Search in sources :

Example 1 with ExternalTlsDirContextAuthenticationStrategy

use of org.springframework.ldap.core.support.ExternalTlsDirContextAuthenticationStrategy in project shinyproxy by openanalytics.

the class LDAPAuthenticationBackend method configureAuthenticationManagerBuilder.

@Override
public void configureAuthenticationManagerBuilder(AuthenticationManagerBuilder auth) throws Exception {
    LDAPProviderConfig[] configs = LDAPProviderConfig.loadAll(environment);
    for (LDAPProviderConfig cfg : configs) {
        LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> configurer = new LdapAuthenticationProviderConfigurer<>();
        String[] userDnPatterns = { cfg.userDnPattern };
        if (userDnPatterns[0] == null || userDnPatterns[0].isEmpty())
            userDnPatterns = new String[0];
        if (cfg.managerDn != null && cfg.managerDn.isEmpty())
            cfg.managerDn = null;
        // Manually instantiate contextSource so it can be passed into authoritiesPopulator below.
        DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(cfg.url);
        if (cfg.managerDn != null) {
            contextSource.setUserDn(cfg.managerDn);
            contextSource.setPassword(cfg.managerPassword);
        }
        if (Boolean.valueOf(cfg.startTLS) || STARTTLS_SIMPLE.equalsIgnoreCase(cfg.startTLS)) {
            // Explicitly disable connection pooling, or Spring may attempt to StartTLS twice on the same connection.
            contextSource.setPooled(false);
            contextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
        } else if (STARTTLS_EXTERNAL.equalsIgnoreCase(cfg.startTLS)) {
            contextSource.setAuthenticationStrategy(new ExternalTlsDirContextAuthenticationStrategy());
        }
        contextSource.afterPropertiesSet();
        // Manually instantiate authoritiesPopulator because it uses a customized class.
        CNLdapAuthoritiesPopulator authoritiesPopulator = new CNLdapAuthoritiesPopulator(contextSource, cfg.groupSearchBase);
        authoritiesPopulator.setGroupRoleAttribute("cn");
        authoritiesPopulator.setGroupSearchFilter(cfg.groupSearchFilter);
        configurer.userDnPatterns(userDnPatterns).userSearchBase(cfg.userSearchBase).userSearchFilter(cfg.userSearchFilter).ldapAuthoritiesPopulator(authoritiesPopulator).contextSource(contextSource).configure(auth);
    }
}
Also used : DefaultSpringSecurityContextSource(org.springframework.security.ldap.DefaultSpringSecurityContextSource) ExternalTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.ExternalTlsDirContextAuthenticationStrategy) AuthenticationManagerBuilder(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder) LdapAuthenticationProviderConfigurer(org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer) DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)

Aggregations

DefaultTlsDirContextAuthenticationStrategy (org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)1 ExternalTlsDirContextAuthenticationStrategy (org.springframework.ldap.core.support.ExternalTlsDirContextAuthenticationStrategy)1 AuthenticationManagerBuilder (org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder)1 LdapAuthenticationProviderConfigurer (org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer)1 DefaultSpringSecurityContextSource (org.springframework.security.ldap.DefaultSpringSecurityContextSource)1