Addition of configuration for LDAP authentication

README.md

@@ -22,12 +22,41 @@ The requests are sent in HTTPS format and to provide this the project has a self
     server.ssl.key-alias=tomcat
 
 ##### Authentication
-The q-REST service uses basic authentication and is using a single username and password which are configured in the `application.properties` file:
+The q-REST service offers both basic and LDAP authentication modes, configurable within the `application.properties` file.  
+
+ ###### Basic authentication
+
+Basic authentication is set as the default authentication mode:
+
+    authentication.type=basic
+
+Basic authentication uses a single username and password, configured in the `application.properties` file:
 
     basic.authentication.user=user
     basic.authentication.password=pass
+
+ ######LDAP authentication
+
+LDAP authentication can be implemented by changing the configuration of the `authentication.type` property to `LDAP`:
+
+    authentication.type=LDAP   
+
+LDAP properties are currently configured to use an online LDAP test server, which can be found at: https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/ . 
+
+LDAP authentication process requires both a username and a password. 
+
+Configuration details of properties for LDAP authentication are found within the `application.properties` file:
+
+    security.ldap.url=ldap://ldap.forumsys.com:389/dc=example,dc=com
+    managerDn=cn=read-only-admin,dc=example,dc=com
+    managerPassword=password
+    groupSearchFilter=uniqueMember={0}
+    userSearchFilter=uid={0}
+    userDnPatterns=uid={0}
+
+For both authentication types, the username and password should be provided within the header of the request, encoded in Base64. 
 
-These value are provided within the header of the request, it is strongly recommended to invoke your own security if you use the project.
+It is strongly recommended that you invoke your own security if you use the project.
 
 ## EndPoints
 

pom.xml

@@ -119,12 +119,23 @@
             <artifactId>springfox-swagger2</artifactId>
             <version>2.4.0</version>
         </dependency>
-
         <dependency>
             <groupId>io.springfox</groupId>
             <artifactId>springfox-swagger-ui</artifactId>
             <version>2.4.0</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.ldap</groupId>
+            <artifactId>spring-ldap-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-ldap</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.unboundid</groupId>
+            <artifactId>unboundid-ldapsdk</artifactId>
+        </dependency>
     </dependencies>
 
     <build>

src/main/java/uk/co/aquaq/kdb/security/SecurityConfiguration.java

@@ -3,43 +3,81 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
-import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.servlet.config.annotation.*;
 
+import java.util.Base64;
 
 @Configuration
 @EnableWebSecurity
 @EnableWebMvc
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
-
-    @Autowired
-    private AuthenticationEntryPoint authEntryPoint;
+    @Value("${security.ldap.url}")
+    private String url;
+    @Value("${managerDn}")
+    private String managerDn;
+    @Value("${managerPassword}")
+    private String managerPassword;
+    @Value("${groupSearchFilter}")
+    private String groupSearchFilter;
+    @Value("${userDnPatterns}")
+    private String userDnPatterns;
+    @Value("${userSearchBase}")
+    private String userSearchBase;
+    @Value("${userSearchFilter}")
+    private String userSearchFilter;
     @Value("${basic.authentication.user}")
-    String user;
+    private String basicAuthUsername;
     @Value("${basic.authentication.password}")
-    String password;
-
-    @Autowired
-    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication()
-                .withUser(user).password(password).authorities("ROLE_USER");
-    }
+    private String basicAuthPassword;
+    @Value("${authentication.type}")
+    private String authType;
 
+    @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.csrf().disable()
                 .authorizeRequests()
-                .anyRequest().authenticated()
+                .anyRequest().fullyAuthenticated()
+                .and()
+                .formLogin()
                 .and()
                 .httpBasic().and().cors().configurationSource(request -> new CorsConfiguration().applyPermitDefaultValues());
+    }
 
+    @Override
+    public void configure(AuthenticationManagerBuilder auth) throws Exception {
+        switch(authType.trim().toUpperCase()) {
+            case "LDAP":
+                configureLdapAuth(auth);
+                break;
+            default:
+                configureBasicAuth(auth);
+                break;
+        }
     }
 
+    private void configureBasicAuth(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication()
+                .withUser(basicAuthUsername).password(basicAuthPassword).authorities("ROLE_USER");
+    }
 
+    private void configureLdapAuth(AuthenticationManagerBuilder auth) throws Exception {
+        auth
+                .ldapAuthentication()
+                .userDnPatterns(userDnPatterns)
+                .userSearchFilter(userSearchFilter)
+                .userSearchBase("")
+                .groupSearchFilter(groupSearchFilter)
+                .contextSource()
+                .url(url)
+                .managerDn(managerDn)
+                .managerPassword(managerPassword);
+    }
 }

src/main/resources/application.properties

@@ -11,16 +11,24 @@ server.ssl.key-store-password=aquaq2018
 server.ssl.key-alias=tomcat
 
 kdb.host=localhost
-kdb.port=1234
+kdb.port=
 kdb.username=
 kdb.password=
 gateway.function={[request;properties] @[value;`.aqrest.execute;{[e;request;properties] @[neg .z.w;`status`result!@[{(1b;value x)};request;{(0b;"error: ",x)}]]}] . (request;properties)}
 
+#To choose LDAP authentication, set value to LDAP. Default set to basic authentication
+authentication.type=basic
+
 server.port=8090
 freeform.query.mode.enabled=false
 basic.authentication.user=user
 basic.authentication.password=pass
 
 springfox.documentation.swagger.v2.path=/kdb-rest-service-documentation
 
-
+security.ldap.url=ldap://ldap.forumsys.com:389/dc=example,dc=com
+managerDn=cn=read-only-admin,dc=example,dc=com
+managerPassword=password
+groupSearchFilter=uniqueMember={0}
+userSearchFilter=uid={0}
+userDnPatterns=uid={0}