Examples with NullLdapAuthoritiesPopulator org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator used on opensource projects

Example 1 with NullLdapAuthoritiesPopulator

use of org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator in project service-authorization by reportportal.

the class LdapAuthProvider method getDelegate.

@Override
protected AuthenticationProvider getDelegate() {
    LdapConfig ldap = authConfigRepository.findLdap(true).orElseThrow(() -> new BadCredentialsException("LDAP is not configured"));
    DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(singletonList(ldap.getUrl()), ldap.getBaseDn());
    ofNullable(ldap.getManagerPassword()).ifPresent(contextSource::setPassword);
    ofNullable(ldap.getManagerDn()).ifPresent(contextSource::setUserDn);
    contextSource.afterPropertiesSet();
    LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> builder = new LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder>().contextSource(contextSource).ldapAuthoritiesPopulator(new NullLdapAuthoritiesPopulator()).userDetailsContextMapper(new DetailsContextMapper(ldapUserReplicator, ldap.getSynchronizationAttributes()));
    /*
         * Basically, groups are not used
		 */
    ofNullable(ldap.getGroupSearchFilter()).ifPresent(builder::groupSearchFilter);
    ofNullable(ldap.getGroupSearchBase()).ifPresent(builder::groupSearchBase);
    ofNullable(ldap.getUserSearchFilter()).ifPresent(builder::userSearchFilter);
    ofNullable(ldap.getPasswordEncoderType()).ifPresent(it -> {
        LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder>.PasswordCompareConfigurer passwordCompareConfigurer = builder.passwordCompare();
        if (!isNullOrEmpty(ldap.getPasswordAttribute())) {
            passwordCompareConfigurer.passwordAttribute(ldap.getPasswordAttribute());
        }
        /*
			 * DIRTY HACK. If LDAP's password has solt, ldaptemplate.compare operation does not work
			 * since we don't know server's salt.
			 * To enable local password comparison, we need to provide password encoder from crypto's package
			 * This is why we just wrap old encoder with new one interface
			 * New encoder cannot be used everywhere since it does not have implementation for LDAP
			 */
        final PasswordEncoder delegate = ENCODER_MAPPING.get(ldap.getPasswordEncoderType());
        builder.passwordEncoder(new org.springframework.security.crypto.password.PasswordEncoder() {

            @Override
            public String encode(CharSequence rawPassword) {
                return delegate.encodePassword(rawPassword.toString(), null);
            }

            @Override
            public boolean matches(CharSequence rawPassword, String encodedPassword) {
                return delegate.isPasswordValid(encodedPassword, rawPassword.toString(), null);
            }
        });
    });
    if (!isNullOrEmpty(ldap.getUserDnPattern())) {
        builder.userDnPatterns(ldap.getUserDnPattern());
    }
    try {
        return (AuthenticationProvider) Accessible.on(builder).method(LdapAuthenticationProviderConfigurer.class.getDeclaredMethod("build")).invoke();
    } catch (Throwable e) {
        throw new ReportPortalException("Cannot build LDAP auth provider", e);
    }
}