@Bean public SecurityStateBean securityStateBean() { return new SecurityStateBean(); }
/** * Helper class that will return all role names as a string array. * * @return Never null */ public static String[] getAllRolesAsStringArray() { return Arrays.stream(CoreSecurityRoles.values()).map(CoreSecurityRoles::getKey) .toArray(size -> new String[size]); }
ldapConfigurer.rolePrefix(rolePrefix); if (this.ldapSecurityProperties.getRoleMappings() != null && !this.ldapSecurityProperties.getRoleMappings().isEmpty()) { final LdapAuthorityMapper ldapAuthorityMapper = new LdapAuthorityMapper(ldapSecurityProperties.getRoleMappings()); ldapAuthorityMapper.setRolePrefix(rolePrefix); ldapConfigurer.authoritiesMapper(ldapAuthorityMapper); ldapConfigurer.contextSource().url(ldapSecurityProperties.getUrl().toString()) .managerDn(ldapSecurityProperties.getManagerDn()) .managerPassword(ldapSecurityProperties.getManagerPassword()); if (!StringUtils.isEmpty(ldapSecurityProperties.getUserDnPattern())) { ldapConfigurer.userDnPatterns(ldapSecurityProperties.getUserDnPattern()); if (!StringUtils.isEmpty(ldapSecurityProperties.getUserSearchFilter())) { ldapConfigurer.userSearchBase(ldapSecurityProperties.getUserSearchBase()) .userSearchFilter(ldapSecurityProperties.getUserSearchFilter()); if (!StringUtils.isEmpty(ldapSecurityProperties.getGroupSearchFilter())) { ldapConfigurer.groupSearchBase(ldapSecurityProperties.getGroupSearchBase()) .groupSearchFilter(ldapSecurityProperties.getGroupSearchFilter()) .groupRoleAttribute(ldapSecurityProperties.getGroupRoleAttribute());
.authenticated(); security = SecurityConfigUtils.configureSimpleSecurity(security, this.authorizationProperties); security.anyRequest().denyAll(); new LoginUrlAuthenticationEntryPoint(this.authorizationProperties.getLoginProcessingUrl()), AnyRequestMatcher.INSTANCE); this.securityStateBean.setAuthenticationEnabled(true);
@Override public boolean isValid(Object value, ConstraintValidatorContext context) { if (!(value instanceof LdapSecurityProperties)) { throw new IllegalArgumentException("@LdapSecurityPropertiesValid only applies to LdapSecurityProperties"); } final LdapSecurityProperties ldapSecurityProperties = (LdapSecurityProperties) value; if (!ldapSecurityProperties.isEnabled()) { return true; } boolean isValid = true; if (!(StringUtils.isEmpty(ldapSecurityProperties.getUserDnPattern()) ^ StringUtils.isEmpty(ldapSecurityProperties.getUserSearchFilter()))) { context.buildConstraintViolationWithTemplate( "Exactly one of 'userDnPattern' or 'userSearch' must be provided").addConstraintViolation(); isValid = false; } return isValid; }
private Set<SimpleGrantedAuthority> mapAuthority(final GrantedAuthority ldapRoleAuthority) { final Set<SimpleGrantedAuthority> authorities = roleMappings.entrySet().stream() .filter(roleMapEntry -> ldapRoleAuthority.getAuthority().equalsIgnoreCase(roleMapEntry.getValue().getAuthority())) .map(roleMapEntry -> new SimpleGrantedAuthority(this.rolePrefix + roleMapEntry.getKey().getKey())).collect(Collectors.toSet()); return authorities; }
@Bean protected UserInfoTokenServices tokenServices() { final UserInfoTokenServices tokenServices = new UserInfoTokenServices(resourceServerProperties.getUserInfoUri(), authorizationCodeResourceDetails.getClientId()); tokenServices.setRestTemplate(oAuth2RestTemplate()); final AuthoritiesExtractor authoritiesExtractor; if (StringUtils.isEmpty(authorizationProperties.getExternalAuthoritiesUrl())) { authoritiesExtractor = new DefaultAuthoritiesExtractor(); } else { authoritiesExtractor = new ExternalOauth2ResourceAuthoritiesExtractor( oAuth2RestTemplate(), URI.create(authorizationProperties.getExternalAuthoritiesUrl())); } tokenServices.setAuthoritiesExtractor(authoritiesExtractor); return tokenServices; }
@Override public String getCurrentAuditor() { final boolean authenticationEnabled = securityStateBean.isAuthenticationEnabled(); if (authenticationEnabled && SecurityContextHolder.getContext() != null) { final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (!(authentication instanceof AnonymousAuthenticationToken)) { return authentication.getName(); } } return null; } }
@Bean @ConditionalOnProperty(name = "spring.cloud.dataflow.security.authentication.ldap.enabled", havingValue = "true") @ConfigurationProperties(prefix = "spring.cloud.dataflow.security.authentication.ldap") public LdapSecurityProperties ldapSecurityProperties() { return new LdapSecurityProperties(); }
@Bean @ConditionalOnProperty(name = "spring.cloud.dataflow.security.authentication.file.enabled", havingValue = "true") @ConfigurationProperties(prefix = "spring.cloud.dataflow.security.authentication.file") public FileSecurityProperties fileSecurityProperties() { return new FileSecurityProperties(); }
@Override public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) { final Set<GrantedAuthority> authoritiesToReturn = authorities.stream() .map(authority -> mapAuthority(authority)) .flatMap(Collection::stream) .filter(authority -> authority != null) .collect(Collectors.toSet()); return authoritiesToReturn; }
@LdapSecurityPropertiesValid public class LdapSecurityProperties {
/** * Initializes the {@link AuthenticationManagerBuilder}. Creates an * {@link InMemoryUserDetailsManager} with the provided users. Users must contain at * least 1 user. * * @throws IllegalArgumentException if users is empty. */ @Override public void init(AuthenticationManagerBuilder auth) throws Exception { Assert.notEmpty(this.fileSecurityProperties.getUsers(), String.format("No user specified. Please specify at least 1 user for the file based authentication.")); final InMemoryUserDetailsManager inMemory = new InMemoryUserDetailsManager( this.fileSecurityProperties.getUsers()); auth.userDetailsService(inMemory); }
/** * The returned {@link List} of {@link GrantedAuthority}s contains all roles from * {@link CoreSecurityRoles}. The roles are prefixed with the value specified in * {@link GrantedAuthorityDefaults}. * * * @param map Must not be null. Is only used for logging */ @Override public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) { Assert.notNull(map, "The map argument must not be null."); final List<String> rolesAsStrings = new ArrayList<>(); final List<GrantedAuthority> grantedAuthorities = Stream.of(CoreSecurityRoles.values()) .map(roleEnum -> { final String roleName = SecurityConfigUtils.ROLE_PREFIX + roleEnum.getKey(); rolesAsStrings.add(roleName); return new SimpleGrantedAuthority(roleName); }) .collect(Collectors.toList()); logger.info("Adding ALL roles {} to user {}", StringUtils.collectionToCommaDelimitedString(rolesAsStrings), map); return grantedAuthorities; } }
@Bean public SecurityStateBean securityStateBean() { return new SecurityStateBean(); }
@Override public Optional<String> getCurrentAuditor() { final boolean authenticationEnabled = securityStateBean.isAuthenticationEnabled(); if (authenticationEnabled && SecurityContextHolder.getContext() != null) { final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (!(authentication instanceof AnonymousAuthenticationToken)) { return Optional.of(authentication.getName()); } } return Optional.ofNullable(null); } }
@Bean public SecurityStateBean securityStateBean() { return new SecurityStateBean(); }
/** * Return security information. E.g. is security enabled? Which user do you represent? * * @return the security info */ @ResponseBody @RequestMapping(method = RequestMethod.GET) @ResponseStatus(HttpStatus.OK) public SecurityInfoResource getSecurityInfo() { final boolean authenticationEnabled = securityStateBean.isAuthenticationEnabled(); final SecurityInfoResource securityInfo = new SecurityInfoResource(); securityInfo.setAuthenticationEnabled(authenticationEnabled); securityInfo.add(ControllerLinkBuilder.linkTo(SecurityController.class).withSelfRel()); if (authenticationEnabled && SecurityContextHolder.getContext() != null) { final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (!(authentication instanceof AnonymousAuthenticationToken)) { securityInfo.setAuthenticated(authentication.isAuthenticated()); securityInfo.setUsername(authentication.getName()); for (Object authority : authentication.getAuthorities()) { final GrantedAuthority grantedAuthority = (GrantedAuthority) authority; securityInfo.addRole(grantedAuthority.getAuthority()); } } } return securityInfo; }
@Bean public SecurityStateBean securityStateBean() { return new SecurityStateBean(); }