diff --git a/publish-common/pom.xml b/publish-common/pom.xml index 11d11f9c..822c2362 100644 --- a/publish-common/pom.xml +++ b/publish-common/pom.xml @@ -62,6 +62,11 @@ spring-security-ldap compile + + org.springframework.ldap + spring-ldap-core + 2.3.8.RELEASE + io.springfox springfox-swagger2 diff --git a/publish-service/src/main/java/com/ericsson/eiffel/remrem/publish/config/SecurityConfig.java b/publish-service/src/main/java/com/ericsson/eiffel/remrem/publish/config/SecurityConfig.java index ab4fe376..f4449935 100644 --- a/publish-service/src/main/java/com/ericsson/eiffel/remrem/publish/config/SecurityConfig.java +++ b/publish-service/src/main/java/com/ericsson/eiffel/remrem/publish/config/SecurityConfig.java @@ -21,14 +21,20 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; -import org.springframework.ldap.core.support.BaseLdapPathContextSource; import org.springframework.ldap.core.support.LdapContextSource; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.ldap.authentication.BindAuthenticator; +import org.springframework.security.ldap.authentication.LdapAuthenticationProvider; +import org.springframework.security.ldap.authentication.LdapAuthenticator; +import org.springframework.security.ldap.search.FilterBasedLdapUserSearch; +import org.springframework.ldap.pool.validation.DefaultDirContextValidator; +import org.springframework.ldap.core.ContextSource; /** * This class is used to enable the ldap authentication based on property @@ -74,20 +80,33 @@ public Integer getTimeOut() { @Autowired private CustomAuthenticationEntryPoint customAuthenticationEntryPoint; - @Autowired - protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { + @Override + public void configure(AuthenticationManagerBuilder auth) throws Exception { final String jasyptKey = RabbitMqPropertiesConfig.readJasyptKeyFile(jasyptKeyFilePath); if (managerPassword.startsWith("{ENC(") && managerPassword.endsWith("}")) { managerPassword = DecryptionUtils.decryptString( managerPassword.substring(1, managerPassword.length() - 1), jasyptKey); } LOGGER.debug("LDAP server url: " + ldapUrl); - auth.ldapAuthentication() - .userSearchFilter(userSearchFilter) - .contextSource(ldapContextSource()); + + // Initialize and configure the LdapContextSource + LdapContextSource contextSource = ldapContextSource(); + + // Configure BindAuthenticator with the context source and user search filter + BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource); + bindAuthenticator.setUserSearch(new FilterBasedLdapUserSearch( + "", // Empty base indicates search starts at root DN provided in contextSource + userSearchFilter, + contextSource)); + + // Setup LdapAuthenticationProvider + LdapAuthenticationProvider ldapAuthProvider = new LdapAuthenticationProvider(bindAuthenticator); + + // Configure the authentication provider + auth.authenticationProvider(ldapAuthProvider); } - public BaseLdapPathContextSource ldapContextSource() { + public LdapContextSource ldapContextSource() { LdapContextSource ldap = new LdapContextSource(); ldap.setUrl(ldapUrl); ldap.setBase(rootDn);