Authorization fix - roles were not fetch correctly

2 weeks ago · 00222c595a
parent f1287f5bc5
commit 00222c595a
4 changed files with 13 additions and 6 deletions
--- a/conf/logback.xml
+++ b/conf/logback.xml
@ -19,6 +19,7 @@
 			<pattern>%-5level %d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %logger{36} - %msg%n</pattern>
 		</encoder>
 	</appender>
+	<logger name="org.springframework.security.ldap.userdetails" level="TRACE" /> 
 	<logger name="org.springframework.security" level="DEBUG" /> 
 	<logger name="com.example.camel" level="DEBUG" /> 
 	<root level="INFO">
--- a/conf/springboot.yml
+++ b/conf/springboot.yml
@ -16,4 +16,4 @@ spring:

 app:
  queue-name: "UserServiceQueue"
-  user-search-base: ou=users
+
--- a/misc/ldapdb.ldif
+++ b/misc/ldapdb.ldif
@ -15,7 +15,7 @@ dn: cn=backend,ou=groups,dc=example,dc=com
 objectClass: groupOfNames
 objectClass: top
 cn: backend
-member: cn=cxfrs,ou=users,dc=example,dc=com
+member: uid=cxfrs,ou=users,dc=example,dc=com

 dn: ou=groups,dc=example,dc=com
 objectclass: organizationalUnit
@ -31,7 +31,7 @@ dn: cn=server,ou=groups,dc=example,dc=com
 objectClass: groupOfNames
 objectClass: top
 cn: server
-member: cn=cxfrs,ou=users,dc=example,dc=com
+member: uid=cxfrs,ou=users,dc=example,dc=com

 dn: dc=example,dc=com
 objectclass: domain
--- a/src/main/java/com/example/camel/SecurityConfig.java
+++ b/src/main/java/com/example/camel/SecurityConfig.java
@ -3,6 +3,7 @@ package com.example.camel;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.Customizer;
@ -17,13 +18,16 @@ import com.fasterxml.jackson.jakarta.rs.json.JacksonJsonProvider;
@Configuration
 public class SecurityConfig {

+	public static final String ROLE_BACKEND = "ROLE_BACKEND";
+	public static final String ROLE_SERVER = "ROLE_SERVER";
+
 	@Value("${app.group-search-base:ou=groups}")
 	private String groupSearchBase;

 	@Value("${app.group-search-filter:(member={0})}")
 	private String groupSearchFilter;

-	@Value("${app.user-search-base:ou=people}")
+	@Value("${app.user-search-base:ou=users}")
 	private String userSearchBase;

 	@Value("${app.user-search-filter:(uid={0})}")
@ -31,9 +35,10 @@ public class SecurityConfig {

 	@Bean
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-		http.authorizeHttpRequests((authorize) -> authorize.anyRequest().fullyAuthenticated())
+		http.authorizeHttpRequests(
+				(authorize) -> authorize.requestMatchers(HttpMethod.GET, "/**").hasAuthority(ROLE_BACKEND)
+				.requestMatchers(HttpMethod.POST, "/**").hasAuthority(ROLE_SERVER))
 				.httpBasic(Customizer.withDefaults());
-
 		return http.build();
 	}

@ -51,6 +56,7 @@ public class SecurityConfig {
 		LdapBindAuthenticationManagerFactory factory = new LdapBindAuthenticationManagerFactory(contextSource);
 		factory.setUserSearchBase(userSearchBase);
 		factory.setUserSearchFilter(userSearchFilter);
+		factory.setLdapAuthoritiesPopulator(authorities);
 		return factory.createAuthenticationManager();
 	}