diff --git a/ebics-rest-api/README.md b/ebics-rest-api/README.md
index 534f5827..95b821f8 100644
--- a/ebics-rest-api/README.md
+++ b/ebics-rest-api/README.md
@@ -25,6 +25,7 @@ with config:
spring:
ldap:
base: dc=example,dc=org
+ domain: example.com # for active directory
urls: ["ldap://localhost:1389"]
username: cn=admin,dc=example,dc=org
password: adminpassword
diff --git a/ebics-rest-api/pom.xml b/ebics-rest-api/pom.xml
index 17065026..b11fd319 100644
--- a/ebics-rest-api/pom.xml
+++ b/ebics-rest-api/pom.xml
@@ -127,6 +127,10 @@
logstash-logback-encoder
${logstash-logback-encoder.version}
+
+ org.springframework.boot
+ spring-boot-starter-actuator
+
diff --git a/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapConfiguration.kt b/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapConfiguration.kt
index 585d92e5..b575c59e 100644
--- a/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapConfiguration.kt
+++ b/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapConfiguration.kt
@@ -1,6 +1,7 @@
package org.ebics.client.ebicsrestapi.ldap
+import org.springframework.boot.autoconfigure.ldap.LdapProperties
import org.springframework.boot.context.properties.EnableConfigurationProperties
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
@@ -10,9 +11,9 @@ import org.springframework.security.authentication.AuthenticationManager
import org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory
import org.springframework.security.core.GrantedAuthority
import org.springframework.security.core.authority.SimpleGrantedAuthority
+import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator
-import java.util.*
typealias AuthorityRecord = Map>
typealias AuthorityMapper = (AuthorityRecord) -> GrantedAuthority?
@@ -21,25 +22,31 @@ typealias AuthorityMapper = (AuthorityRecord) -> GrantedAuthority?
@Profile("!dev")
@EnableConfigurationProperties(LdapSearchProperties::class)
class LdapConfiguration {
+
@Bean
- fun authorities(contextSource: BaseLdapPathContextSource, searchProperties: LdapSearchProperties): LdapAuthoritiesPopulator {
+ fun authorities(
+ contextSource: BaseLdapPathContextSource,
+ searchProperties: LdapSearchProperties
+ ): LdapAuthoritiesPopulator {
val authorities = DefaultLdapAuthoritiesPopulator(contextSource, searchProperties.group.base)
authorities.setGroupSearchFilter(searchProperties.group.filter)
val mapper: AuthorityMapper = { record ->
val roles = record["cn"]
val role = roles?.first()
- val mappedRole= searchProperties.mapping?.get(role)?:role
- mappedRole?.let{ SimpleGrantedAuthority("ROLE_${mappedRole.uppercase()}") }
+ val mappedRole = searchProperties.mapping?.get(role) ?: role
+ mappedRole?.let { SimpleGrantedAuthority("ROLE_${mappedRole.uppercase()}") }
}
- authorities.setAuthorityMapper( mapper)
+ authorities.setAuthorityMapper(mapper)
return authorities
}
@Bean
- fun authenticationManager(contextSource: BaseLdapPathContextSource,
- authorities: LdapAuthoritiesPopulator,
- searchProperties: LdapSearchProperties
+ @Profile("openldap")
+ fun authenticationManager(
+ contextSource: BaseLdapPathContextSource,
+ authorities: LdapAuthoritiesPopulator,
+ searchProperties: LdapSearchProperties
): AuthenticationManager {
val factory = LdapBindAuthenticationManagerFactory(contextSource)
factory.setUserSearchFilter(searchProperties.user.filter)
@@ -48,4 +55,17 @@ class LdapConfiguration {
return factory.createAuthenticationManager()
}
+ @Bean
+ fun authenticationProvider(
+ ldapProperties: LdapProperties,
+ searchProperties: LdapSearchProperties
+ ): ActiveDirectoryLdapAuthenticationProvider {
+ return ActiveDirectoryLdapAuthenticationProvider(
+ searchProperties.domain,
+ ldapProperties.urls.get(0),
+ ldapProperties.base
+ )
+
+ }
+
}
\ No newline at end of file
diff --git a/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapSearchProperties.kt b/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapSearchProperties.kt
index 8af196e6..f2da0fea 100644
--- a/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapSearchProperties.kt
+++ b/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapSearchProperties.kt
@@ -6,6 +6,7 @@ import org.springframework.boot.context.properties.ConfigurationProperties
@ConfigurationProperties(prefix = "spring.ldap.search")
data class LdapSearchProperties (
+ val domain: String = "",
val group: LdapSearchPattern = LdapSearchPattern("","member={0}"),
val user: LdapSearchPattern = LdapSearchPattern("","(uid={0})"),
val mapping: Map? // mapping of spring-role -> ldap-role
diff --git a/pom.xml b/pom.xml
index 2ea0ffb2..6f8d4c28 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,7 @@
21
1.9.24
1.9
- 3.3.0
+ 3.3.4
UTF-8
4.0.2
2.22.2