diff --git a/README.md b/README.md
index a8a3850..f74f210 100644
--- a/README.md
+++ b/README.md
@@ -22,12 +22,41 @@ The requests are sent in HTTPS format and to provide this the project has a self
server.ssl.key-alias=tomcat
##### Authentication
-The q-REST service uses basic authentication and is using a single username and password which are configured in the `application.properties` file:
+The q-REST service offers both basic and LDAP authentication modes, configurable within the `application.properties` file.
+
+ ###### Basic authentication
+
+Basic authentication is set as the default authentication mode:
+
+ authentication.type=basic
+
+Basic authentication uses a single username and password, configured in the `application.properties` file:
basic.authentication.user=user
basic.authentication.password=pass
+
+ ######LDAP authentication
+
+LDAP authentication can be implemented by changing the configuration of the `authentication.type` property to `LDAP`:
+
+ authentication.type=LDAP
+
+LDAP properties are currently configured to use an online LDAP test server, which can be found at: https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/ .
+
+LDAP authentication process requires both a username and a password.
+
+Configuration details of properties for LDAP authentication are found within the `application.properties` file:
+
+ security.ldap.url=ldap://ldap.forumsys.com:389/dc=example,dc=com
+ managerDn=cn=read-only-admin,dc=example,dc=com
+ managerPassword=password
+ groupSearchFilter=uniqueMember={0}
+ userSearchFilter=uid={0}
+ userDnPatterns=uid={0}
+
+For both authentication types, the username and password should be provided within the header of the request, encoded in Base64.
-These value are provided within the header of the request, it is strongly recommended to invoke your own security if you use the project.
+It is strongly recommended that you invoke your own security if you use the project.
## EndPoints
diff --git a/pom.xml b/pom.xml
index 5004623..1860e10 100644
--- a/pom.xml
+++ b/pom.xml
@@ -119,12 +119,23 @@
springfox-swagger2
2.4.0
-
io.springfox
springfox-swagger-ui
2.4.0
+
+ org.springframework.ldap
+ spring-ldap-core
+
+
+ org.springframework.security
+ spring-security-ldap
+
+
+ com.unboundid
+ unboundid-ldapsdk
+
diff --git a/src/main/java/uk/co/aquaq/kdb/security/SecurityConfiguration.java b/src/main/java/uk/co/aquaq/kdb/security/SecurityConfiguration.java
index 70456a9..33176ae 100644
--- a/src/main/java/uk/co/aquaq/kdb/security/SecurityConfiguration.java
+++ b/src/main/java/uk/co/aquaq/kdb/security/SecurityConfiguration.java
@@ -3,43 +3,81 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
-import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.servlet.config.annotation.*;
+import java.util.Base64;
@Configuration
@EnableWebSecurity
@EnableWebMvc
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
-
- @Autowired
- private AuthenticationEntryPoint authEntryPoint;
+ @Value("${security.ldap.url}")
+ private String url;
+ @Value("${managerDn}")
+ private String managerDn;
+ @Value("${managerPassword}")
+ private String managerPassword;
+ @Value("${groupSearchFilter}")
+ private String groupSearchFilter;
+ @Value("${userDnPatterns}")
+ private String userDnPatterns;
+ @Value("${userSearchBase}")
+ private String userSearchBase;
+ @Value("${userSearchFilter}")
+ private String userSearchFilter;
@Value("${basic.authentication.user}")
- String user;
+ private String basicAuthUsername;
@Value("${basic.authentication.password}")
- String password;
-
- @Autowired
- public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
- auth.inMemoryAuthentication()
- .withUser(user).password(password).authorities("ROLE_USER");
- }
+ private String basicAuthPassword;
+ @Value("${authentication.type}")
+ private String authType;
+ @Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
- .anyRequest().authenticated()
+ .anyRequest().fullyAuthenticated()
+ .and()
+ .formLogin()
.and()
.httpBasic().and().cors().configurationSource(request -> new CorsConfiguration().applyPermitDefaultValues());
+ }
+ @Override
+ public void configure(AuthenticationManagerBuilder auth) throws Exception {
+ switch(authType.trim().toUpperCase()) {
+ case "LDAP":
+ configureLdapAuth(auth);
+ break;
+ default:
+ configureBasicAuth(auth);
+ break;
+ }
}
+ private void configureBasicAuth(AuthenticationManagerBuilder auth) throws Exception {
+ auth.inMemoryAuthentication()
+ .withUser(basicAuthUsername).password(basicAuthPassword).authorities("ROLE_USER");
+ }
+ private void configureLdapAuth(AuthenticationManagerBuilder auth) throws Exception {
+ auth
+ .ldapAuthentication()
+ .userDnPatterns(userDnPatterns)
+ .userSearchFilter(userSearchFilter)
+ .userSearchBase("")
+ .groupSearchFilter(groupSearchFilter)
+ .contextSource()
+ .url(url)
+ .managerDn(managerDn)
+ .managerPassword(managerPassword);
+ }
}
\ No newline at end of file
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 1f039fe..f085e4b 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -11,11 +11,14 @@ server.ssl.key-store-password=aquaq2018
server.ssl.key-alias=tomcat
kdb.host=localhost
-kdb.port=1234
+kdb.port=
kdb.username=
kdb.password=
gateway.function={[request;properties] @[value;`.aqrest.execute;{[e;request;properties] @[neg .z.w;`status`result!@[{(1b;value x)};request;{(0b;"error: ",x)}]]}] . (request;properties)}
+#To choose LDAP authentication, set value to LDAP. Default set to basic authentication
+authentication.type=basic
+
server.port=8090
freeform.query.mode.enabled=false
basic.authentication.user=user
@@ -23,4 +26,9 @@ basic.authentication.password=pass
springfox.documentation.swagger.v2.path=/kdb-rest-service-documentation
-
+security.ldap.url=ldap://ldap.forumsys.com:389/dc=example,dc=com
+managerDn=cn=read-only-admin,dc=example,dc=com
+managerPassword=password
+groupSearchFilter=uniqueMember={0}
+userSearchFilter=uid={0}
+userDnPatterns=uid={0}
\ No newline at end of file
diff --git a/target/q-REST-1.1-SNAPSHOT.jar b/target/q-REST-1.1-SNAPSHOT.jar
new file mode 100644
index 0000000..b5154e8
Binary files /dev/null and b/target/q-REST-1.1-SNAPSHOT.jar differ