feat(x509) Allow x509 and LDAP to be used together (#476)

spinnaker · Dec 5, 2017 · 8ab12cd · 8ab12cd
1 parent 4e98950
commit 8ab12cd
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 1 deletion.
diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/ldap/LdapSsoConfig.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/ldap/LdapSsoConfig.groovy
@@ -53,6 +53,9 @@ class LdapSsoConfig extends WebSecurityConfigurerAdapter {
   @Autowired
   LdapUserContextMapper ldapUserContextMapper
 
+  @Autowired(required = false)
+  List<LdapSsoConfigurer> configurers
+
   @Override
   protected void configure(AuthenticationManagerBuilder auth) throws Exception {
     def ldapConfigurer =
@@ -83,6 +86,9 @@ class LdapSsoConfig extends WebSecurityConfigurerAdapter {
   protected void configure(HttpSecurity http) throws Exception {
     http.formLogin()
     authConfig.configure(http)
+      configurers?.each {
+          it.configure(http)
+      }
   }
 
   @Component

diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/ldap/LdapSsoConfigurer.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/ldap/LdapSsoConfigurer.groovy
@@ -0,0 +1,7 @@
+package com.netflix.spinnaker.gate.security.ldap
+
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+
+interface LdapSsoConfigurer {
+    void configure(HttpSecurity http) throws Exception
+}
diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/x509/X509Config.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/x509/X509Config.groovy
@@ -18,6 +18,8 @@ package com.netflix.spinnaker.gate.security.x509
 
 import com.netflix.spinnaker.gate.security.AuthConfig
 import com.netflix.spinnaker.gate.security.SpinnakerAuthConfig
+import com.netflix.spinnaker.gate.security.ldap.LdapSsoConfig
+import com.netflix.spinnaker.gate.security.ldap.LdapSsoConfigurer
 import com.netflix.spinnaker.gate.security.oauth2.OAuth2SsoConfig
 import com.netflix.spinnaker.gate.security.oauth2.OAuthSsoConfigurer
 import com.netflix.spinnaker.gate.security.saml.SamlSsoConfig
@@ -107,7 +109,7 @@ class X509Config {
   /**
    * See {@link OAuth2SsoConfig} for why these classes and conditionals exist!
    */
-  @ConditionalOnMissingBean([OAuth2SsoConfig, SamlSsoConfig])
+  @ConditionalOnMissingBean([OAuth2SsoConfig, SamlSsoConfig, LdapSsoConfig])
   @Bean
   X509StandaloneAuthConfig standaloneConfig() {
     new X509StandaloneAuthConfig()
@@ -159,4 +161,18 @@ class X509Config {
       http.securityContext().securityContextRepository(new X509SecurityContextRepository())
     }
   }
+
+  @ConditionalOnBean(LdapSsoConfig)
+  @Bean
+  X509LDAPConfig withLDAPConfig() {
+    new X509LDAPConfig()
+  }
+
+  class X509LDAPConfig implements LdapSsoConfigurer {
+    @Override
+    void configure(HttpSecurity http) throws Exception {
+      X509Config.this.configure(http)
+      http.securityContext().securityContextRepository(new X509SecurityContextRepository())
+    }
+  }
 }