Search in sources :

Example 1 with NullLdapAuthoritiesPopulator

use of org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator in project service-authorization by reportportal.

the class LdapAuthProvider method getDelegate.

@Override
protected AuthenticationProvider getDelegate() {
    LdapConfig ldap = authConfigRepository.findLdap(true).orElseThrow(() -> new BadCredentialsException("LDAP is not configured"));
    DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(singletonList(ldap.getUrl()), ldap.getBaseDn());
    ofNullable(ldap.getManagerPassword()).ifPresent(contextSource::setPassword);
    ofNullable(ldap.getManagerDn()).ifPresent(contextSource::setUserDn);
    contextSource.afterPropertiesSet();
    LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> builder = new LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder>().contextSource(contextSource).ldapAuthoritiesPopulator(new NullLdapAuthoritiesPopulator()).userDetailsContextMapper(new DetailsContextMapper(ldapUserReplicator, ldap.getSynchronizationAttributes()));
    /*
         * Basically, groups are not used
		 */
    ofNullable(ldap.getGroupSearchFilter()).ifPresent(builder::groupSearchFilter);
    ofNullable(ldap.getGroupSearchBase()).ifPresent(builder::groupSearchBase);
    ofNullable(ldap.getUserSearchFilter()).ifPresent(builder::userSearchFilter);
    ofNullable(ldap.getPasswordEncoderType()).ifPresent(it -> {
        LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder>.PasswordCompareConfigurer passwordCompareConfigurer = builder.passwordCompare();
        if (!isNullOrEmpty(ldap.getPasswordAttribute())) {
            passwordCompareConfigurer.passwordAttribute(ldap.getPasswordAttribute());
        }
        /*
			 * DIRTY HACK. If LDAP's password has solt, ldaptemplate.compare operation does not work
			 * since we don't know server's salt.
			 * To enable local password comparison, we need to provide password encoder from crypto's package
			 * This is why we just wrap old encoder with new one interface
			 * New encoder cannot be used everywhere since it does not have implementation for LDAP
			 */
        final PasswordEncoder delegate = ENCODER_MAPPING.get(ldap.getPasswordEncoderType());
        builder.passwordEncoder(new org.springframework.security.crypto.password.PasswordEncoder() {

            @Override
            public String encode(CharSequence rawPassword) {
                return delegate.encodePassword(rawPassword.toString(), null);
            }

            @Override
            public boolean matches(CharSequence rawPassword, String encodedPassword) {
                return delegate.isPasswordValid(encodedPassword, rawPassword.toString(), null);
            }
        });
    });
    if (!isNullOrEmpty(ldap.getUserDnPattern())) {
        builder.userDnPatterns(ldap.getUserDnPattern());
    }
    try {
        return (AuthenticationProvider) Accessible.on(builder).method(LdapAuthenticationProviderConfigurer.class.getDeclaredMethod("build")).invoke();
    } catch (Throwable e) {
        throw new ReportPortalException("Cannot build LDAP auth provider", e);
    }
}
Also used : DefaultSpringSecurityContextSource(org.springframework.security.ldap.DefaultSpringSecurityContextSource) AuthenticationProvider(org.springframework.security.authentication.AuthenticationProvider) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) LdapConfig(com.epam.reportportal.auth.store.entity.ldap.LdapConfig) AuthenticationManagerBuilder(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder) ReportPortalException(com.epam.ta.reportportal.exception.ReportPortalException) NullLdapAuthoritiesPopulator(org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator) LdapAuthenticationProviderConfigurer(org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer)

Aggregations

LdapConfig (com.epam.reportportal.auth.store.entity.ldap.LdapConfig)1 ReportPortalException (com.epam.ta.reportportal.exception.ReportPortalException)1 AuthenticationProvider (org.springframework.security.authentication.AuthenticationProvider)1 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1 AuthenticationManagerBuilder (org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder)1 LdapAuthenticationProviderConfigurer (org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer)1 DefaultSpringSecurityContextSource (org.springframework.security.ldap.DefaultSpringSecurityContextSource)1 NullLdapAuthoritiesPopulator (org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator)1