From b3178f1ba62831eb9ccbad61bcf3ad747dcadffd Mon Sep 17 00:00:00 2001 From: Kunal Shroff Date: Tue, 14 Nov 2023 12:20:55 -0500 Subject: [PATCH 1/2] Including active directory Authentication manager --- .../web/config/WebSecurityConfig.java | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/config/WebSecurityConfig.java b/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/config/WebSecurityConfig.java index 1b90f4b65e..936c1f0893 100644 --- a/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/config/WebSecurityConfig.java +++ b/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/config/WebSecurityConfig.java @@ -22,6 +22,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.ldap.DefaultSpringSecurityContextSource; +import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider; import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator; import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator; import org.springframework.security.ldap.userdetails.PersonContextMapper; @@ -199,6 +200,22 @@ public LdapAuthoritiesPopulator authorities(BaseLdapPathContextSource contextSou return myAuthPopulator; } + @Bean + @ConditionalOnProperty(name = "auth.impl", havingValue = "ad") + public AuthenticationManager authenticationProvider() throws Exception { + ActiveDirectoryLdapAuthenticationProvider adProvider = + new ActiveDirectoryLdapAuthenticationProvider(ad_domain, ad_url); + adProvider.setConvertSubErrorCodesToExceptions(true); + adProvider.setUseAuthenticationRequestCredentials(true); + adProvider.setUserDetailsContextMapper(new PersonContextMapper()); + return new AuthenticationManagerBuilder(new ObjectPostProcessor<>() { + @Override + public O postProcess(O object) { + return object; + } + }).authenticationProvider(adProvider).build(); + } + @Bean @ConditionalOnProperty(name = "auth.impl", havingValue = "demo") public AuthenticationManager demoAuthenticationManager(AuthenticationManagerBuilder auth) throws Exception { From 44ebd82d880428839f41ad8f50281bc03ef55002 Mon Sep 17 00:00:00 2001 From: Kunal Shroff Date: Tue, 14 Nov 2023 12:27:25 -0500 Subject: [PATCH 2/2] Add authority mapper to convert to ROLE_XXX --- .../service/saveandrestore/web/config/WebSecurityConfig.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/config/WebSecurityConfig.java b/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/config/WebSecurityConfig.java index 936c1f0893..090101b991 100644 --- a/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/config/WebSecurityConfig.java +++ b/services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/config/WebSecurityConfig.java @@ -19,6 +19,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory; +import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.ldap.DefaultSpringSecurityContextSource; @@ -208,6 +209,9 @@ public AuthenticationManager authenticationProvider() throws Exception { adProvider.setConvertSubErrorCodesToExceptions(true); adProvider.setUseAuthenticationRequestCredentials(true); adProvider.setUserDetailsContextMapper(new PersonContextMapper()); + SimpleAuthorityMapper simpleAuthorityMapper = new SimpleAuthorityMapper(); + simpleAuthorityMapper.setConvertToUpperCase(true); + adProvider.setAuthoritiesMapper(simpleAuthorityMapper); return new AuthenticationManagerBuilder(new ObjectPostProcessor<>() { @Override public O postProcess(O object) {