From 3756949ffc9deb997f6e4244db330b75a91b42a6 Mon Sep 17 00:00:00 2001 From: Jason Han Date: Wed, 10 Feb 2021 11:51:48 -0800 Subject: [PATCH 1/4] Add default values --- .../openmbee/mms/ldap/LdapSecurityConfig.java | 34 ++++++++++--------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index 2577d970a..77e0a2033 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -32,34 +32,34 @@ public class LdapSecurityConfig { private static Logger logger = LoggerFactory.getLogger(LdapSecurityConfig.class); - @Value("${ldap.provider.url}") + @Value("${ldap.provider.url:null}") private String providerUrl; - @Value("${ldap.provider.userdn}") + @Value("${ldap.provider.userdn:null}") private String providerUserDn; - @Value("${ldap.provider.password}") + @Value("${ldap.provider.password:null}") private String providerPassword; - @Value("${ldap.provider.base}") + @Value("${ldap.provider.base:null}") private String providerBase; - @Value("${ldap.user.dn.pattern}") + @Value("${ldap.user.dn.pattern:null}") private String userDnPattern; - @Value("${ldap.user.attributes.username}") + @Value("${ldap.user.attributes.username:null}") private String userAttributesUsername; - @Value("${ldap.user.attributes.email}") + @Value("${ldap.user.attributes.email:null}") private String userAttributesEmail; - @Value("${ldap.group.search.base}") + @Value("${ldap.group.search.base:null}") private String groupSearchBase; - @Value("${ldap.group.role.attribute}") + @Value("${ldap.group.role.attribute:null}") private String groupRoleAttribute; - @Value("${ldap.group.search.filter}") + @Value("${ldap.group.search.filter:null}") private String groupSearchFilter; private UserRepository userRepository; @@ -79,17 +79,19 @@ public void setGroupRepository(GroupRepository groupRepository) { public void configureLdapAuth(AuthenticationManagerBuilder auth, LdapAuthoritiesPopulator ldapAuthoritiesPopulator, @Qualifier("contextSource") BaseLdapPathContextSource contextSource) throws Exception { - logger.debug("LDAP IS HAPPENING!!!"); + if (providerUrl != null) { + logger.debug("LDAP Module is loading..."); /* see this article : https://spring.io/guides/gs/authenticating-ldap/ We redefine our own LdapAuthoritiesPopulator which need ContextSource(). We need to delegate the creation of the contextSource out of the builder-configuration. */ - auth.ldapAuthentication().userDnPatterns(userDnPattern).groupSearchBase(groupSearchBase) - .groupRoleAttribute(groupRoleAttribute).groupSearchFilter(groupSearchFilter) - .rolePrefix("") - .ldapAuthoritiesPopulator(ldapAuthoritiesPopulator) - .contextSource(contextSource); + auth.ldapAuthentication().userDnPatterns(userDnPattern).groupSearchBase(groupSearchBase) + .groupRoleAttribute(groupRoleAttribute).groupSearchFilter(groupSearchFilter) + .rolePrefix("") + .ldapAuthoritiesPopulator(ldapAuthoritiesPopulator) + .contextSource(contextSource); + } } @Bean From 5ebd2f334c85f171148979318e88245f9d803aa3 Mon Sep 17 00:00:00 2001 From: "Lam, Doris T (319E)" Date: Wed, 10 Feb 2021 14:04:39 -0800 Subject: [PATCH 2/4] conditional ldap config, fix default values --- .../openmbee/mms/ldap/LdapSecurityConfig.java | 24 ++++++++++--------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index 77e0a2033..a2ba666ea 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -12,6 +12,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.ldap.core.DirContextOperations; @@ -27,39 +28,40 @@ import org.springframework.transaction.annotation.EnableTransactionManagement; @Configuration +@ConditionalOnProperty(prefix = "ldap.provider", name = "url") @EnableTransactionManagement public class LdapSecurityConfig { private static Logger logger = LoggerFactory.getLogger(LdapSecurityConfig.class); - @Value("${ldap.provider.url:null}") + @Value("${ldap.provider.url:#{null}}") private String providerUrl; - @Value("${ldap.provider.userdn:null}") + @Value("${ldap.provider.userdn:#{null}}") private String providerUserDn; - @Value("${ldap.provider.password:null}") + @Value("${ldap.provider.password:#{null}}") private String providerPassword; - @Value("${ldap.provider.base:null}") + @Value("${ldap.provider.base:#{null}") private String providerBase; - @Value("${ldap.user.dn.pattern:null}") + @Value("${ldap.user.dn.pattern:uid={0}}") private String userDnPattern; - @Value("${ldap.user.attributes.username:null}") + @Value("${ldap.user.attributes.username:uid}") private String userAttributesUsername; - @Value("${ldap.user.attributes.email:null}") + @Value("${ldap.user.attributes.email:mail}") private String userAttributesEmail; - @Value("${ldap.group.search.base:null}") + @Value("${ldap.group.search.base:#{''}}") private String groupSearchBase; - @Value("${ldap.group.role.attribute:null}") + @Value("${ldap.group.role.attribute:cn}") private String groupRoleAttribute; - @Value("${ldap.group.search.filter:null}") + @Value("${ldap.group.search.filter:(uniqueMember={0})}") private String groupSearchFilter; private UserRepository userRepository; @@ -80,7 +82,7 @@ public void configureLdapAuth(AuthenticationManagerBuilder auth, LdapAuthoritiesPopulator ldapAuthoritiesPopulator, @Qualifier("contextSource") BaseLdapPathContextSource contextSource) throws Exception { if (providerUrl != null) { - logger.debug("LDAP Module is loading..."); + logger.info("LDAP Module is loading..."); /* see this article : https://spring.io/guides/gs/authenticating-ldap/ We redefine our own LdapAuthoritiesPopulator which need ContextSource(). From b11f7f8743421d2bff54ff4cb61fef36829ed3f9 Mon Sep 17 00:00:00 2001 From: Jason Han Date: Wed, 10 Feb 2021 14:18:57 -0800 Subject: [PATCH 3/4] Add spring condition and add ldap back to example --- example/example.gradle | 1 + .../java/org/openmbee/mms/ldap/LdapCondition.java | 14 ++++++++++++++ .../org/openmbee/mms/ldap/LdapSecurityConfig.java | 4 ++-- 3 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 ldap/src/main/java/org/openmbee/mms/ldap/LdapCondition.java diff --git a/example/example.gradle b/example/example.gradle index 81516715d..eecde357c 100644 --- a/example/example.gradle +++ b/example/example.gradle @@ -17,6 +17,7 @@ dependencies { implementation( project(':authenticator'), project(':localuser'), + project(':ldap'), project(':cameo'), project(':elastic'), project(':jupyter'), diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapCondition.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapCondition.java new file mode 100644 index 000000000..3258c3cdc --- /dev/null +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapCondition.java @@ -0,0 +1,14 @@ +package org.openmbee.mms.ldap; + +import org.springframework.context.annotation.Condition; +import org.springframework.context.annotation.ConditionContext; +import org.springframework.core.env.Environment; +import org.springframework.core.type.AnnotatedTypeMetadata; + +public class LdapCondition implements Condition { + @Override + public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) { + Environment env = context.getEnvironment(); + return "true".equals(env.getProperty("ldap.provider.url")); + } +} \ No newline at end of file diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index a2ba666ea..ec6fe7013 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -12,8 +12,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Conditional; import org.springframework.context.annotation.Configuration; import org.springframework.ldap.core.DirContextOperations; import org.springframework.ldap.core.support.BaseLdapPathContextSource; @@ -28,7 +28,7 @@ import org.springframework.transaction.annotation.EnableTransactionManagement; @Configuration -@ConditionalOnProperty(prefix = "ldap.provider", name = "url") +@Conditional(LdapCondition.class) @EnableTransactionManagement public class LdapSecurityConfig { From 3e8c780ffb7673d6fde28624868aa4700f1482b6 Mon Sep 17 00:00:00 2001 From: Jason Han Date: Wed, 10 Feb 2021 14:23:34 -0800 Subject: [PATCH 4/4] Use ldap.enabled --- example/src/main/resources/application-test.properties | 1 + ldap/src/main/java/org/openmbee/mms/ldap/LdapCondition.java | 2 +- ldap/src/main/resources/application.properties.example | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/example/src/main/resources/application-test.properties b/example/src/main/resources/application-test.properties index 6d2cd5455..8ef8e22f6 100644 --- a/example/src/main/resources/application-test.properties +++ b/example/src/main/resources/application-test.properties @@ -11,6 +11,7 @@ jwt.header=Authorization rdb.project.prefix=mms # See ldap module for example configuration +ldap.enabled=false ldap.provider.base=ou=something,dc=openmbee,dc=org ldap.provider.url=ldaps://ldap.openmbee.org/${ldap.provider.base} ldap.provider.userdn= diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapCondition.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapCondition.java index 3258c3cdc..9bb98618d 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapCondition.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapCondition.java @@ -9,6 +9,6 @@ public class LdapCondition implements Condition { @Override public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) { Environment env = context.getEnvironment(); - return "true".equals(env.getProperty("ldap.provider.url")); + return "true".equals(env.getProperty("ldap.enabled")); } } \ No newline at end of file diff --git a/ldap/src/main/resources/application.properties.example b/ldap/src/main/resources/application.properties.example index d14e982e6..2039a4823 100644 --- a/ldap/src/main/resources/application.properties.example +++ b/ldap/src/main/resources/application.properties.example @@ -1,3 +1,4 @@ +ldap.enabled=false ldap.provider.base=ou=something,dc=openmbee,dc=org ldap.provider.url=ldaps://ldap.openmbee.org/${ldap.provider.base} ldap.provider.userdn=