Lift LDAP

One of the requisites to start using Lift at my work, was to use LDAP authentification.
So i wrote a little module lift-ldap for that and a sample app, it was damn simple !

To use the module,

  • 1. lift-ldap requirements in maven pom.xml
    
    <dependency>
        <groupId>net.liftweb</groupId>
        <artifactId>lift-ldap</artifactId>
        <version>1.0.0</version>
    </dependency>
    
  • 2. Create the user object in src/scala/com/sample/model/User.scala

    
    package com.sample.model
    
    import scala.util.matching.{Regex}
    import scala.xml.{NodeSeq}
    
    // lift ldap
    import net.liftweb.ldap.{LDAPProtoUser, MetaLDAPProtoUser, LDAPVendor, SimpleLDAPVendor}
    
    import net.liftweb.common.{Box, Full}
    import net.liftweb.http.{S, SessionVar}
    import net.liftweb.mapper.{KeyedMetaMapper}
    
    object roles extends SessionVar[List[String]](List())
    
    class User extends LDAPProtoUser[User] {
        def getSingleton = User
    
        def getRoles: List[String] = {
            return roles.get
        }
    }
    
    object User extends User with MetaLDAPProtoUser[User] {
    
        override def screenWrap = Full(
                       
        )
    
        override def dbTableName = "tmp_users"
    
        override def login : NodeSeq = {
            val groupNameRx = new Regex(".*cn=(.*),ou=.*")
    
            def getGroupNameFromDn(dn: String): String = {
                val groupNameRx(groupName) = dn
                return groupName
            }
    
            def setRoles(userDn: String, ldapVendor: LDAPVendor): AnyRef = {
                // buscamos o grupo do usuario
                val filter = "(&(objectclass=groupofnames)(member=" + userDn + "))"
    
                val groups = ldapVendor.search(filter)
                groups.foreach(g => {
                    roles.set(roles.get + getGroupNameFromDn(g))
                })
            }
    
            login(setRoles _)
        }
    }
    
    

    The User object has to provide a setRoles function to the LDAPVendor (when do login),
    so we can customize the way in which we retrieve the credentials from LDAP (from a group of names or a custom object)

  • 3. Initialize the LDAP configuration in Boot.scala (src/main/scala/bootstrap/liftweb/Boot.scala)

    
    We can pass a properties file to the SimpleLDAPVendor
    SimpleLDAPVendor.parameters = () =>
                SimpleLDAPVendor.parametersFromStream(
                    this.getClass().getClassLoader().getResourceAsStream("ldap.properties"))
    
    or just manually :
    SimpleLDAPVendor.parameters = () => Map("ldap.url"  -> "ldap://localhost",
                                            "ldap.base" -> "dc=company,dc=com",
                                            "ldap.userName" -> "...",
                                            "ldap.password" -> "...")
                
    
  • 4. A LoginUtils class (src/main/scala/com/sample/lib/LoginUtil.scala)

    To determine when the user is logged or have some credentials

  • 5. Create the security rules in Boot

    
    
        LiftRules.dispatch.prepend(NamedPF("Login Validation") {
            case Req("group_required" :: page, extension, _) if !LoginUtil.hasAuthority_?("sample_group") =>
                    LoginUtil.redirectIfLogged("/login/group_not_allowed")
            case Req("login_required" :: page , extension, _) if (!LoginUtil.isLogged) =>
                    () => Full(RedirectResponse("/user_mgt/login"))
        })
    

And that’s it 🙂

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: