NIFI-655:

- Allowing the ldap provider to specify if client authentication is required/desired.
This commit is contained in:
Matt Gilman 2015-11-12 09:10:29 -05:00
parent cfee612a78
commit b3ae3e3149
1 changed files with 13 additions and 5 deletions

View File

@ -44,6 +44,8 @@ import org.springframework.security.ldap.search.LdapUserSearch;
*/ */
public class LdapProvider extends AbstractLdapProvider { public class LdapProvider extends AbstractLdapProvider {
private static final String TLS = "TLS";
@Override @Override
protected AbstractLdapAuthenticationProvider getLdapAuthenticationProvider(LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException { protected AbstractLdapAuthenticationProvider getLdapAuthenticationProvider(LoginIdentityProviderConfigurationContext configurationContext) throws ProviderCreationException {
final LdapContextSource context = new LdapContextSource(); final LdapContextSource context = new LdapContextSource();
@ -90,17 +92,23 @@ public class LdapProvider extends AbstractLdapProvider {
final String rawTruststore = configurationContext.getProperty("TLS - Truststore"); final String rawTruststore = configurationContext.getProperty("TLS - Truststore");
final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password"); final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password");
final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type"); final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type");
final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth");
try { try {
final SSLContext sslContext; final SSLContext sslContext;
if (StringUtils.isBlank(rawKeystore)) { if (StringUtils.isBlank(rawKeystore)) {
sslContext = SslContextFactory.createTrustSslContext(rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, "TLS"); sslContext = SslContextFactory.createTrustSslContext(rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, TLS);
} else { } else {
if (StringUtils.isBlank(rawTruststore)) { if (StringUtils.isBlank(rawTruststore)) {
sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, "TLS"); sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, TLS);
} else { } else {
sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, try {
rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, ClientAuth.REQUIRED, "TLS"); final ClientAuth clientAuth = ClientAuth.valueOf(rawClientAuth);
sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType,
rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, clientAuth, TLS);
} catch (final IllegalArgumentException iae) {
throw new ProviderCreationException(String.format("Unrecgonized client auth '%s'", rawClientAuth));
}
} }
} }
tlsAuthenticationStrategy.setSslSocketFactory(sslContext.getSocketFactory()); tlsAuthenticationStrategy.setSslSocketFactory(sslContext.getSocketFactory());
@ -133,7 +141,7 @@ public class LdapProvider extends AbstractLdapProvider {
// query // query
final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context); final LdapUserSearch userSearch = new FilterBasedLdapUserSearch(userSearchBase, userSearchFilter, context);
// bind vs password? // bind
final BindAuthenticator authenticator = new BindAuthenticator(context); final BindAuthenticator authenticator = new BindAuthenticator(context);
authenticator.setUserSearch(userSearch); authenticator.setUserSearch(userSearch);