String userDnFrom(final Credentials credentials, String baseDN) { return format("%s=%s,%s", ldapProperties.getRdnIdentifier(), credentials.getUsername(), baseDN); }
@Bean @ConditionalOnMissingBean(UserProvider.class) public UserProvider userProvider() { return () -> { final HttpServletRequest request = HttpServletRequestHolder.get(); final Optional<Credentials> credentials = Credentials.readFrom(request); final boolean isAdmin = true; // "admin".equals(username); return new SimpleFeatureUser((credentials.isPresent() ? credentials.get().getUsername() : null), isAdmin); }; }
private Optional<HttpServletRequest> tryToGetAuthenticatedRequest(final HttpServletRequest request, final Credentials credentials) { try (final LDAPConnection ldap = ldapConnectionFactory.buildLdapConnection()) { for (String baseDN : ldapProperties.getBaseDn()) { final String userDN = userDnFrom(credentials, baseDN); try { if (authenticate(ldap, userDN, credentials.getPassword())) { return ldapProperties.getRoleBaseDn() != null ? Optional.of(new LdapRoleCheckingRequest(request, ldap, userDN, ldapProperties)) : Optional.of(request); } } catch (LDAPBindException e) { LOG.debug("LDAPBindException for userDN: {}", userDN); } } LOG.warn("Could not bind to LDAP: {}", credentials.getUsername()); } catch (LDAPException | GeneralSecurityException e) { LOG.warn("Authentication error: ", e); } return Optional.empty(); }
@Test public void shouldReturnCorrectCredentialsIfPasswordContainsColons() { // given mockHttpServletRequestWithAuthentication("user:pass:word"); // when final Optional<Credentials> credentials = Credentials.readFrom(httpServletRequest); // then assertThat(credentials.isPresent(), is(true)); assertThat(credentials.get().getUsername(), is("user")); assertThat(credentials.get().getPassword(), is("pass:word")); } }
@Test public void shouldBeAbleToReadCredentialsFromRequest() { // given mockHttpServletRequestWithAuthentication("someUsername:somePassword"); // when final Optional<Credentials> credentials = Credentials.readFrom(httpServletRequest); // then assertThat(credentials.isPresent(), is(true)); assertThat(credentials.get().getUsername(), is("someUsername")); assertThat(credentials.get().getPassword(), is("somePassword")); }