Example 1 with ExternalTlsDirContextAuthenticationStrategy
use of org.springframework.ldap.core.support.ExternalTlsDirContextAuthenticationStrategy in project shinyproxy by openanalytics.
the class LDAPAuthenticationBackend method configureAuthenticationManagerBuilder.
@Override
public void configureAuthenticationManagerBuilder(AuthenticationManagerBuilder auth) throws Exception {
LDAPProviderConfig[] configs = LDAPProviderConfig.loadAll(environment);
for (LDAPProviderConfig cfg : configs) {
LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> configurer = new LdapAuthenticationProviderConfigurer<>();
String[] userDnPatterns = { cfg.userDnPattern };
if (userDnPatterns[0] == null || userDnPatterns[0].isEmpty())
userDnPatterns = new String[0];
if (cfg.managerDn != null && cfg.managerDn.isEmpty())
cfg.managerDn = null;
// Manually instantiate contextSource so it can be passed into authoritiesPopulator below.
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(cfg.url);
if (cfg.managerDn != null) {
contextSource.setUserDn(cfg.managerDn);
contextSource.setPassword(cfg.managerPassword);
}
if (Boolean.valueOf(cfg.startTLS) || STARTTLS_SIMPLE.equalsIgnoreCase(cfg.startTLS)) {
// Explicitly disable connection pooling, or Spring may attempt to StartTLS twice on the same connection.
contextSource.setPooled(false);
contextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
} else if (STARTTLS_EXTERNAL.equalsIgnoreCase(cfg.startTLS)) {
contextSource.setAuthenticationStrategy(new ExternalTlsDirContextAuthenticationStrategy());
}
contextSource.afterPropertiesSet();
// Manually instantiate authoritiesPopulator because it uses a customized class.
CNLdapAuthoritiesPopulator authoritiesPopulator = new CNLdapAuthoritiesPopulator(contextSource, cfg.groupSearchBase);
authoritiesPopulator.setGroupRoleAttribute("cn");
authoritiesPopulator.setGroupSearchFilter(cfg.groupSearchFilter);
configurer.userDnPatterns(userDnPatterns).userSearchBase(cfg.userSearchBase).userSearchFilter(cfg.userSearchFilter).ldapAuthoritiesPopulator(authoritiesPopulator).contextSource(contextSource).configure(auth);
}
}
Also used :
DefaultSpringSecurityContextSource(org.springframework.security.ldap.DefaultSpringSecurityContextSource)
ExternalTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.ExternalTlsDirContextAuthenticationStrategy)
AuthenticationManagerBuilder(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder)
LdapAuthenticationProviderConfigurer(org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer)
DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)
Aggregations
DefaultTlsDirContextAuthenticationStrategy (org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)1
ExternalTlsDirContextAuthenticationStrategy (org.springframework.ldap.core.support.ExternalTlsDirContextAuthenticationStrategy)1
AuthenticationManagerBuilder (org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder)1
LdapAuthenticationProviderConfigurer (org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer)1
DefaultSpringSecurityContextSource (org.springframework.security.ldap.DefaultSpringSecurityContextSource)1
