From eb043664d05c2dc1f5235541e6128e37f4fad836 Mon Sep 17 00:00:00 2001 From: Jason Han Date: Tue, 30 Aug 2022 10:31:46 -0700 Subject: [PATCH 1/8] Add properties loading for authentication binding support. --- ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java | 1 + 1 file changed, 1 insertion(+) diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index 01bde33e6..1cf543bba 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -184,6 +184,7 @@ public Collection getGrantedAuthorities( public BaseLdapPathContextSource contextSource() { DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource( providerUrl); + contextSource.afterPropertiesSet(); contextSource.setUserDn(providerUserDn); contextSource.setPassword(providerPassword); return contextSource; From 43220b40be7bf9f3d73d8f126d98168a0b1bd50d Mon Sep 17 00:00:00 2001 From: Jason Han Date: Tue, 30 Aug 2022 14:49:53 -0700 Subject: [PATCH 2/8] Replace DefaultSpringSecurityContextSource with LdapContextSource --- .../mms/authenticator/config/AuthSecurityConfig.java | 3 +-- .../org/openmbee/mms/ldap/LdapSecurityConfig.java | 12 ++++++------ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/authenticator/src/main/java/org/openmbee/mms/authenticator/config/AuthSecurityConfig.java b/authenticator/src/main/java/org/openmbee/mms/authenticator/config/AuthSecurityConfig.java index b1a8b452f..627c649c7 100644 --- a/authenticator/src/main/java/org/openmbee/mms/authenticator/config/AuthSecurityConfig.java +++ b/authenticator/src/main/java/org/openmbee/mms/authenticator/config/AuthSecurityConfig.java @@ -19,8 +19,7 @@ public class AuthSecurityConfig { private static Logger logger = LoggerFactory.getLogger(AuthSecurityConfig.class); @Autowired - public void setAuthProvider(AuthenticationManagerBuilder auth, - JwtAuthenticationProvider provider) { + public void setAuthProvider(AuthenticationManagerBuilder auth, JwtAuthenticationProvider provider) { auth.authenticationProvider(provider); } diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index 1cf543bba..d8495fac8 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -20,12 +20,12 @@ import org.springframework.context.annotation.Configuration; import org.springframework.ldap.core.DirContextOperations; import org.springframework.ldap.core.support.BaseLdapPathContextSource; +import org.springframework.ldap.core.support.LdapContextSource; import org.springframework.ldap.filter.*; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.ldap.DefaultSpringSecurityContextSource; import org.springframework.security.ldap.SpringSecurityLdapTemplate; import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator; import org.springframework.transaction.annotation.EnableTransactionManagement; @@ -91,7 +91,7 @@ public void setGroupRepository(GroupRepository groupRepository) { @Autowired public void configureLdapAuth(AuthenticationManagerBuilder auth, - LdapAuthoritiesPopulator ldapAuthoritiesPopulator, @Qualifier("contextSource") BaseLdapPathContextSource contextSource) + LdapAuthoritiesPopulator ldapAuthoritiesPopulator, @Qualifier("contextSource") BaseLdapPathContextSource contextSource) throws Exception { if (providerUrl != null) { logger.info("LDAP Module is loading..."); @@ -181,10 +181,10 @@ public Collection getGrantedAuthorities( } @Bean - public BaseLdapPathContextSource contextSource() { - DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource( - providerUrl); - contextSource.afterPropertiesSet(); + public LdapContextSource contextSource() { + LdapContextSource contextSource = new LdapContextSource(); + contextSource.setUrl(providerUrl); + contextSource.setBase(providerBase); contextSource.setUserDn(providerUserDn); contextSource.setPassword(providerPassword); return contextSource; From a2d5be021a959ab680cbbf72de5dfaa5ae34f25f Mon Sep 17 00:00:00 2001 From: Jason Han Date: Tue, 30 Aug 2022 15:41:33 -0700 Subject: [PATCH 3/8] Adding debug logging to ease configuration woes. --- .../openmbee/mms/ldap/LdapSecurityConfig.java | 26 ++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index d8495fac8..0d2d57d21 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -117,7 +117,7 @@ LdapAuthoritiesPopulator ldapAuthoritiesPopulator(@Qualifier("contextSource") Ba */ class CustomLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator { - SpringSecurityLdapTemplate ldapTemplate; + final SpringSecurityLdapTemplate ldapTemplate; private CustomLdapAuthoritiesPopulator(BaseLdapPathContextSource ldapContextSource) { ldapTemplate = new SpringSecurityLdapTemplate(ldapContextSource); @@ -128,9 +128,9 @@ public Collection getGrantedAuthorities( DirContextOperations userData, String username) { Optional userOptional = userRepository.findByUsername(username); - if (!userOptional.isPresent()) { + if (userOptional.isEmpty()) { + logger.info("No user record for {} in the userRepository, creating...", userData.getDn()); User newUser = createLdapUser(userData); - userOptional = Optional.of(newUser); } @@ -154,6 +154,8 @@ public Collection getGrantedAuthorities( andFilter.and(groupsFilter); andFilter.and(orFilter); + logger.debug("Generated LDAP query filter for groups: " + andFilter); + Set memberGroups = ldapTemplate .searchForSingleAttributeValues("", andFilter.encode(), new Object[]{""}, groupRoleAttribute); @@ -163,6 +165,17 @@ public Collection getGrantedAuthorities( Optional group = groupRepository.findByName(memberGroup); group.ifPresent(addGroups::add); } + + if (logger.isDebugEnabled()) { + if ((long) addGroups.size() > 0) { + addGroups.forEach(group -> { + logger.debug("Group received: " + group.getName()); + }); + } else { + logger.debug("No configured groups returned from LDAP"); + } + } + user.setGroups(addGroups); userRepository.save(user); @@ -183,10 +196,17 @@ public Collection getGrantedAuthorities( @Bean public LdapContextSource contextSource() { LdapContextSource contextSource = new LdapContextSource(); + + logger.debug("Initializing LDAP ContextSource with the following values: "); + contextSource.setUrl(providerUrl); contextSource.setBase(providerBase); contextSource.setUserDn(providerUserDn); contextSource.setPassword(providerPassword); + + logger.debug("BaseLdapPath: " + contextSource.getBaseLdapPathAsString()); + logger.debug("UserDn: " + contextSource.getUserDn()); + return contextSource; } From 6146e527869f9d99651a7c0725d8ea74648d9e90 Mon Sep 17 00:00:00 2001 From: Jason Han Date: Tue, 30 Aug 2022 15:43:14 -0700 Subject: [PATCH 4/8] Remove ridiculous space --- .../src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index 0d2d57d21..a770f5d08 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -91,7 +91,7 @@ public void setGroupRepository(GroupRepository groupRepository) { @Autowired public void configureLdapAuth(AuthenticationManagerBuilder auth, - LdapAuthoritiesPopulator ldapAuthoritiesPopulator, @Qualifier("contextSource") BaseLdapPathContextSource contextSource) + LdapAuthoritiesPopulator ldapAuthoritiesPopulator, @Qualifier("contextSource") BaseLdapPathContextSource contextSource) throws Exception { if (providerUrl != null) { logger.info("LDAP Module is loading..."); From 9d51175dd9f6d35e1305179c49a72b764940f83a Mon Sep 17 00:00:00 2001 From: Jason Han Date: Tue, 30 Aug 2022 15:43:43 -0700 Subject: [PATCH 5/8] Clean unused import --- ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java | 1 - 1 file changed, 1 deletion(-) diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index a770f5d08..7b6f7a6be 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -5,7 +5,6 @@ import java.util.*; import org.openmbee.mms.core.config.AuthorizationConstants; -import org.openmbee.mms.data.domains.global.Base; import org.openmbee.mms.data.domains.global.Group; import org.openmbee.mms.rdb.repositories.GroupRepository; import org.openmbee.mms.rdb.repositories.UserRepository; From 04de2123edd1a1b833d1f1877b95c89ca7710866 Mon Sep 17 00:00:00 2001 From: Jason Han Date: Tue, 30 Aug 2022 15:47:05 -0700 Subject: [PATCH 6/8] Merge from develop --- .../src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index 3b90626b8..a060737a8 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -5,7 +5,6 @@ import java.util.*; import org.openmbee.mms.core.config.AuthorizationConstants; -import org.openmbee.mms.data.domains.global.Base; import org.openmbee.mms.data.domains.global.Group; import org.openmbee.mms.rdb.repositories.GroupRepository; import org.openmbee.mms.rdb.repositories.UserRepository; @@ -26,7 +25,6 @@ import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.ldap.DefaultSpringSecurityContextSource; import org.springframework.security.ldap.SpringSecurityLdapTemplate; import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator; import org.springframework.transaction.annotation.EnableTransactionManagement; From 6e3884fb03823c46010ca20c5ef868b2476c46d3 Mon Sep 17 00:00:00 2001 From: Jason Han Date: Tue, 30 Aug 2022 15:54:13 -0700 Subject: [PATCH 7/8] Updating examples for properties definitions --- example/src/main/resources/application.properties.example | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/example/src/main/resources/application.properties.example b/example/src/main/resources/application.properties.example index 8f49b45a1..128954249 100644 --- a/example/src/main/resources/application.properties.example +++ b/example/src/main/resources/application.properties.example @@ -12,18 +12,18 @@ jwt.expiration=86400 jwt.header=Authorization # See ldap module for example configuration -ldap.provider.base=ou=something,dc=openmbee,dc=org -ldap.provider.url=ldaps://ldap.openmbee.org/${ldap.provider.base} +ldap.provider.base=dc=directory,dc=openmbee,dc=org +ldap.provider.url=ldaps://ldap.openmbee.org ldap.provider.userdn= ldap.provider.password= -ldap.user.dn.pattern=uid={0} +ldap.user.dn.pattern=uid={0},ou=personnel ldap.user.attributes.username= ldap.user.attributes.email= ldap.user.attributes.firstname= ldap.user.attributes.lastname= ldap.user.attributes.update=24 ldap.group.role.attribute=cn -ldap.group.search.base= +ldap.group.search.base=ou=groups ldap.group.search.filter=uniqueMember={0} # See core module for example configuration From cef85cb7871f993045eb1313923e15011c710f3c Mon Sep 17 00:00:00 2001 From: Jason Han Date: Tue, 30 Aug 2022 15:55:25 -0700 Subject: [PATCH 8/8] Remove superfluous logging --- .../main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index a060737a8..8f0adc6f4 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -163,7 +163,6 @@ public Collection getGrantedAuthorities( String filter = andFilter.encode(); logger.debug("Searching LDAP with filter: {}", filter); - logger.debug("Generated LDAP query filter for groups: " + andFilter); Set memberGroups = ldapTemplate .searchForSingleAttributeValues(groupSearchBase, filter, new Object[]{""}, groupRoleAttribute); @@ -178,7 +177,7 @@ public Collection getGrantedAuthorities( if (logger.isDebugEnabled()) { if ((long) addGroups.size() > 0) { addGroups.forEach(group -> { - logger.debug("Group received: " + group.getName()); + logger.debug("Group received: {}", group.getName()); }); } else { logger.debug("No configured groups returned from LDAP");