- Add the LDAP server URL to the spring-security.xml file, found in the EDX_HOME
/\config\security\ebilling
directory, where EDX_HOME
is the directory where you installed Oracle Self-Service E-Billing:
<security:ldap-server url="ldap://your_server_name:3060" />
- In the same file, change the
authentication-provider
to ldapAuthProvider
:
<security:authentication-manager alias="authenticationManager">
<!--<security:authentication-provider ref="daoAuthenticationProvider" />-->
<security:authentication-provider ref="ldapAuthProvider"/>
</security:authentication-manager>
- Add the
contextSource
bean and set the LDAP URL, user dn, and password:
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://your_server_name:3060"/>
<property name="userDn" value="cn=orcladmin,cn=Users,dc=us,dc=oracle,dc=com"/>
<property name="password" value="Welcome1"/>
</bean>
- Add the
ldapAuthProvider
bean, and configure the BindAuthenticator
and DefaultLdapAuthoritiesPopulator
. Implement the userDetailsContextMapper
bean with your own class, for example:
<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userSearch">
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="cn=Users, dc=us,dc=oracle,dc=com"/>
<constructor-arg index="1" value="(cn={0})"/>
<constructor-arg index="2" ref="contextSource" />
</bean>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<constructor-arg value="cn=Groups, dc=us,dc=oracle,dc=com" />
<property name="groupSearchFilter" value="(uniquemember={0})"/>
<property name="rolePrefix" value=""/>
<property name="searchSubtree" value="true"/>
<property name="convertToUpperCase" value="true"/>
</bean>
</constructor-arg>
<property name="userDetailsContextMapper" ref="EBillingLdapUserDetailsMapper"/>
</bean>
<bean id="EBillingLdapUserDetailsMapper" class="com.edocs.common.security.authenticate.ldap.EBillingLdapUserDetailsMapper">
<property name="userDetailsService">
<ref bean="userDetailsService" />
</property>
</bean>
- Implement the
UserDetailsContextMapper
interface to map the LDAP context to Oracle Self-Service E-Billing user objects. The following example code represents a portion of such an implementation:
public class EBillingLdapUserDetailsMapper extends LdapUserDetailsMapper {
private EBillingUserDetailsService userDetailsService;
public EBillingUserDetailsService getUserDetailsService() {
return userDetailsService;
}
public void setUserDetailsService(EBillingUserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
return userDetailsService.loadUserByUsername(username);
}
}
The creation of the UserDetails
object is controlled by the provider's UserDetailsContextMapper
implementation, which is responsible for mapping user objects to and from LDAP context data:
public interface UserDetailsContextMapper {
UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities);
void mapUserToContext(UserDetails user, DirContextAdapter ctx);
}
- You must customize your LDAP system to implement any Oracle Self-Service E-Billing user management features you require. Using an LDAP system replaces the Oracle Self-Service E-Billing user management functionality with the external system's functionality. For more information about the authentication and user management features pre-configured with Oracle Self-Service E-Billing, see Customizing User Management for External Authentication Systems.