/*
* Copyright 2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.xd.dirt.server.security;
import java.util.Collection;
import java.util.Collections;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
/**
* @author Marius Bogoevici
*/
@Configuration
@ConfigurationProperties(prefix = "xd.security.authentication.ldap")
@ConditionalOnProperty("xd.security.authentication.ldap.enabled")
public class LdapAuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter {
private String url;
private String userDnPattern;
private String managerDn;
private String managerPassword;
private String userSearchBase = "";
private String userSearchFilter;
private String groupSearchFilter = "";
private String groupSearchBase = "";
private String groupRoleAttribute = "cn";
public String getUrl() {
return url;
}
public void setUrl(String url) {
this.url = url;
}
public String getUserDnPattern() {
return userDnPattern;
}
public void setUserDnPattern(String userDnPattern) {
this.userDnPattern = userDnPattern;
}
public String getManagerDn() {
return managerDn;
}
public void setManagerDn(String managerDn) {
this.managerDn = managerDn;
}
public String getManagerPassword() {
return managerPassword;
}
public void setManagerPassword(String managerPassword) {
this.managerPassword = managerPassword;
}
public String getUserSearchBase() {
return userSearchBase;
}
public void setUserSearchBase(String userSearchBase) {
this.userSearchBase = userSearchBase;
}
public String getUserSearchFilter() {
return userSearchFilter;
}
public void setUserSearchFilter(String userSearchFilter) {
this.userSearchFilter = userSearchFilter;
}
public String getGroupSearchFilter() {
return groupSearchFilter;
}
public void setGroupSearchFilter(String groupSearchFilter) {
this.groupSearchFilter = groupSearchFilter;
}
public String getGroupSearchBase() {
return groupSearchBase;
}
public void setGroupSearchBase(String groupSearchBase) {
this.groupSearchBase = groupSearchBase;
}
public String getGroupRoleAttribute() {
return groupRoleAttribute;
}
public void setGroupRoleAttribute(String groupRoleAttribute) {
this.groupRoleAttribute = groupRoleAttribute;
}
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> ldapConfigurer = auth.ldapAuthentication();
Assert.hasText(url, "'url' must not be empty");
Assert.isTrue(StringUtils.isEmpty(userDnPattern) ^ StringUtils.isEmpty(userSearchFilter),
"exactly one of 'userDnPattern' or 'userSearch' must be provided");
ldapConfigurer.contextSource()
.url(url)
.managerDn(managerDn)
.managerPassword(managerPassword);
if (!StringUtils.isEmpty(userDnPattern)) {
ldapConfigurer.userDnPatterns(userDnPattern);
}
if (!StringUtils.isEmpty(userSearchFilter)) {
ldapConfigurer
.userSearchBase(userSearchBase)
.userSearchFilter(userSearchFilter);
}
if (!StringUtils.isEmpty(groupSearchFilter)) {
ldapConfigurer.groupSearchBase(groupSearchBase)
.groupSearchFilter(groupSearchFilter)
.groupRoleAttribute(groupRoleAttribute);
}
else {
ldapConfigurer.ldapAuthoritiesPopulator(new LdapAuthoritiesPopulator() {
@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
return Collections.singleton(new SimpleGrantedAuthority("ROLE_ADMIN"));
}
});
}
}
}