allow to use profile==dev with basic auth

README.md

@@ -12,7 +12,7 @@ docker pull ghcr.io/spaced/ebics-web-client:master
 ```
 run with
 ```shell
-docker run -p 8080:8080 --rm ghcr.io/spaced/ebics-web-client:master
+docker run -p 8080:8080 --rm -e SPRING_PROFILES_ACTIVE=dev ghcr.io/spaced/ebics-web-client:master
 ```
 or run with configuration
 ```shell
@@ -38,6 +38,16 @@ java -jar ebics-rest-api/target/ebics-rest-api-x.y.z.war
 Use HTTPS with trusted certificates, don't use HTTP for production setups. Based on the way of running (standalone spring boot or tomcat container) you need to adjust config.properties [spring boot HTTPS config](https://docs.spring.io/spring-boot/how-to/webserver.html) or Apache Tomcat HTTPS
 
 
+### LDAP
+```
+spring.ldap.base=dc=example,dc=org
+spring.ldap.urls[0]=ldap://localhost:1389
+spring.ldap.username=cn=admin,dc=example,dc=org
+spring.ldap.password=adminpassword
+spring.ldap.search.group.base=ou=users
+spring.ldap.search.mapping.adGroupName=admin
+```
+
 ### Architecture & Functionality
 ![Architecture](ebics-web-client-architecture.drawio.png)
 

ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/SecurityConfiguration.kt

@@ -3,23 +3,36 @@ package org.ebics.client.ebicsrestapi
 import org.springframework.boot.autoconfigure.security.SecurityProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.springframework.context.annotation.Profile
 import org.springframework.core.annotation.Order
+import org.springframework.core.env.Environment
 import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.invoke
+import org.springframework.security.core.userdetails.User
+import org.springframework.security.provisioning.InMemoryUserDetailsManager
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher
 
 
 @Configuration
 @EnableWebSecurity
-@Order(SecurityProperties.BASIC_AUTH_ORDER)
 class SecurityConfiguration() {
 
+    @Bean
+    @Profile("dev")
+    fun configure(): InMemoryUserDetailsManager {
+        return InMemoryUserDetailsManager(
+            User.withUsername("guest").password("{noop}pass").roles("GUEST").build(),
+            User.withUsername("user").password("{noop}pass").roles("USER", "GUEST").build(),
+            User.withUsername("admin").password("{noop}pass").roles("ADMIN", "USER", "GUEST").build()
+        )
+    }
+
 
     @Bean
-    fun filterChainBasic(http: HttpSecurity): SecurityFilterChain {
+    fun filterChainBasic(http: HttpSecurity, env: Environment): SecurityFilterChain {
         http {
             authorizeRequests {
                 authorize(HttpMethod.GET, "/bankconnections",hasAnyRole("ADMIN", "USER", "GUEST"))
@@ -42,6 +55,13 @@ class SecurityConfiguration() {
             formLogin { defaultSuccessUrl("/user", false) }
             logout { }
         }
+        if (env.activeProfiles.contains("dev")) {
+            http {
+                formLogin { disable() }
+                logout { disable() }
+                httpBasic { }
+            }
+        }
         return http.build()
     }
 }

ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapConfiguration.kt

@@ -4,6 +4,7 @@ package org.ebics.client.ebicsrestapi.ldap
 import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.springframework.context.annotation.Profile
 import org.springframework.ldap.core.support.BaseLdapPathContextSource
 import org.springframework.security.authentication.AuthenticationManager
 import org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory
@@ -17,6 +18,7 @@ typealias AuthorityRecord = Map<String, List<String>>
 typealias AuthorityMapper = (AuthorityRecord) -> GrantedAuthority?
 
 @Configuration
+@Profile("!dev")
 @EnableConfigurationProperties(LdapSearchProperties::class)
 class LdapConfiguration {
     @Bean
@@ -42,7 +44,6 @@ class LdapConfiguration {
         val factory = LdapBindAuthenticationManagerFactory(contextSource)
         factory.setUserSearchFilter(searchProperties.user.filter)
         factory.setUserSearchBase(searchProperties.user.base)
-        //factory.setUserDnPatterns("uid={0},ou=users")
         factory.setLdapAuthoritiesPopulator(authorities)
         return factory.createAuthenticationManager()
     }

examples/application-ldap.yml

@@ -0,0 +1,15 @@
+---
+spring:
+  ldap:
+    base: dc=example,dc=org
+    urls: ["ldap://localhost:1389"]
+    username: cn=admin,dc=example,dc=org
+    password: adminpassword
+    search:
+      group:
+        base: ou=users
+        filter: member={0}
+      user:
+        filter: (uid={0})
+      mapping:
+        readers: admin