0ct0pu5/kafka-ui
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

LDAP: add admin auth and search filter (#1403)

Browse source 
Co-authored-by: Roman Zabaluev <rzabaluev@provectus.com>
This commit is contained in:
aizerin 2022-01-28 13:33:27 +01:00 committed by GitHub
parent afca54d374
commit 2c6a197cb3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
docker/auth-ldap.yaml
View file

@ -29,6 +29,14 @@ services:
AUTH_TYPE: "LDAP" AUTH_TYPE: "LDAP"
SPRING_LDAP_URLS: "ldap://ldap:10389" SPRING_LDAP_URLS: "ldap://ldap:10389"
SPRING_LDAP_DN_PATTERN: "cn={0},ou=people,dc=planetexpress,dc=com" SPRING_LDAP_DN_PATTERN: "cn={0},ou=people,dc=planetexpress,dc=com"
# USER SEARCH FILTER INSTEAD OF DN
# SPRING_LDAP_USERFILTER_SEARCHBASE: "dc=planetexpress,dc=com"
# SPRING_LDAP_USERFILTER_SEARCHFILTER: "(&(uid={0})(objectClass=inetOrgPerson))"
# LDAP ADMIN USER
# SPRING_LDAP_ADMINUSER: "cn=admin,dc=planetexpress,dc=com"
# SPRING_LDAP_ADMINPASSWORD: "GoodNewsEveryone"
ldap: ldap:
image: rroemhild/test-openldap:latest image: rroemhild/test-openldap:latest

23
kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/auth/LdapSecurityConfig.java
View file

@ -16,6 +16,8 @@ import org.springframework.security.config.annotation.web.reactive.EnableWebFlux
import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.ldap.authentication.BindAuthenticator; import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider; import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.search.LdapUserSearch;
import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.SecurityWebFilterChain;
@Configuration @Configuration
@ -26,13 +28,28 @@ public class LdapSecurityConfig extends AbstractAuthSecurityConfig {
@Value("${spring.ldap.urls}") @Value("${spring.ldap.urls}")
private String ldapUrls; private String ldapUrls;
@Value("${spring.ldap.dn.pattern}") @Value("${spring.ldap.dn.pattern:#{null}}")
private String ldapUserDnPattern; private String ldapUserDnPattern;
@Value("${spring.ldap.adminUser:#{null}}")
private String adminUser;
@Value("${spring.ldap.adminPassword:#{null}}")
private String adminPassword;
@Value("${spring.ldap.userFilter.searchBase:#{null}}")
private String userFilterSearchBase;
@Value("${spring.ldap.userFilter.searchFilter:#{null}}")
private String userFilterSearchFilter;
@Bean @Bean
public ReactiveAuthenticationManager authenticationManager(BaseLdapPathContextSource contextSource) { public ReactiveAuthenticationManager authenticationManager(BaseLdapPathContextSource contextSource) {
BindAuthenticator ba = new BindAuthenticator(contextSource); BindAuthenticator ba = new BindAuthenticator(contextSource);
ba.setUserDnPatterns(new String[]{ldapUserDnPattern}); if (ldapUserDnPattern != null) {
ba.setUserDnPatterns(new String[]{ldapUserDnPattern});
}
if (userFilterSearchFilter != null) {
LdapUserSearch userSearch =
new FilterBasedLdapUserSearch(userFilterSearchBase, userFilterSearchFilter, contextSource);
ba.setUserSearch(userSearch);
}
LdapAuthenticationProvider lap = new LdapAuthenticationProvider(ba); LdapAuthenticationProvider lap = new LdapAuthenticationProvider(ba);
@ -45,6 +62,8 @@ public class LdapSecurityConfig extends AbstractAuthSecurityConfig {
public BaseLdapPathContextSource contextSource() { public BaseLdapPathContextSource contextSource() {
LdapContextSource ctx = new LdapContextSource(); LdapContextSource ctx = new LdapContextSource();
ctx.setUrl(ldapUrls); ctx.setUrl(ldapUrls);
ctx.setUserDn(adminUser);
ctx.setPassword(adminPassword);
ctx.afterPropertiesSet(); ctx.afterPropertiesSet();
return ctx; return ctx;
} }