Index: mediator-service/branches/DS-801_JSON_Login/grails-app/conf/spring/resources.groovy =================================================================== diff -u -r8645 -r8650 --- mediator-service/branches/DS-801_JSON_Login/grails-app/conf/spring/resources.groovy (.../resources.groovy) (revision 8645) +++ mediator-service/branches/DS-801_JSON_Login/grails-app/conf/spring/resources.groovy (.../resources.groovy) (revision 8650) @@ -1,11 +1,9 @@ -import com.lemans.LemansLoggingFilter +import com.lemanscorp.security.LemansDaoAuthenticationProvider +import com.lemanscorp.security.LemansUsernamePasswordAuthenticationFilter import grails.plugin.springsecurity.SpringSecurityUtils import grails.util.GrailsUtil - import com.lemans.LemansLoggingFilter - import java.util.concurrent.Executors - import org.codehaus.groovy.grails.web.mapping.UrlMappingsHolderFactoryBean import org.springframework.aop.framework.ProxyFactoryBean import org.springframework.aop.target.HotSwappableTargetSource @@ -18,7 +16,6 @@ import org.springframework.security.authentication.DefaultAuthenticationEventPublisher import org.springframework.security.authentication.ProviderManager import org.springframework.security.authentication.RememberMeAuthenticationProvider -import org.springframework.security.authentication.dao.DaoAuthenticationProvider import org.springframework.security.authentication.encoding.ShaPasswordEncoder import org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider import org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint @@ -32,11 +29,9 @@ import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler import org.springframework.security.web.access.expression.WebExpressionVoter import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter import org.springframework.security.web.context.HttpSessionSecurityContextRepository import org.springframework.security.web.context.SecurityContextPersistenceFilter - import com.lemanscorp.LemansInetOrgPersonContextMapper import com.lemanscorp.MediationUserDetailsService import com.lemanscorp.mediation.LemansAuthenticationEntryPoint @@ -52,41 +47,41 @@ // Place your Spring DSL code here beans = { - - - + + + sql(groovy.sql.Sql,ref('dataSource')) - + pingExecutorService(Executors, 20) { bean -> bean.factoryMethod = "newFixedThreadPool" } - + userDetailsService(MediationUserDetailsService) - + conf = SpringSecurityUtils.securityConfig - + roleHierarchy(RoleHierarchyImpl) { hierarchy = '' } webExpressionHandler(DefaultWebSecurityExpressionHandler) { roleHierarchy = ref('roleHierarchy') } - + //This is added so that normal login load by user name should check for LemansCorp dealer to decide the auth provider. rememberMeServices (LemansTokenBasedRememberMeServices) { key = "lemans-secrete-key" parameter = "rememberMe" cookieName = "loginToken" - userDetailsService = ref("userDetailsService") + userDetailsService = ref("userDetailsService") alwaysRemember = false secrtekeyHelperService = ref('secrtekeyHelperService') } - - - + + + passwordEncoder(ShaPasswordEncoder) {} - - formProcessingFilter(UsernamePasswordAuthenticationFilter) { + + formProcessingFilter(LemansUsernamePasswordAuthenticationFilter) { authenticationManager = ref("authenticationManager") authenticationFailureHandler = ref("authenticationFailureHandler") filterProcessesUrl = "/login" @@ -95,84 +90,84 @@ allowSessionCreation = false usernameParameter = "userName" passwordParameter = "password" - - + + } - + rememberMeFilter (RememberMeAuthenticationFilter) { rememberMeServices = ref('rememberMeServices') authenticationManager = ref('authenticationManager') } lemansLoggingFilter(LemansLoggingFilter) { } - - externalAuthenticationProvider(DaoAuthenticationProvider) { - userDetailsService = ref('mediationUserDetailsService') + + lemansExternalAuthenticationProvider(LemansDaoAuthenticationProvider) { + userDetailsService = ref('userDetailsService') passwordEncoder = ref('passwordEncoder') } - - authenticationSuccessHandler(LemansSimpleUrlAuthenticationSuccessHandler){} - + + authenticationSuccessHandler(LemansSimpleUrlAuthenticationSuccessHandler){} + authenticationFailureHandler(LemansSimpleUrlAuthenticationFailureHandler){} - + loginHelperService(LoginHelperService) {} accessDeniedHandler(AccessDeniedHandlerImpl){} - + defaultAuthEventPublisher(DefaultAuthenticationEventPublisher) - + roleVoter(RoleVoter){ rolePrefix = '' } - + webExpressionVoter(WebExpressionVoter) { } - + authenticatedVoter(AuthenticatedVoter) { - + } jsr250Vote(Jsr250Voter) {} - + expressionVoter(WebExpressionVoter){} - + accessDecisionManager(AffirmativeBased) { allowIfAllAbstainDecisions = false decisionVoters = [ref('authenticatedVoter'), ref('roleVoter'), ref('webExpressionVoter')] } - + securityContextPersistenceFilter(SecurityContextPersistenceFilter) { securityContextRepository = ref('securityContextRepository') } - + //make the authentication stateless securityContextRepository(HttpSessionSecurityContextRepository) { allowSessionCreation= false //disableUrlRewriting = true } - + rememberMeAuthenticationProvider(RememberMeAuthenticationProvider) { key = 'lemans-secrete-key' } - + lemansAuthenticationEntryPoint(LemansAuthenticationEntryPoint) { realmName = 'Lemans Service Entry Point' } loginUrlAuthenticationEntryPoint(LoginUrlAuthenticationEntryPoint) { loginFormUrl = '/loginPage' } - - + + exceptionTranslationFilter(ExceptionTranslationFilter) { authenticationEntryPoint = ref('lemansAuthenticationEntryPoint') //authenticationEntryPoint = ref('delegatingAuthenticationEntryPoint') accessDeniedHandler = ref('accessDeniedHandler') - + } - + lemansInetOrgPersonContextMapper(LemansInetOrgPersonContextMapper) {} - - + + spnegoAuthenticationProcessingFilter(LemansSpnegoAuthenticationProcessingFilter) { authenticationManager = ref('authenticationManager') // successHandler = ref('authenticationSuccessHandler') @@ -183,31 +178,31 @@ rememberMeServices= ref('rememberMeServices') authenticationManager = ref('authenticationManager') } - + spnegoEntryPoint(SpnegoEntryPoint) {} - - + + //LDAP - + contextSource(LdapContextSource) { urls = ["ldap://dc1.lemanscorp.com/dc=lemanscorp,dc=com", "ldap://dc2.lemanscorp.com/dc=lemanscorp,dc=com"] userDn = 'cn=ldapsearch,cn=Users,dc=lemanscorp,dc=com' password = 'search!' baseEnvironmentProperties = ['java.naming.referral':'follow', 'com.sun.jndi.ldap.read.timeout': '0'] pooled = false } - + /* contextSource(PoolingContextSource) { contextSource = ref('contextSourceTarget') testWhileIdle = true testOnReturn = true - + } - + contextSourceTarget (LdapContextSource){ - + url = 'ldap://dc1.lemanscorp.com/dc=lemanscorp,dc=com' userDn = 'cn=ldapsearch,cn=Users,dc=lemanscorp,dc=com' password = 'search!' @@ -219,109 +214,109 @@ userSearch(FilterBasedLdapUserSearch, "", "(userPrincipalName={0})", contextSource) { searchSubtree = true } - - + + bindAuthenticator (BindAuthenticator, contextSource) { userSearch = ref('userSearch') } - + ldapAuthoritiesPopulator(DefaultLdapAuthoritiesPopulator, contextSource, "") { searchSubtree = true ignorePartialResultException = true rolePrefix = '' } - + ldapUserDetailsService(LdapUserDetailsService, userSearch) { //do not need , ldapAuthoritiesPopulator as DB has all roles from AD. userDetailsMapper = ref('lemansInetOrgPersonContextMapper') - + } - + //Use this to merge the roles from AD and jdbc userDetailsServiceLdapAuthoritiesPopulator(UserDetailsServiceLdapAuthoritiesPopulator, userDetailsService) { } - - - "org.grails.internal.URL_MAPPINGS_HOLDER"(UrlMappingsHolderFactoryBean) { bean -> - bean.lazyInit = true - } - - urlMappingsTargetSource(HotSwappableTargetSource, ref("org.grails.internal.URL_MAPPINGS_HOLDER")) { bean -> - bean.lazyInit = true - } - - grailsUrlMappingsHolder(ProxyFactoryBean) { bean -> - bean.lazyInit = true - targetSource = urlMappingsTargetSource - proxyInterfaces = [org.codehaus.groovy.grails.web.mapping.UrlMappings] - } - + + + "org.grails.internal.URL_MAPPINGS_HOLDER"(UrlMappingsHolderFactoryBean) { bean -> + bean.lazyInit = true + } + + urlMappingsTargetSource(HotSwappableTargetSource, ref("org.grails.internal.URL_MAPPINGS_HOLDER")) { bean -> + bean.lazyInit = true + } + + grailsUrlMappingsHolder(ProxyFactoryBean) { bean -> + bean.lazyInit = true + targetSource = urlMappingsTargetSource + proxyInterfaces = [org.codehaus.groovy.grails.web.mapping.UrlMappings] + } + switch(GrailsUtil.environment) { - + case "production" : - + serviceHost(org.springframework.jndi.JndiObjectFactoryBean){ jndiName = 'java:comp/env/serviceHost' } otherNodeServiceHosts(org.springframework.jndi.JndiObjectFactoryBean){ jndiName = 'java:comp/env/otherNodeServiceHosts' } solrServiceHost(org.springframework.jndi.JndiObjectFactoryBean){ jndiName = 'java:comp/env/solrServiceHost' } //searching solrIdxServiceHost(org.springframework.jndi.JndiObjectFactoryBean){ jndiName = 'java:comp/env/solrIdxServiceHost' } //indexing tokenServiceHost(org.springframework.jndi.JndiObjectFactoryBean){ jndiName = 'java:comp/env/authServiceHost' } partServiceHost(org.springframework.jndi.JndiObjectFactoryBean){ jndiName = 'java:comp/env/partServiceHost' } - + eportalServiceHost(org.springframework.jndi.JndiObjectFactoryBean){ jndiName = 'java:comp/env/eportalServiceHost' } - - + + kerberosTicketValidator(LemansSunJaasKerberosTicketValidator) { servicePrincipal = conf.kerberos.ticketValidator.servicePrincipal keyTabLocation = conf.kerberos.ticketValidator.keyTabLocation debug = conf.kerberos.ticketValidator.debug // false } - + kerberosServiceAuthenticationProvider(KerberosServiceAuthenticationProvider) { ticketValidator = ref('kerberosTicketValidator') userDetailsService = ref('ldapUserDetailsService') } - + authenticationManager(ProviderManager) { authenticationEventPublisher = ref('defaultAuthEventPublisher') providers = [ - ref('externalAuthenticationProvider'), - ref('rememberMeAuthenticationProvider'), - ref('kerberosServiceAuthenticationProvider') - ] + ref('lemansExternalAuthenticationProvider'), + ref('rememberMeAuthenticationProvider'), + ref('kerberosServiceAuthenticationProvider') + ] } - + break - //separate config that local to avoid integration test failure + //separate config that local to avoid integration test failure case 'local' : // serviceHost (String, "http://localhost:8098") serviceHost (String, "http://services3.dev.lemanscorp.com") // serviceHost (String, "http://localhost:8909") solrServiceHost (String, "http://dev-solr01vm:8080")//searching solrIdxServiceHost (String, "http://dev-solr01vm:8080") //indexing -// tokenServiceHost (String, "http://dev-token01vm:8080") + tokenServiceHost (String, "http://dev-token01vm:8080") // tokenServiceHost (String, "http://services3.dev.lemanscorp.com") - tokenServiceHost (String, 'http://localhost:8098') +// tokenServiceHost (String, 'http://localhost:8098') // partServiceHost (String, "http://localhost:8098") partServiceHost (String, "http://services3.dev.lemanscorp.com") eportalServiceHost (String, "http://eportalstage.lemanscorp.com") //otherNodeServiceHosts (String, "http://dev-services01vm:8080,http://dev-services01vm:8080") otherNodeServiceHosts (String, "") - + //Kerberos setup conf.kerberos.active =false - + authenticationManager(ProviderManager) { authenticationEventPublisher = ref('defaultAuthEventPublisher') providers = [ - ref('externalAuthenticationProvider'), - ref('rememberMeAuthenticationProvider'), - ] + ref('lemansExternalAuthenticationProvider'), + ref('rememberMeAuthenticationProvider'), + ] } break - + case 'test' : // serviceHost (java.lang.String, "http://localhost:8098") serviceHost (java.lang.String, "http://services3.dev.lemanscorp.com") @@ -336,58 +331,58 @@ //Kerberos setup conf.kerberos.active =false - + authenticationManager(ProviderManager) { authenticationEventPublisher = ref('defaultAuthEventPublisher') providers = [ - ref('externalAuthenticationProvider'), - ref('rememberMeAuthenticationProvider'), - ] + ref('lemansExternalAuthenticationProvider'), + ref('rememberMeAuthenticationProvider'), + ] } break - //for local kerberos - comment if not running on krb machine locally + //for local kerberos - comment if not running on krb machine locally case "krblocal" : - - - serviceHost (String, "http://dev-services01vm:8080") - solrServiceHost (String, "http://dev-solr01vm:8080")//searching - //solrServiceHost (String, "http://localhost:8888")//searching - solrIdxServiceHost (String, "http://dev-solr01vm:8080") //indexing - tokenServiceHost (String, "http://dev-token01vm:8080") - partServiceHost (String, "http://dev-services01vm:8080") - //partServiceHost (String, "http://localhost:8888") - - eportalServiceHost (String, "http://eportalstage.lemanscorp.com") - //otherNodeServiceHosts (String, "http://dev-services01vm:8080,http://dev-services01vm:8080") - otherNodeServiceHosts (String, "") - - - kerberosTicketValidator(LemansSunJaasKerberosTicketValidator) { - servicePrincipal = conf.kerberos.ticketValidator.servicePrincipal - keyTabLocation = conf.kerberos.ticketValidator.keyTabLocation - debug = conf.kerberos.ticketValidator.debug // false - } - - kerberosServiceAuthenticationProvider(KerberosServiceAuthenticationProvider) { - ticketValidator = ref('kerberosTicketValidator') - userDetailsService = ref('ldapUserDetailsService') - } - - authenticationManager(ProviderManager) { - authenticationEventPublisher = ref('defaultAuthEventPublisher') - providers = [ - ref('externalAuthenticationProvider'), - ref('rememberMeAuthenticationProvider'), - ref('kerberosServiceAuthenticationProvider') - ] - } - - break + + serviceHost (String, "http://dev-services01vm:8080") + solrServiceHost (String, "http://dev-solr01vm:8080")//searching + //solrServiceHost (String, "http://localhost:8888")//searching + solrIdxServiceHost (String, "http://dev-solr01vm:8080") //indexing + tokenServiceHost (String, "http://dev-token01vm:8080") + partServiceHost (String, "http://dev-services01vm:8080") + //partServiceHost (String, "http://localhost:8888") + + eportalServiceHost (String, "http://eportalstage.lemanscorp.com") + //otherNodeServiceHosts (String, "http://dev-services01vm:8080,http://dev-services01vm:8080") + otherNodeServiceHosts (String, "") + + + kerberosTicketValidator(LemansSunJaasKerberosTicketValidator) { + servicePrincipal = conf.kerberos.ticketValidator.servicePrincipal + keyTabLocation = conf.kerberos.ticketValidator.keyTabLocation + debug = conf.kerberos.ticketValidator.debug // false + } + + kerberosServiceAuthenticationProvider(KerberosServiceAuthenticationProvider) { + ticketValidator = ref('kerberosTicketValidator') + userDetailsService = ref('ldapUserDetailsService') + } + + authenticationManager(ProviderManager) { + authenticationEventPublisher = ref('defaultAuthEventPublisher') + providers = [ + ref('lemansExternalAuthenticationProvider'), + ref('rememberMeAuthenticationProvider'), + ref('kerberosServiceAuthenticationProvider') + ] + } + + break + default : //local - environment - + serviceHost (String, "http://dev-services01vm:8080") //solrServiceHost (String, "http://dev-solr01vm:8080")//searching solrServiceHost (String, "http://localhost:8081")//searching @@ -396,21 +391,21 @@ tokenServiceHost (String, "http://dev-token01vm:8080") partServiceHost (String, "http://dev-services01vm:8080") //partServiceHost (String, "http://localhost:8888") - + eportalServiceHost (String, "http://eportalstage.lemanscorp.com") //otherNodeServiceHosts (String, "http://dev-services01vm:8080,http://dev-services01vm:8080") //otherNodeServiceHosts (String, "http://localhost:9191") otherNodeServiceHosts (String, "http://dev-services01vm:8080") - + //Kerberos setup conf.kerberos.active =false - + authenticationManager(ProviderManager) { authenticationEventPublisher = ref('defaultAuthEventPublisher') providers = [ - ref('externalAuthenticationProvider'), - ref('rememberMeAuthenticationProvider'), - ] + ref('lemansExternalAuthenticationProvider'), + ref('rememberMeAuthenticationProvider'), + ] } break }