diff --git a/conf/logback.xml b/conf/logback.xml
index c6b6017..c3c1afd 100644
--- a/conf/logback.xml
+++ b/conf/logback.xml
@@ -19,6 +19,7 @@
%-5level %d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %logger{36} - %msg%n
+
diff --git a/conf/springboot.yml b/conf/springboot.yml
index b8b829d..d51ff11 100644
--- a/conf/springboot.yml
+++ b/conf/springboot.yml
@@ -16,4 +16,4 @@ spring:
app:
queue-name: "UserServiceQueue"
- user-search-base: ou=users
+
diff --git a/misc/ldapdb.ldif b/misc/ldapdb.ldif
index 382d93c..95c4073 100644
--- a/misc/ldapdb.ldif
+++ b/misc/ldapdb.ldif
@@ -15,7 +15,7 @@ dn: cn=backend,ou=groups,dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: backend
-member: cn=cxfrs,ou=users,dc=example,dc=com
+member: uid=cxfrs,ou=users,dc=example,dc=com
dn: ou=groups,dc=example,dc=com
objectclass: organizationalUnit
@@ -31,7 +31,7 @@ dn: cn=server,ou=groups,dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: server
-member: cn=cxfrs,ou=users,dc=example,dc=com
+member: uid=cxfrs,ou=users,dc=example,dc=com
dn: dc=example,dc=com
objectclass: domain
diff --git a/src/main/java/com/example/camel/SecurityConfig.java b/src/main/java/com/example/camel/SecurityConfig.java
index c8af130..3cb87d5 100644
--- a/src/main/java/com/example/camel/SecurityConfig.java
+++ b/src/main/java/com/example/camel/SecurityConfig.java
@@ -3,6 +3,7 @@ package com.example.camel;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
@@ -17,13 +18,16 @@ import com.fasterxml.jackson.jakarta.rs.json.JacksonJsonProvider;
@Configuration
public class SecurityConfig {
+ public static final String ROLE_BACKEND = "ROLE_BACKEND";
+ public static final String ROLE_SERVER = "ROLE_SERVER";
+
@Value("${app.group-search-base:ou=groups}")
private String groupSearchBase;
@Value("${app.group-search-filter:(member={0})}")
private String groupSearchFilter;
- @Value("${app.user-search-base:ou=people}")
+ @Value("${app.user-search-base:ou=users}")
private String userSearchBase;
@Value("${app.user-search-filter:(uid={0})}")
@@ -31,9 +35,10 @@ public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
- http.authorizeHttpRequests((authorize) -> authorize.anyRequest().fullyAuthenticated())
+ http.authorizeHttpRequests(
+ (authorize) -> authorize.requestMatchers(HttpMethod.GET, "/**").hasAuthority(ROLE_BACKEND)
+ .requestMatchers(HttpMethod.POST, "/**").hasAuthority(ROLE_SERVER))
.httpBasic(Customizer.withDefaults());
-
return http.build();
}
@@ -51,6 +56,7 @@ public class SecurityConfig {
LdapBindAuthenticationManagerFactory factory = new LdapBindAuthenticationManagerFactory(contextSource);
factory.setUserSearchBase(userSearchBase);
factory.setUserSearchFilter(userSearchFilter);
+ factory.setLdapAuthoritiesPopulator(authorities);
return factory.createAuthenticationManager();
}