diff --git a/example/example.gradle b/example/example.gradle index 81516715d..eecde357c 100644 --- a/example/example.gradle +++ b/example/example.gradle @@ -17,6 +17,7 @@ dependencies { implementation( project(':authenticator'), project(':localuser'), + project(':ldap'), project(':cameo'), project(':elastic'), project(':jupyter'), diff --git a/example/src/main/resources/application-test.properties b/example/src/main/resources/application-test.properties index 6d2cd5455..8ef8e22f6 100644 --- a/example/src/main/resources/application-test.properties +++ b/example/src/main/resources/application-test.properties @@ -11,6 +11,7 @@ jwt.header=Authorization rdb.project.prefix=mms # See ldap module for example configuration +ldap.enabled=false ldap.provider.base=ou=something,dc=openmbee,dc=org ldap.provider.url=ldaps://ldap.openmbee.org/${ldap.provider.base} ldap.provider.userdn= diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapCondition.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapCondition.java new file mode 100644 index 000000000..9bb98618d --- /dev/null +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapCondition.java @@ -0,0 +1,14 @@ +package org.openmbee.mms.ldap; + +import org.springframework.context.annotation.Condition; +import org.springframework.context.annotation.ConditionContext; +import org.springframework.core.env.Environment; +import org.springframework.core.type.AnnotatedTypeMetadata; + +public class LdapCondition implements Condition { + @Override + public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) { + Environment env = context.getEnvironment(); + return "true".equals(env.getProperty("ldap.enabled")); + } +} \ No newline at end of file diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index 2577d970a..ec6fe7013 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -13,6 +13,7 @@ import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Conditional; import org.springframework.context.annotation.Configuration; import org.springframework.ldap.core.DirContextOperations; import org.springframework.ldap.core.support.BaseLdapPathContextSource; @@ -27,39 +28,40 @@ import org.springframework.transaction.annotation.EnableTransactionManagement; @Configuration +@Conditional(LdapCondition.class) @EnableTransactionManagement public class LdapSecurityConfig { private static Logger logger = LoggerFactory.getLogger(LdapSecurityConfig.class); - @Value("${ldap.provider.url}") + @Value("${ldap.provider.url:#{null}}") private String providerUrl; - @Value("${ldap.provider.userdn}") + @Value("${ldap.provider.userdn:#{null}}") private String providerUserDn; - @Value("${ldap.provider.password}") + @Value("${ldap.provider.password:#{null}}") private String providerPassword; - @Value("${ldap.provider.base}") + @Value("${ldap.provider.base:#{null}") private String providerBase; - @Value("${ldap.user.dn.pattern}") + @Value("${ldap.user.dn.pattern:uid={0}}") private String userDnPattern; - @Value("${ldap.user.attributes.username}") + @Value("${ldap.user.attributes.username:uid}") private String userAttributesUsername; - @Value("${ldap.user.attributes.email}") + @Value("${ldap.user.attributes.email:mail}") private String userAttributesEmail; - @Value("${ldap.group.search.base}") + @Value("${ldap.group.search.base:#{''}}") private String groupSearchBase; - @Value("${ldap.group.role.attribute}") + @Value("${ldap.group.role.attribute:cn}") private String groupRoleAttribute; - @Value("${ldap.group.search.filter}") + @Value("${ldap.group.search.filter:(uniqueMember={0})}") private String groupSearchFilter; private UserRepository userRepository; @@ -79,17 +81,19 @@ public void setGroupRepository(GroupRepository groupRepository) { public void configureLdapAuth(AuthenticationManagerBuilder auth, LdapAuthoritiesPopulator ldapAuthoritiesPopulator, @Qualifier("contextSource") BaseLdapPathContextSource contextSource) throws Exception { - logger.debug("LDAP IS HAPPENING!!!"); + if (providerUrl != null) { + logger.info("LDAP Module is loading..."); /* see this article : https://spring.io/guides/gs/authenticating-ldap/ We redefine our own LdapAuthoritiesPopulator which need ContextSource(). We need to delegate the creation of the contextSource out of the builder-configuration. */ - auth.ldapAuthentication().userDnPatterns(userDnPattern).groupSearchBase(groupSearchBase) - .groupRoleAttribute(groupRoleAttribute).groupSearchFilter(groupSearchFilter) - .rolePrefix("") - .ldapAuthoritiesPopulator(ldapAuthoritiesPopulator) - .contextSource(contextSource); + auth.ldapAuthentication().userDnPatterns(userDnPattern).groupSearchBase(groupSearchBase) + .groupRoleAttribute(groupRoleAttribute).groupSearchFilter(groupSearchFilter) + .rolePrefix("") + .ldapAuthoritiesPopulator(ldapAuthoritiesPopulator) + .contextSource(contextSource); + } } @Bean diff --git a/ldap/src/main/resources/application.properties.example b/ldap/src/main/resources/application.properties.example index d14e982e6..2039a4823 100644 --- a/ldap/src/main/resources/application.properties.example +++ b/ldap/src/main/resources/application.properties.example @@ -1,3 +1,4 @@ +ldap.enabled=false ldap.provider.base=ou=something,dc=openmbee,dc=org ldap.provider.url=ldaps://ldap.openmbee.org/${ldap.provider.base} ldap.provider.userdn=