use of org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator in project service-authorization by reportportal.
the class LdapAuthProvider method getDelegate.
@Override
protected AuthenticationProvider getDelegate() {
LdapConfig ldap = authConfigRepository.findLdap(true).orElseThrow(() -> new BadCredentialsException("LDAP is not configured"));
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(singletonList(ldap.getUrl()), ldap.getBaseDn());
ofNullable(ldap.getManagerPassword()).ifPresent(contextSource::setPassword);
ofNullable(ldap.getManagerDn()).ifPresent(contextSource::setUserDn);
contextSource.afterPropertiesSet();
LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> builder = new LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder>().contextSource(contextSource).ldapAuthoritiesPopulator(new NullLdapAuthoritiesPopulator()).userDetailsContextMapper(new DetailsContextMapper(ldapUserReplicator, ldap.getSynchronizationAttributes()));
/*
* Basically, groups are not used
*/
ofNullable(ldap.getGroupSearchFilter()).ifPresent(builder::groupSearchFilter);
ofNullable(ldap.getGroupSearchBase()).ifPresent(builder::groupSearchBase);
ofNullable(ldap.getUserSearchFilter()).ifPresent(builder::userSearchFilter);
ofNullable(ldap.getPasswordEncoderType()).ifPresent(it -> {
LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder>.PasswordCompareConfigurer passwordCompareConfigurer = builder.passwordCompare();
if (!isNullOrEmpty(ldap.getPasswordAttribute())) {
passwordCompareConfigurer.passwordAttribute(ldap.getPasswordAttribute());
}
/*
* DIRTY HACK. If LDAP's password has solt, ldaptemplate.compare operation does not work
* since we don't know server's salt.
* To enable local password comparison, we need to provide password encoder from crypto's package
* This is why we just wrap old encoder with new one interface
* New encoder cannot be used everywhere since it does not have implementation for LDAP
*/
final PasswordEncoder delegate = ENCODER_MAPPING.get(ldap.getPasswordEncoderType());
builder.passwordEncoder(new org.springframework.security.crypto.password.PasswordEncoder() {
@Override
public String encode(CharSequence rawPassword) {
return delegate.encodePassword(rawPassword.toString(), null);
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return delegate.isPasswordValid(encodedPassword, rawPassword.toString(), null);
}
});
});
if (!isNullOrEmpty(ldap.getUserDnPattern())) {
builder.userDnPatterns(ldap.getUserDnPattern());
}
try {
return (AuthenticationProvider) Accessible.on(builder).method(LdapAuthenticationProviderConfigurer.class.getDeclaredMethod("build")).invoke();
} catch (Throwable e) {
throw new ReportPortalException("Cannot build LDAP auth provider", e);
}
}
Aggregations