From 8ab12cd0b11d7e5a771d7db0dcd64eb380d0cc99 Mon Sep 17 00:00:00 2001 From: Will Gorman Date: Mon, 4 Dec 2017 20:07:41 -0600 Subject: [PATCH] feat(x509) Allow x509 and LDAP to be used together (#476) --- .../gate/security/ldap/LdapSsoConfig.groovy | 6 ++++++ .../security/ldap/LdapSsoConfigurer.groovy | 7 +++++++ .../gate/security/x509/X509Config.groovy | 18 +++++++++++++++++- 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/ldap/LdapSsoConfigurer.groovy diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/ldap/LdapSsoConfig.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/ldap/LdapSsoConfig.groovy index 206e010c85..b98974f66a 100644 --- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/ldap/LdapSsoConfig.groovy +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/ldap/LdapSsoConfig.groovy @@ -53,6 +53,9 @@ class LdapSsoConfig extends WebSecurityConfigurerAdapter { @Autowired LdapUserContextMapper ldapUserContextMapper + @Autowired(required = false) + List configurers + @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { def ldapConfigurer = @@ -83,6 +86,9 @@ class LdapSsoConfig extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http.formLogin() authConfig.configure(http) + configurers?.each { + it.configure(http) + } } @Component diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/ldap/LdapSsoConfigurer.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/ldap/LdapSsoConfigurer.groovy new file mode 100644 index 0000000000..f581ef1b15 --- /dev/null +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/ldap/LdapSsoConfigurer.groovy @@ -0,0 +1,7 @@ +package com.netflix.spinnaker.gate.security.ldap + +import org.springframework.security.config.annotation.web.builders.HttpSecurity + +interface LdapSsoConfigurer { + void configure(HttpSecurity http) throws Exception +} \ No newline at end of file diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/x509/X509Config.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/x509/X509Config.groovy index 8d3dead6d9..4c659cf83a 100644 --- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/x509/X509Config.groovy +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/x509/X509Config.groovy @@ -18,6 +18,8 @@ package com.netflix.spinnaker.gate.security.x509 import com.netflix.spinnaker.gate.security.AuthConfig import com.netflix.spinnaker.gate.security.SpinnakerAuthConfig +import com.netflix.spinnaker.gate.security.ldap.LdapSsoConfig +import com.netflix.spinnaker.gate.security.ldap.LdapSsoConfigurer import com.netflix.spinnaker.gate.security.oauth2.OAuth2SsoConfig import com.netflix.spinnaker.gate.security.oauth2.OAuthSsoConfigurer import com.netflix.spinnaker.gate.security.saml.SamlSsoConfig @@ -107,7 +109,7 @@ class X509Config { /** * See {@link OAuth2SsoConfig} for why these classes and conditionals exist! */ - @ConditionalOnMissingBean([OAuth2SsoConfig, SamlSsoConfig]) + @ConditionalOnMissingBean([OAuth2SsoConfig, SamlSsoConfig, LdapSsoConfig]) @Bean X509StandaloneAuthConfig standaloneConfig() { new X509StandaloneAuthConfig() @@ -159,4 +161,18 @@ class X509Config { http.securityContext().securityContextRepository(new X509SecurityContextRepository()) } } + + @ConditionalOnBean(LdapSsoConfig) + @Bean + X509LDAPConfig withLDAPConfig() { + new X509LDAPConfig() + } + + class X509LDAPConfig implements LdapSsoConfigurer { + @Override + void configure(HttpSecurity http) throws Exception { + X509Config.this.configure(http) + http.securityContext().securityContextRepository(new X509SecurityContextRepository()) + } + } }