From 00222c595a7a128f49701cc4d214d56a92fb1c81 Mon Sep 17 00:00:00 2001 From: Yan Date: Sat, 8 Feb 2025 22:32:36 +0800 Subject: [PATCH] Authorization fix - roles were not fetch correctly --- conf/logback.xml | 1 + conf/springboot.yml | 2 +- misc/ldapdb.ldif | 4 ++-- src/main/java/com/example/camel/SecurityConfig.java | 12 +++++++++--- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/conf/logback.xml b/conf/logback.xml index c6b6017..c3c1afd 100644 --- a/conf/logback.xml +++ b/conf/logback.xml @@ -19,6 +19,7 @@ %-5level %d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %logger{36} - %msg%n + diff --git a/conf/springboot.yml b/conf/springboot.yml index b8b829d..d51ff11 100644 --- a/conf/springboot.yml +++ b/conf/springboot.yml @@ -16,4 +16,4 @@ spring: app: queue-name: "UserServiceQueue" - user-search-base: ou=users + diff --git a/misc/ldapdb.ldif b/misc/ldapdb.ldif index 382d93c..95c4073 100644 --- a/misc/ldapdb.ldif +++ b/misc/ldapdb.ldif @@ -15,7 +15,7 @@ dn: cn=backend,ou=groups,dc=example,dc=com objectClass: groupOfNames objectClass: top cn: backend -member: cn=cxfrs,ou=users,dc=example,dc=com +member: uid=cxfrs,ou=users,dc=example,dc=com dn: ou=groups,dc=example,dc=com objectclass: organizationalUnit @@ -31,7 +31,7 @@ dn: cn=server,ou=groups,dc=example,dc=com objectClass: groupOfNames objectClass: top cn: server -member: cn=cxfrs,ou=users,dc=example,dc=com +member: uid=cxfrs,ou=users,dc=example,dc=com dn: dc=example,dc=com objectclass: domain diff --git a/src/main/java/com/example/camel/SecurityConfig.java b/src/main/java/com/example/camel/SecurityConfig.java index c8af130..3cb87d5 100644 --- a/src/main/java/com/example/camel/SecurityConfig.java +++ b/src/main/java/com/example/camel/SecurityConfig.java @@ -3,6 +3,7 @@ package com.example.camel; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; import org.springframework.ldap.core.support.BaseLdapPathContextSource; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.Customizer; @@ -17,13 +18,16 @@ import com.fasterxml.jackson.jakarta.rs.json.JacksonJsonProvider; @Configuration public class SecurityConfig { + public static final String ROLE_BACKEND = "ROLE_BACKEND"; + public static final String ROLE_SERVER = "ROLE_SERVER"; + @Value("${app.group-search-base:ou=groups}") private String groupSearchBase; @Value("${app.group-search-filter:(member={0})}") private String groupSearchFilter; - @Value("${app.user-search-base:ou=people}") + @Value("${app.user-search-base:ou=users}") private String userSearchBase; @Value("${app.user-search-filter:(uid={0})}") @@ -31,9 +35,10 @@ public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http.authorizeHttpRequests((authorize) -> authorize.anyRequest().fullyAuthenticated()) + http.authorizeHttpRequests( + (authorize) -> authorize.requestMatchers(HttpMethod.GET, "/**").hasAuthority(ROLE_BACKEND) + .requestMatchers(HttpMethod.POST, "/**").hasAuthority(ROLE_SERVER)) .httpBasic(Customizer.withDefaults()); - return http.build(); } @@ -51,6 +56,7 @@ public class SecurityConfig { LdapBindAuthenticationManagerFactory factory = new LdapBindAuthenticationManagerFactory(contextSource); factory.setUserSearchBase(userSearchBase); factory.setUserSearchFilter(userSearchFilter); + factory.setLdapAuthoritiesPopulator(authorities); return factory.createAuthenticationManager(); }