From a3d63f75f60b2c1d888908651b56af619a8e0178 Mon Sep 17 00:00:00 2001 From: Amit Pandey Date: Mon, 26 Feb 2024 03:16:11 +0530 Subject: [PATCH] Java 29291 :- Upgrade Spring Security LDAP to Spring Boot 3 (#15901) * JAVA-29291 :- Upgrade to Boot 3 * JAVA-29291 :- Upgrade to Boot 3 * JAVA-29291 :- Upgrade to Boot 3 * JAVA-29291 :- Upgrade to Boot 3 --- .../spring-security-ldap/pom.xml | 10 +- .../com/baeldung/SampleLDAPApplication.java | 3 - .../com/baeldung/config/SecurityConfig.java | 27 ++- .../server/core/avltree/ArrayMarshaller.java | 172 ++++++++++++++++++ 4 files changed, 192 insertions(+), 20 deletions(-) create mode 100644 spring-security-modules/spring-security-ldap/src/main/java/org/apache/directory/server/core/avltree/ArrayMarshaller.java diff --git a/spring-security-modules/spring-security-ldap/pom.xml b/spring-security-modules/spring-security-ldap/pom.xml index 9f4f3b4106..0da7fc27c5 100644 --- a/spring-security-modules/spring-security-ldap/pom.xml +++ b/spring-security-modules/spring-security-ldap/pom.xml @@ -10,8 +10,9 @@ com.baeldung - spring-security-modules + parent-boot-3 0.0.1-SNAPSHOT + ../../parent-boot-3 @@ -64,6 +65,11 @@ + + com.unboundid + unboundid-ldapsdk + ${unboundid-ldapsdk.version} + @@ -78,6 +84,8 @@ 1.5.5 + com.baeldung.SampleLDAPApplication + 4.0.10 \ No newline at end of file diff --git a/spring-security-modules/spring-security-ldap/src/main/java/com/baeldung/SampleLDAPApplication.java b/spring-security-modules/spring-security-ldap/src/main/java/com/baeldung/SampleLDAPApplication.java index 2d619cccfa..af1dd350a8 100644 --- a/spring-security-modules/spring-security-ldap/src/main/java/com/baeldung/SampleLDAPApplication.java +++ b/spring-security-modules/spring-security-ldap/src/main/java/com/baeldung/SampleLDAPApplication.java @@ -3,9 +3,6 @@ package com.baeldung; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; -import org.springframework.context.annotation.Bean; -import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; -import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; /** * Main Application Class - uses Spring Boot. Just run this as a normal Java diff --git a/spring-security-modules/spring-security-ldap/src/main/java/com/baeldung/config/SecurityConfig.java b/spring-security-modules/spring-security-ldap/src/main/java/com/baeldung/config/SecurityConfig.java index 78e4dff29c..b76b1d945b 100644 --- a/spring-security-modules/spring-security-ldap/src/main/java/com/baeldung/config/SecurityConfig.java +++ b/spring-security-modules/spring-security-ldap/src/main/java/com/baeldung/config/SecurityConfig.java @@ -6,7 +6,7 @@ import org.springframework.ldap.core.support.BaseLdapPathContextSource; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory; -import org.springframework.security.ldap.server.ApacheDSContainer; +import org.springframework.security.ldap.server.UnboundIdContainer; import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator; import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator; import org.springframework.security.web.SecurityFilterChain; @@ -19,8 +19,8 @@ import org.springframework.security.web.SecurityFilterChain; public class SecurityConfig { @Bean - ApacheDSContainer ldapContainer() throws Exception { - return new ApacheDSContainer("dc=baeldung,dc=com", "classpath:users.ldif"); + UnboundIdContainer ldapContainer() throws Exception { + return new UnboundIdContainer("dc=baeldung,dc=com", "classpath:users.ldif"); } @Bean @@ -41,18 +41,13 @@ public class SecurityConfig { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http.authorizeRequests() - .antMatchers("/", "/home", "/css/**") - .permitAll() - .anyRequest() - .authenticated() - .and() - .formLogin() - .loginPage("/login") - .permitAll() - .and() - .logout() - .logoutSuccessUrl("/"); - return http.build(); + return http.authorizeHttpRequests(auth -> auth + .requestMatchers("/", "/home", "/css/**") + .permitAll() + .anyRequest() + .authenticated()) + .formLogin(httpSecurityFormLoginConfigurer -> + httpSecurityFormLoginConfigurer.loginPage("/login").permitAll()) + .logout(logout -> logout.logoutSuccessUrl("/")).build(); } } diff --git a/spring-security-modules/spring-security-ldap/src/main/java/org/apache/directory/server/core/avltree/ArrayMarshaller.java b/spring-security-modules/spring-security-ldap/src/main/java/org/apache/directory/server/core/avltree/ArrayMarshaller.java new file mode 100644 index 0000000000..78c1e69ee7 --- /dev/null +++ b/spring-security-modules/spring-security-ldap/src/main/java/org/apache/directory/server/core/avltree/ArrayMarshaller.java @@ -0,0 +1,172 @@ +/* + * Copyright 2002-2021 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.directory.server.core.avltree; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.DataInputStream; +import java.io.DataOutputStream; +import java.io.IOException; +import java.util.Comparator; +import org.apache.directory.shared.ldap.util.StringTools; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Class to serialize the Array data. + * + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +@SuppressWarnings("unchecked") +public class ArrayMarshaller implements Marshaller> { + + /** static logger */ + private static final Logger LOG = LoggerFactory.getLogger(ArrayMarshaller.class); + + /** used for serialized form of an empty AvlTree */ + private static final byte[] EMPTY_TREE = new byte[1]; + + /** marshaller to be used for marshalling the keys */ + private Marshaller keyMarshaller; + + /** key Comparator for the AvlTree */ + private Comparator comparator; + + /** + * Creates a new instance of AvlTreeMarshaller with a custom key Marshaller. + * @param comparator Comparator to be used for key comparision + * @param keyMarshaller marshaller for keys + */ + public ArrayMarshaller(Comparator comparator, Marshaller keyMarshaller) { + this.comparator = comparator; + this.keyMarshaller = keyMarshaller; + } + + /** + * Creates a new instance of AvlTreeMarshaller with the default key Marshaller which + * uses Java Serialization. + * @param comparator Comparator to be used for key comparision + */ + public ArrayMarshaller(Comparator comparator) { + this.comparator = comparator; + this.keyMarshaller = (Marshaller) DefaultMarshaller.INSTANCE; + } + + /** + * Marshals the given tree to bytes + * @param tree the tree to be marshalled + */ + public byte[] serialize(ArrayTree tree) { + if ((tree == null) || (tree.size() == 0)) { + return EMPTY_TREE; + } + + ByteArrayOutputStream byteStream = new ByteArrayOutputStream(); + DataOutputStream out = new DataOutputStream(byteStream); + byte[] data = null; + + try { + out.writeByte(0); // represents the start of an Array byte stream + out.writeInt(tree.size()); + + for (int position = 0; position < tree.size(); position++) { + E value = tree.get(position); + byte[] bytes = this.keyMarshaller.serialize(value); + + // Write the key length + out.writeInt(bytes.length); + + // Write the key if its length is not null + if (bytes.length != 0) { + out.write(bytes); + } + } + + out.flush(); + data = byteStream.toByteArray(); + + // Try to deserialize, just to see + try { + deserialize(data); + } + catch (NullPointerException npe) { + System.out.println("Bad serialization, tree : [" + StringTools.dumpBytes(data) + "]"); + throw npe; + } + + out.close(); + } + catch (IOException ex) { + ex.printStackTrace(); + } + + return data; + } + + /** + * Creates an Array from given bytes of data. + * @param data byte array to be converted into an array + */ + public ArrayTree deserialize(byte[] data) throws IOException { + try { + if ((data == null) || (data.length == 0)) { + throw new IOException("Null or empty data array is invalid."); + } + + if ((data.length == 1) && (data[0] == 0)) { + E[] array = (E[]) new Object[] {}; + ArrayTree tree = new ArrayTree(this.comparator, array); + return tree; + } + + ByteArrayInputStream bin = new ByteArrayInputStream(data); + DataInputStream din = new DataInputStream(bin); + + byte startByte = din.readByte(); + + if (startByte != 0) { + throw new IOException("wrong array serialized data format"); + } + + int size = din.readInt(); + E[] nodes = (E[]) new Object[size]; + + for (int i = 0; i < size; i++) { + // Read the object's size + int dataSize = din.readInt(); + + if (dataSize != 0) { + byte[] bytes = new byte[dataSize]; + + din.read(bytes); + E key = this.keyMarshaller.deserialize(bytes); + nodes[i] = key; + } + } + + ArrayTree arrayTree = new ArrayTree(this.comparator, nodes); + + return arrayTree; + } + catch (NullPointerException npe) { + System.out.println("Bad tree : [" + StringTools.dumpBytes(data) + "]"); + throw npe; + } + } + +} \ No newline at end of file