.jsp form.
Normally, we don’t involve in the authentication like login or logout processing, let Spring handle it, we just handle the successful or failed page to display.
<http auto-config="true">
<intercept-url pattern="/admin**" access="ROLE_USER" />
<form-login 
    login-page="/login" 
    default-target-url="/welcome" 
    authentication-failure-url="/login?error" 
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout"  />
<!--OpenId Login-->
<openid-login />
<!-- enable csrf protection -->
<csrf/>
</http>
<!-- For Google Based Authentication -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="https://www.google.com/accounts/o8/id?id=AItOawnvPl3Y3exYxxvh8B4b19fPKmFn7dTkxn4" password="" authorities="ROLE_USER,ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>

<!-- For OpenID (MYOpenId) Based Authentication
<authentication-manager>
<authentication-provider>
<user-service>
<user name="http://kuntal29.myopenid.com/" password="" authorities="ROLE_USER, ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager> -->

<!-- For Basic Hardcoded Authentication
<authentication-manager>
<authentication-provider>
<user-service>
<user name="kuntal" password="ganguly" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>-->

<!-- For Basic LDAP(Open Ldap) based Authentication
<ldap-server url="ldap://kuntal.example.org:389/dc=kuntal,dc=example,dc=org"/>
<authentication-manager>
<ldap-authentication-provider  
   user-search-filter="(uid={0})" user-search-base="ou=groups"
        role-prefix="ROLE_USER">
</ldap-authentication-provider>
</authentication-manager>-->

Spring MVC Controller

A simple controller.
HelloController.java

@Controller
public class HelloController {
@RequestMapping(value = { "/", "/welcome**" }, method = RequestMethod.GET)
public ModelAndView welcomePage() {
ModelAndView model = new ModelAndView();
model.addObject("title", "Spring Security");
model.addObject("message", "This is a welcome page!");
model.setViewName("hello");
return model;
}
@RequestMapping(value = "/admin**", method = RequestMethod.GET)
public ModelAndView adminPage() {
ModelAndView model = new ModelAndView();
model.addObject("title", "Spring Security Login Form");
model.addObject("message", "This is protected page for Admin Only!");
model.setViewName("admin");
return model;
}
@RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView login(@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout) {
ModelAndView model = new ModelAndView();
if (error != null) {
model.addObject("error", "Invalid username and password!");
}
if (logout != null) {
model.addObject("msg", "You've been logged out successfully.");
}
model.setViewName("login");
return model;
}

Login Form


<html>
<head>
<title>Login Page</title>
<style>
table,th,td
{
border:1px solid black;
}
</style>
</head>
<body onload='document.loginForm.username.focus();'>

<h1>Spring Security Login Form</h1>

<div id="login-box">

<h3>Login with Username and Password</h3>

<c:if test="${not empty error}">
<div class="error">${error}</div>
</c:if>
<c:if test="${not empty msg}">
<div class="msg">${msg}</div>
</c:if>


<!-- For Basic or LDAP based authentication use action url value = /j_spring_security_check . And for
     For openId based authentication use action url value = /j_spring_openid_security_check -->

<form name='loginForm'
action="<c:url value='/j_spring_openid_security_check' />" method='POST'>

<!-- Basic or LDAP based authentication with username & password-->
<table bgcolor="#00FF00">
<tr>
<td>Username:</td>
<td><input type='text' name='username'></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password'/></td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit" value="Login" /></td>
</tr>
</table><br>

<!-- Google/Gmail based authentication -->
<table bgcolor="#00AD00">
<tr>
<td>Google Login:</td>
<td><input type='hidden' name='openid_identifier' value='https://www.google.com/accounts/o8/id'></td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"value="Login" />
</td>
</tr>
</table>
<br>

<!-- MyOpenId based authentication -->
<table bgcolor="#00CF00">
<tr>
<td>OpenID Login:</td>
<td><input type='hidden' name='openid_identifier' value='http://kuntal29.myopenid.com/'>
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit" value="Login" />
</td>
</tr>
</table>

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />

</form>
</div>
</body>
</html>

Note: For open authentication as shown in this tutorial,spring internally uses openid4java.

Demo

Welcome Page:  http://localhost:8080/spring-security/welcome


Now try to access admin page /admin:  http://localhost:8080/spring-security/admin
It will redirect to log in page as shown



Now if you select Google log in,it will take you to the Google authentication page:



On successful authentication you will be see admin page:


Download the tutorial codebase
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)