Skip to content

Commit 488f5b3

Browse files
committed
LDAP security config refactoring
1 parent d507a9f commit 488f5b3

File tree

1 file changed

+19
-7
lines changed

1 file changed

+19
-7
lines changed

api/src/main/java/io/kafbat/ui/config/auth/LdapSecurityConfig.java

Lines changed: 19 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -63,24 +63,32 @@ public ReactiveAuthenticationManager authenticationManager(LdapContextSource lda
6363
ba.setUserSearch(userSearch);
6464
}
6565

66+
var authenticationProvider = getAuthenticationProvider(authoritiesExtractor, rbacEnabled, ba);
67+
68+
AuthenticationManager am = new ProviderManager(List.of(authenticationProvider));
69+
70+
return new ReactiveAuthenticationManagerAdapter(am);
71+
}
72+
73+
private AbstractLdapAuthenticationProvider getAuthenticationProvider(LdapAuthoritiesPopulator authoritiesExtractor,
74+
boolean rbacEnabled,
75+
BindAuthenticator bindAuthenticator) {
6676
AbstractLdapAuthenticationProvider authenticationProvider;
77+
6778
if (!props.isActiveDirectory()) {
6879
authenticationProvider = rbacEnabled
69-
? new LdapAuthenticationProvider(ba, authoritiesExtractor)
70-
: new LdapAuthenticationProvider(ba);
80+
? new LdapAuthenticationProvider(bindAuthenticator, authoritiesExtractor)
81+
: new LdapAuthenticationProvider(bindAuthenticator);
7182
} else {
7283
authenticationProvider = new ActiveDirectoryLdapAuthenticationProvider(props.getActiveDirectoryDomain(),
73-
props.getUrls()); // TODO Issue #3741
84+
props.getUrls());
7485
authenticationProvider.setUseAuthenticationRequestCredentials(true);
7586
}
7687

7788
if (rbacEnabled) {
7889
authenticationProvider.setUserDetailsContextMapper(new UserDetailsMapper());
7990
}
80-
81-
AuthenticationManager am = new ProviderManager(List.of(authenticationProvider));
82-
83-
return new ReactiveAuthenticationManagerAdapter(am);
91+
return authenticationProvider;
8492
}
8593

8694
@Bean
@@ -99,6 +107,10 @@ public DefaultLdapAuthoritiesPopulator ldapAuthoritiesExtractor(ApplicationConte
99107
AccessControlService acs) {
100108
var rbacEnabled = acs != null && acs.isRbacEnabled();
101109

110+
if (props.isActiveDirectory()) {
111+
return null;
112+
}
113+
102114
DefaultLdapAuthoritiesPopulator extractor;
103115

104116
if (rbacEnabled) {

0 commit comments

Comments
 (0)