Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add LDAP AuthenticationManager factory #10138

Merged
merged 2 commits into from
Jan 18, 2022
Merged

Add LDAP AuthenticationManager factory #10138

merged 2 commits into from
Jan 18, 2022

Conversation

eleftherias
Copy link
Contributor

@eleftherias eleftherias commented Jul 23, 2021
edited
Loading

This PR introduces a LdapBindAuthenticationManagerFactory, LdapPasswordComparisonAuthenticationManagerFactory and EmbeddedLdapServerContextSourceFactoryBean which can be used to create an AuthenticationManager that can perform LDAP authentication.

This is an example usage

@Bean
public EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() {
	EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean =
			EmbeddedLdapServerContextSourceFactoryBean.fromEmbeddedLdapServer();
	contextSourceFactoryBean.setPort(0);
	return contextSourceFactoryBean;
}

@Bean
AuthenticationManager authenticationManager(BaseLdapPathContextSource contextSource) {
	LdapBindAuthenticationManagerFactory factory = new LdapBindAuthenticationManagerFactory(contextSource);
	factory.setUserDnPatterns("uid={0},ou=people");
	factory.setUserDetailsContextMapper(new PersonContextMapper());
	return factory.createAuthenticationManager();
}

It is equivalent to the following configuration

@Bean
UnboundIdContainer ldapContainer() {
	UnboundIdContainer container = new UnboundIdContainer("dc=springframework,dc=org", "classpath:users.ldif");
	container.setPort(0);
	return container;
}

@Bean
ContextSource contextSource(UnboundIdContainer container) {
	int port = container.getPort();
	return new DefaultSpringSecurityContextSource("ldap://localhost:" + port + "/dc=springframework,dc=org");
}

@Bean
BindAuthenticator authenticator(BaseLdapPathContextSource contextSource) {
	BindAuthenticator authenticator = new BindAuthenticator(contextSource);
	authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
	return authenticator;
}

@Bean
LdapAuthenticationProvider authenticationProvider(LdapAuthenticator authenticator) {
	LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
	provider.setUserDetailsContextMapper(new PersonContextMapper());
	return provider;
}

Logs and reference documentation will be added in future commits.

@eleftherias eleftherias added in: config An issue in spring-security-config type: enhancement A general enhancement labels Jul 23, 2021
@eleftherias eleftherias mentioned this pull request Aug 11, 2021
Closed
@eleftherias eleftherias marked this pull request as ready for review September 16, 2021 17:28
rwinch
rwinch requested changes Oct 12, 2021
View reviewed changes
Copy link
Member

@rwinch rwinch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates. I've provided feedback inline.

ldap/src/main/java/org/springframework/security/ldap/server/EmbeddedLdapServerContainer.java Outdated Show resolved Hide resolved
eleftherias added a commit to eleftherias/spring-security that referenced this pull request Oct 13, 2021
@eleftherias
Add embedded LDAP container interface
3855ac8 
Issue spring-projectsgh-10138
eleftherias added a commit to eleftherias/spring-security that referenced this pull request Oct 13, 2021
@eleftherias
Add LDAP factory beans
e418a71 
Issue spring-projectsgh-10138
@eleftherias eleftherias changed the base branch from main to 5.7.x January 3, 2022 13:37
@eleftherias eleftherias requested a review from rwinch January 5, 2022 11:19
@eleftherias eleftherias changed the title Add LDAP AuthenticationManager factory bean Add LDAP AuthenticationManager factory Jan 5, 2022
@eleftherias
Copy link
Contributor Author

Updated example usage:

@Bean
public EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() {
	EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean =
			EmbeddedLdapServerContextSourceFactoryBean.fromEmbeddedLdapServer();
	contextSourceFactoryBean.setPort(0);
	return contextSourceFactoryBean;
}

@Bean
public AuthenticationManager authenticationManager(BaseLdapPathContextSource contextSource) {
	LdapAuthenticationManagerFactory factory = LdapAuthenticationManagerFactory
			.usingBindAuthentication(contextSource);
	factory.setUserDnPatterns("uid={0},ou=people");
	factory.setUserDetailsContextMapper(new PersonContextMapper());
	return factory.createAuthenticationManager();
}

rwinch
rwinch requested changes Jan 11, 2022
View reviewed changes
Copy link
Member

@rwinch rwinch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates. I've commented inline

...src/main/java/org/springframework/security/config/ldap/LdapAuthenticationManagerFactory.java Outdated Show resolved Hide resolved
...src/main/java/org/springframework/security/config/ldap/LdapAuthenticationManagerFactory.java Outdated Show resolved Hide resolved
@eleftherias eleftherias requested a review from rwinch January 14, 2022 12:28
rwinch
rwinch approved these changes Jan 14, 2022
View reviewed changes
Copy link
Member

@rwinch rwinch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! It looks good to me 👍

@eleftherias eleftherias self-assigned this Jan 18, 2022
@eleftherias
Copy link
Contributor Author

Updated example configuration:

@Bean
public EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() {
	EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean =
			EmbeddedLdapServerContextSourceFactoryBean.fromEmbeddedLdapServer();
	contextSourceFactoryBean.setPort(0);
	return contextSourceFactoryBean;
}

@Bean
AuthenticationManager authenticationManager(BaseLdapPathContextSource contextSource) {
	LdapBindAuthenticationManagerFactory factory = new LdapBindAuthenticationManagerFactory(contextSource);
	factory.setUserDnPatterns("uid={0},ou=people");
	factory.setUserDetailsContextMapper(new PersonContextMapper());
	return factory.createAuthenticationManager();
}

Note: the issue description has also been updated to the latest configuration.

@eleftherias eleftherias added this to the 5.7.0-M2 milestone Jan 18, 2022
@eleftherias eleftherias merged commit a537b63 into spring-projects:5.7.x Jan 18, 2022
@eleftherias eleftherias deleted the ldap-manager-bean branch January 18, 2022 14:11
eleftherias added a commit that referenced this pull request Jan 18, 2022
@eleftherias
Add embedded LDAP container interface
096a340 
Issue gh-10138
eleftherias added a commit that referenced this pull request Jan 18, 2022
@eleftherias
Add embedded LDAP container interface
2894ed3 
Issue gh-10138
eleftherias added a commit that referenced this pull request Jan 18, 2022
@eleftherias
Add LDAP factory beans
6b56071 
Issue gh-10138
@eleftherias eleftherias mentioned this pull request Jan 28, 2022
Closed
@eleftherias eleftherias mentioned this pull request Feb 10, 2022
Closed
This was referenced Jan 23, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rwinch rwinch rwinch approved these changes

Assignees

@eleftherias eleftherias

Labels
in: config An issue in spring-security-config type: enhancement A general enhancement
Projects
None yet
Milestone
5.7.0-M2
Development

Successfully merging this pull request may close these issues.
2 participants
@eleftherias @rwinch