From e72cb1ca01b8c2d4474de0696aefe56a86ce9f46 Mon Sep 17 00:00:00 2001 From: spaced Date: Thu, 26 Sep 2024 18:03:28 +0200 Subject: [PATCH] allow to configure ldap for active directory --- ebics-rest-api/README.md | 1 + ebics-rest-api/pom.xml | 4 +++ .../ebicsrestapi/ldap/LdapConfiguration.kt | 36 ++++++++++++++----- .../ebicsrestapi/ldap/LdapSearchProperties.kt | 1 + pom.xml | 2 +- 5 files changed, 35 insertions(+), 9 deletions(-) diff --git a/ebics-rest-api/README.md b/ebics-rest-api/README.md index 534f5827..95b821f8 100644 --- a/ebics-rest-api/README.md +++ b/ebics-rest-api/README.md @@ -25,6 +25,7 @@ with config: spring: ldap: base: dc=example,dc=org + domain: example.com # for active directory urls: ["ldap://localhost:1389"] username: cn=admin,dc=example,dc=org password: adminpassword diff --git a/ebics-rest-api/pom.xml b/ebics-rest-api/pom.xml index 17065026..b11fd319 100644 --- a/ebics-rest-api/pom.xml +++ b/ebics-rest-api/pom.xml @@ -127,6 +127,10 @@ logstash-logback-encoder ${logstash-logback-encoder.version} + + org.springframework.boot + spring-boot-starter-actuator + diff --git a/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapConfiguration.kt b/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapConfiguration.kt index 585d92e5..b575c59e 100644 --- a/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapConfiguration.kt +++ b/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapConfiguration.kt @@ -1,6 +1,7 @@ package org.ebics.client.ebicsrestapi.ldap +import org.springframework.boot.autoconfigure.ldap.LdapProperties import org.springframework.boot.context.properties.EnableConfigurationProperties import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration @@ -10,9 +11,9 @@ import org.springframework.security.authentication.AuthenticationManager import org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory import org.springframework.security.core.GrantedAuthority import org.springframework.security.core.authority.SimpleGrantedAuthority +import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator -import java.util.* typealias AuthorityRecord = Map> typealias AuthorityMapper = (AuthorityRecord) -> GrantedAuthority? @@ -21,25 +22,31 @@ typealias AuthorityMapper = (AuthorityRecord) -> GrantedAuthority? @Profile("!dev") @EnableConfigurationProperties(LdapSearchProperties::class) class LdapConfiguration { + @Bean - fun authorities(contextSource: BaseLdapPathContextSource, searchProperties: LdapSearchProperties): LdapAuthoritiesPopulator { + fun authorities( + contextSource: BaseLdapPathContextSource, + searchProperties: LdapSearchProperties + ): LdapAuthoritiesPopulator { val authorities = DefaultLdapAuthoritiesPopulator(contextSource, searchProperties.group.base) authorities.setGroupSearchFilter(searchProperties.group.filter) val mapper: AuthorityMapper = { record -> val roles = record["cn"] val role = roles?.first() - val mappedRole= searchProperties.mapping?.get(role)?:role - mappedRole?.let{ SimpleGrantedAuthority("ROLE_${mappedRole.uppercase()}") } + val mappedRole = searchProperties.mapping?.get(role) ?: role + mappedRole?.let { SimpleGrantedAuthority("ROLE_${mappedRole.uppercase()}") } } - authorities.setAuthorityMapper( mapper) + authorities.setAuthorityMapper(mapper) return authorities } @Bean - fun authenticationManager(contextSource: BaseLdapPathContextSource, - authorities: LdapAuthoritiesPopulator, - searchProperties: LdapSearchProperties + @Profile("openldap") + fun authenticationManager( + contextSource: BaseLdapPathContextSource, + authorities: LdapAuthoritiesPopulator, + searchProperties: LdapSearchProperties ): AuthenticationManager { val factory = LdapBindAuthenticationManagerFactory(contextSource) factory.setUserSearchFilter(searchProperties.user.filter) @@ -48,4 +55,17 @@ class LdapConfiguration { return factory.createAuthenticationManager() } + @Bean + fun authenticationProvider( + ldapProperties: LdapProperties, + searchProperties: LdapSearchProperties + ): ActiveDirectoryLdapAuthenticationProvider { + return ActiveDirectoryLdapAuthenticationProvider( + searchProperties.domain, + ldapProperties.urls.get(0), + ldapProperties.base + ) + + } + } \ No newline at end of file diff --git a/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapSearchProperties.kt b/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapSearchProperties.kt index 8af196e6..f2da0fea 100644 --- a/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapSearchProperties.kt +++ b/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapSearchProperties.kt @@ -6,6 +6,7 @@ import org.springframework.boot.context.properties.ConfigurationProperties @ConfigurationProperties(prefix = "spring.ldap.search") data class LdapSearchProperties ( + val domain: String = "", val group: LdapSearchPattern = LdapSearchPattern("","member={0}"), val user: LdapSearchPattern = LdapSearchPattern("","(uid={0})"), val mapping: Map? // mapping of spring-role -> ldap-role diff --git a/pom.xml b/pom.xml index 2ea0ffb2..6f8d4c28 100644 --- a/pom.xml +++ b/pom.xml @@ -12,7 +12,7 @@ 21 1.9.24 1.9 - 3.3.0 + 3.3.4 UTF-8 4.0.2 2.22.2