Add AuthorizeReturnObject Sample
Closes gh-4
This commit is contained in:
@@ -1 +0,0 @@
|
||||
../../../../../gradle/libs.versions.toml
|
||||
@@ -1,9 +0,0 @@
|
||||
<html xmlns:th="https://www.thymeleaf.org">
|
||||
<head>
|
||||
<title>Hello Security!</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Hello Security</h1>
|
||||
<a th:href="@{/logout}">Log Out</a>
|
||||
</body>
|
||||
</html>
|
||||
@@ -1,47 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
*/
|
||||
@SpringBootTest
|
||||
@AutoConfigureMockMvc
|
||||
public class HelloApplicationTests {
|
||||
|
||||
@Autowired
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@Test
|
||||
void indexThenOk() throws Exception {
|
||||
// @formatter:off
|
||||
this.mockMvc.perform(get("/"))
|
||||
.andExpect(status().isOk());
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
}
|
||||
72
servlet/spring-boot/java/security/README.adoc
Normal file
72
servlet/spring-boot/java/security/README.adoc
Normal file
@@ -0,0 +1,72 @@
|
||||
= A CRUD Spring LDAP application using Spring Boot
|
||||
|
||||
The application is protected by Spring Security and uses an embedded UnboundID container for its LDAP server.
|
||||
|
||||
You can authenticate with HTTP basic using `dante`/`secret`:
|
||||
|
||||
[source,bash]
|
||||
----
|
||||
curl --user dante:secret localhost:8080/people
|
||||
----
|
||||
|
||||
And you should see a response like this one:
|
||||
|
||||
[source,bash]
|
||||
----
|
||||
[
|
||||
[
|
||||
{
|
||||
"dn": "uid=dante,ou=people",
|
||||
"lastName": "Alvarez",
|
||||
"username": "dante"
|
||||
},
|
||||
{
|
||||
"dn": "uid=hal,ou=people",
|
||||
"lastName": "Hal",
|
||||
"username": "hal"
|
||||
},
|
||||
{
|
||||
"dn": "uid=may,ou=people",
|
||||
"lastName": "May",
|
||||
"username": "may"
|
||||
},
|
||||
// ...
|
||||
}
|
||||
----
|
||||
|
||||
Or, if you use `hal`/`sorrydave`, you'll see more information:
|
||||
|
||||
[source,bash]
|
||||
----
|
||||
[
|
||||
{
|
||||
"dn": "uid=dante,ou=people",
|
||||
"lastName": "Alvarez",
|
||||
"name": "Dante Alvarez",
|
||||
"username": "dante"
|
||||
},
|
||||
{
|
||||
"dn": "uid=hal,ou=people",
|
||||
"lastName": "Hal",
|
||||
"name": "Hal 2000",
|
||||
"username": "hal"
|
||||
},
|
||||
{
|
||||
"dn": "uid=may,ou=people",
|
||||
"lastName": "May",
|
||||
"name": "May Bea",
|
||||
"username": "may"
|
||||
},
|
||||
// ...
|
||||
----
|
||||
|
||||
The sample supports the following operations:
|
||||
|
||||
* `GET /people` - retrieve all the people in the application
|
||||
* `GET /people/uid=may,ou=people` - retrieve May Bea's details; you can replace the DN with another one to see another person's information
|
||||
* `GET /people/me` - retrieve the current user's details
|
||||
* `POST /people` - add a new person, for example `{ "username": "newuser", "sn": "User", "cn": "New User" }`
|
||||
* `PUT /people/uid=may,ou=people` - update May Bea's details, supports partial update; you can replace the DN with another one to make changes to a different entry
|
||||
* `DELETE /people/uid=may,ou=people` - remove May Bea from the system; you can replace the DN with another one to remove a different entry
|
||||
|
||||
To run the sample, do `./gradlew :bootRun`.
|
||||
@@ -11,12 +11,17 @@ repositories {
|
||||
maven { url "https://repo.spring.io/snapshot" }
|
||||
}
|
||||
|
||||
ext['spring-security.version'] = "6.4.0-SNAPSHOT"
|
||||
|
||||
dependencies {
|
||||
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-data-ldap'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-web'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-security'
|
||||
implementation 'org.springframework.security:spring-security-ldap'
|
||||
implementation 'com.unboundid:unboundid-ldapsdk:7.0.1'
|
||||
|
||||
testImplementation 'org.springframework.boot:spring-boot-starter-test'
|
||||
testImplementation 'org.springframework.security:spring-security-test'
|
||||
}
|
||||
|
||||
tasks.withType(Test).configureEach {
|
||||
@@ -1,4 +1,4 @@
|
||||
version=6.1.1
|
||||
spring-ldap.version=6.4.0-SNAPSHOT
|
||||
spring-ldap.version=3.3.0-SNAPSHOT
|
||||
org.gradle.jvmargs=-Xmx6g -XX:+HeapDumpOnOutOfMemoryError
|
||||
org.gradle.caching=true
|
||||
12
servlet/spring-boot/java/security/gradle/libs.versions.toml
Normal file
12
servlet/spring-boot/java/security/gradle/libs.versions.toml
Normal file
@@ -0,0 +1,12 @@
|
||||
[versions]
|
||||
org-springframework-boot = "3.4.0-SNAPSHOT"
|
||||
|
||||
[libraries]
|
||||
org-springframework-spring-framework-bom = "org.springframework:spring-framework-bom:6.2.0-M6"
|
||||
org-springframework-data-spring-data-bom = "org.springframework.data:spring-data-bom:2024.0.2"
|
||||
org-springframework-ldap-spring-ldap-core = "org.springframework.ldap:spring-ldap-core:3.3.0-SNAPSHOT"
|
||||
org-springframework-ldap-spring-ldap-test = "org.springframework.ldap:spring-ldap-test:3.3.0-SNAPSHOT"
|
||||
|
||||
[plugins]
|
||||
io-spring-dependency-management = { id = "io.spring.dependency-management", version = "1.1.6" }
|
||||
org-springframework-boot = { id = "org.springframework.boot", version.ref = "org-springframework-boot" }
|
||||
@@ -0,0 +1,95 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example;
|
||||
|
||||
import javax.naming.Name;
|
||||
|
||||
import example.security.NullMethodAuthorizationDeniedHandler;
|
||||
|
||||
import org.springframework.ldap.odm.annotations.Attribute;
|
||||
import org.springframework.ldap.odm.annotations.DnAttribute;
|
||||
import org.springframework.ldap.odm.annotations.Entry;
|
||||
import org.springframework.ldap.odm.annotations.Id;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.authorization.method.HandleAuthorizationDenied;
|
||||
|
||||
@Entry(objectClasses = { "inetOrgPerson", "organizationalPerson", "person", "top" }, base = "ou=people")
|
||||
public class Person {
|
||||
|
||||
@Id
|
||||
private Name dn;
|
||||
|
||||
@DnAttribute(value = "uid", index = 1)
|
||||
@Attribute(name = "uid")
|
||||
private String username;
|
||||
|
||||
@Attribute(name = "cn")
|
||||
private String name;
|
||||
|
||||
@Attribute(name = "sn")
|
||||
private String lastName;
|
||||
|
||||
public Person() {
|
||||
|
||||
}
|
||||
|
||||
public Person(String username) {
|
||||
this.username = username;
|
||||
}
|
||||
|
||||
public Person(Person person) {
|
||||
this.dn = person.getDn();
|
||||
this.username = person.getUsername();
|
||||
this.name = person.getName();
|
||||
this.lastName = person.getLastName();
|
||||
}
|
||||
|
||||
public Name getDn() {
|
||||
return this.dn;
|
||||
}
|
||||
|
||||
public void setDn(Name dn) {
|
||||
this.dn = dn;
|
||||
}
|
||||
|
||||
public String getUsername() {
|
||||
return this.username;
|
||||
}
|
||||
|
||||
public void setUsername(String username) {
|
||||
this.username = username;
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
|
||||
@HandleAuthorizationDenied(handlerClass = NullMethodAuthorizationDeniedHandler.class)
|
||||
public String getName() {
|
||||
return this.name;
|
||||
}
|
||||
|
||||
public void setName(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
public String getLastName() {
|
||||
return this.lastName;
|
||||
}
|
||||
|
||||
public void setLastName(String lastName) {
|
||||
this.lastName = lastName;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,84 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
|
||||
import example.ldap.DirContextOperationsMapper;
|
||||
|
||||
import org.springframework.ldap.core.DirContextAdapter;
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
import org.springframework.ldap.core.LdapClient;
|
||||
import org.springframework.ldap.odm.core.ObjectDirectoryMapper;
|
||||
import org.springframework.ldap.odm.core.impl.DefaultObjectDirectoryMapper;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
|
||||
|
||||
public final class PersonContextMapper implements UserDetailsContextMapper {
|
||||
|
||||
private final LdapClient ldap;
|
||||
|
||||
private final ObjectDirectoryMapper odm = new DefaultObjectDirectoryMapper();
|
||||
|
||||
public PersonContextMapper(LdapClient ldap) {
|
||||
this.ldap = ldap;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
|
||||
Collection<? extends GrantedAuthority> authorities) {
|
||||
Person person = this.odm.mapFromLdapDataEntry(ctx, Person.class);
|
||||
DirContextOperationsMapper<String> toAuthority = (c) -> {
|
||||
List<String> members = List.of(c.getStringAttributes("uniqueMember"));
|
||||
return (members.contains(ctx.getNameInNamespace())) ? "ROLE_ADMIN" : "ROLE_USER";
|
||||
};
|
||||
String authority = this.ldap.search().name("cn=managers,ou=groups").toObject(toAuthority);
|
||||
return new UserDetailsPerson(person, authority);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
|
||||
throw new UnsupportedOperationException("not supported");
|
||||
}
|
||||
|
||||
@JsonSerialize(as = Person.class)
|
||||
public static class UserDetailsPerson extends Person implements UserDetails {
|
||||
|
||||
Collection<GrantedAuthority> authorities;
|
||||
|
||||
public UserDetailsPerson(Person person, String authority) {
|
||||
super(person);
|
||||
this.authorities = List.of(new SimpleGrantedAuthority(authority));
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getAuthorities() {
|
||||
return this.authorities;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPassword() {
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,113 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.naming.Name;
|
||||
import javax.naming.directory.Attribute;
|
||||
import javax.naming.directory.Attributes;
|
||||
import javax.naming.directory.ModificationItem;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
import org.springframework.ldap.core.LdapClient;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.authorization.method.AuthorizeReturnObject;
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
import org.springframework.web.bind.annotation.DeleteMapping;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.PutMapping;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
/**
|
||||
* Controller for "/".
|
||||
*
|
||||
* @author Josh Cummings
|
||||
*/
|
||||
@RestController
|
||||
@RequestMapping("/people")
|
||||
@AuthorizeReturnObject
|
||||
public class PersonController {
|
||||
|
||||
private final PersonRepository persons;
|
||||
|
||||
private final ObjectMapper mapper;
|
||||
|
||||
private final LdapClient ldap;
|
||||
|
||||
public PersonController(PersonRepository persons, ObjectMapper mapper, LdapClient ldap) {
|
||||
this.persons = persons;
|
||||
this.mapper = mapper;
|
||||
this.ldap = ldap;
|
||||
}
|
||||
|
||||
@GetMapping
|
||||
@PreAuthorize("hasAuthority('ROLE_USER')")
|
||||
public Iterable<Person> list() {
|
||||
Iterable<Person> people = this.persons.findAll();
|
||||
return people;
|
||||
}
|
||||
|
||||
@GetMapping("/me")
|
||||
@PreAuthorize("isAuthenticated()")
|
||||
public Person me(@AuthenticationPrincipal Person person) {
|
||||
return person;
|
||||
}
|
||||
|
||||
@GetMapping("/{uid}")
|
||||
@PreAuthorize("hasAuthority('ROLE_USER')")
|
||||
public Person get(@PathVariable("uid") Name uid) {
|
||||
return this.persons.findByDn(uid);
|
||||
}
|
||||
|
||||
@PostMapping
|
||||
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
|
||||
public Person create(@RequestBody Person person) {
|
||||
return this.persons.save(person);
|
||||
}
|
||||
|
||||
@PutMapping("/{uid}")
|
||||
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
|
||||
public Person update(@PathVariable("uid") Name uid, @RequestBody String person) throws IOException {
|
||||
Person toUpdate = this.persons.findByDn(uid);
|
||||
this.mapper.readerForUpdating(toUpdate).readValue(person, Person.class);
|
||||
toUpdate.setDn(uid);
|
||||
return this.persons.save(toUpdate);
|
||||
}
|
||||
|
||||
@PutMapping("/{uid}/password")
|
||||
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
|
||||
public void updatePassword(@PathVariable("uid") Name uid, @RequestBody Attributes attributes) {
|
||||
Attribute password = attributes.get("userPassword");
|
||||
this.ldap.modify(uid)
|
||||
.attributes(new ModificationItem(DirContextOperations.REPLACE_ATTRIBUTE, password))
|
||||
.execute();
|
||||
}
|
||||
|
||||
@DeleteMapping("/{uid}")
|
||||
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
|
||||
public void delete(@PathVariable("uid") Name uid) {
|
||||
this.persons.deleteById(uid);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -16,20 +16,15 @@
|
||||
|
||||
package example;
|
||||
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import javax.naming.Name;
|
||||
|
||||
/**
|
||||
* Controller for "/".
|
||||
*
|
||||
* @author Joe Grandja
|
||||
*/
|
||||
@Controller
|
||||
public class IndexController {
|
||||
import org.springframework.data.ldap.repository.LdapRepository;
|
||||
import org.springframework.ldap.NameNotFoundException;
|
||||
|
||||
@GetMapping("/")
|
||||
public String index() {
|
||||
return "index";
|
||||
public interface PersonRepository extends LdapRepository<Person> {
|
||||
|
||||
default Person findByDn(Name dn) {
|
||||
return findById(dn).orElseThrow(() -> new NameNotFoundException("user not found"));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -25,10 +25,10 @@ import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
* @author Joe Grandja
|
||||
*/
|
||||
@SpringBootApplication
|
||||
public class HelloApplication {
|
||||
public class SecurityApplication {
|
||||
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(HelloApplication.class, args);
|
||||
SpringApplication.run(SecurityApplication.class, args);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,89 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example;
|
||||
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Role;
|
||||
import org.springframework.ldap.core.ContextSource;
|
||||
import org.springframework.ldap.core.LdapClient;
|
||||
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
|
||||
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
|
||||
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
|
||||
import org.springframework.security.ldap.authentication.BindAuthenticator;
|
||||
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
|
||||
import org.springframework.security.ldap.authentication.LdapAuthenticator;
|
||||
import org.springframework.security.ldap.server.UnboundIdContainer;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@EnableMethodSecurity
|
||||
public class SecurityConfig {
|
||||
|
||||
@Bean
|
||||
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
|
||||
static RoleHierarchy roles() {
|
||||
return RoleHierarchyImpl.withDefaultRolePrefix().role("ADMIN").implies("USER").build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
SecurityFilterChain http(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated())
|
||||
.httpBasic(withDefaults())
|
||||
.csrf((csrf) -> csrf.disable());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
UnboundIdContainer ldapContainer() {
|
||||
UnboundIdContainer container = new UnboundIdContainer("dc=springframework,dc=org", "classpath:users.ldif");
|
||||
container.setPort(0);
|
||||
return container;
|
||||
}
|
||||
|
||||
@Bean
|
||||
ContextSource contextSource(UnboundIdContainer container) {
|
||||
int port = container.getPort();
|
||||
return new DefaultSpringSecurityContextSource("ldap://localhost:" + port + "/dc=springframework,dc=org");
|
||||
}
|
||||
|
||||
@Bean
|
||||
BindAuthenticator authenticator(BaseLdapPathContextSource contextSource) {
|
||||
BindAuthenticator authenticator = new BindAuthenticator(contextSource);
|
||||
authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
|
||||
return authenticator;
|
||||
}
|
||||
|
||||
@Bean
|
||||
LdapAuthenticationProvider authenticationProvider(LdapAuthenticator authenticator, LdapClient ldap) {
|
||||
LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
|
||||
provider.setUserDetailsContextMapper(new PersonContextMapper(ldap));
|
||||
return provider;
|
||||
}
|
||||
|
||||
@Bean
|
||||
LdapClient ldapClient(ContextSource contextSource) {
|
||||
return LdapClient.create(contextSource);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,44 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example;
|
||||
|
||||
import javax.naming.Name;
|
||||
import javax.naming.directory.Attributes;
|
||||
|
||||
import com.fasterxml.jackson.databind.module.SimpleModule;
|
||||
import example.ldap.AttributesDeserializer;
|
||||
import example.ldap.AttributesSerializer;
|
||||
import example.ldap.NameDeserializer;
|
||||
import example.ldap.NameSerializer;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
public class WebConfig {
|
||||
|
||||
@Bean
|
||||
public SimpleModule nameModule() {
|
||||
SimpleModule module = new SimpleModule();
|
||||
module.addSerializer(Name.class, new NameSerializer());
|
||||
module.addDeserializer(Name.class, new NameDeserializer());
|
||||
module.addSerializer(Attributes.class, new AttributesSerializer());
|
||||
module.addDeserializer(Attributes.class, new AttributesDeserializer());
|
||||
return module;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,49 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example.ldap;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.naming.directory.Attributes;
|
||||
|
||||
import com.fasterxml.jackson.core.JacksonException;
|
||||
import com.fasterxml.jackson.core.JsonParser;
|
||||
import com.fasterxml.jackson.core.JsonToken;
|
||||
import com.fasterxml.jackson.core.type.TypeReference;
|
||||
import com.fasterxml.jackson.databind.DeserializationContext;
|
||||
import com.fasterxml.jackson.databind.JsonDeserializer;
|
||||
|
||||
import org.springframework.ldap.core.NameAwareAttributes;
|
||||
|
||||
public class AttributesDeserializer extends JsonDeserializer<Attributes> {
|
||||
|
||||
@Override
|
||||
public Attributes deserialize(JsonParser p, DeserializationContext ctxt) throws IOException, JacksonException {
|
||||
NameAwareAttributes attributes = new NameAwareAttributes();
|
||||
if (p.currentToken() == JsonToken.START_OBJECT) {
|
||||
p.nextToken();
|
||||
}
|
||||
Map<String, Object> map = p.getCodec().readValue(p, new TypeReference<>() {
|
||||
});
|
||||
for (Map.Entry<String, Object> entry : map.entrySet()) {
|
||||
attributes.put(entry.getKey(), entry.getValue());
|
||||
}
|
||||
return attributes;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,59 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example.ldap;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import javax.naming.directory.Attributes;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonGenerator;
|
||||
import com.fasterxml.jackson.databind.JsonSerializer;
|
||||
import com.fasterxml.jackson.databind.SerializerProvider;
|
||||
|
||||
import org.springframework.ldap.core.NameAwareAttribute;
|
||||
import org.springframework.ldap.core.NameAwareAttributes;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
public class AttributesSerializer extends JsonSerializer<Attributes> {
|
||||
|
||||
@Override
|
||||
public void serialize(Attributes value, JsonGenerator gen, SerializerProvider serializers) throws IOException {
|
||||
if (!(value instanceof NameAwareAttributes attributes)) {
|
||||
serializers.defaultSerializeValue(value, gen);
|
||||
return;
|
||||
}
|
||||
Iterator<NameAwareAttribute> iterator = CollectionUtils.toIterator(attributes.getAll());
|
||||
while (iterator.hasNext()) {
|
||||
NameAwareAttribute attribute = iterator.next();
|
||||
if (attribute.size() == 0) {
|
||||
serializers.defaultSerializeField(attribute.getID(), null, gen);
|
||||
}
|
||||
else if (attribute.size() == 1) {
|
||||
serializers.defaultSerializeField(attribute.getID(), attribute.get(), gen);
|
||||
}
|
||||
else {
|
||||
List<Object> mapElement = new ArrayList<>();
|
||||
attribute.forEach(mapElement::add);
|
||||
serializers.defaultSerializeField(attribute.getID(), mapElement, gen);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,33 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example.ldap;
|
||||
|
||||
import javax.naming.NamingException;
|
||||
|
||||
import org.springframework.ldap.core.ContextMapper;
|
||||
import org.springframework.ldap.core.DirContextOperations;
|
||||
|
||||
public interface DirContextOperationsMapper<T> extends ContextMapper<T> {
|
||||
|
||||
@Override
|
||||
default T mapFromContext(Object o) throws NamingException {
|
||||
return mapFromDirContextOperations((DirContextOperations) o);
|
||||
}
|
||||
|
||||
T mapFromDirContextOperations(DirContextOperations source) throws NamingException;
|
||||
|
||||
}
|
||||
@@ -0,0 +1,42 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example.ldap;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.naming.Name;
|
||||
|
||||
import com.fasterxml.jackson.core.JacksonException;
|
||||
import com.fasterxml.jackson.core.JsonParser;
|
||||
import com.fasterxml.jackson.core.JsonToken;
|
||||
import com.fasterxml.jackson.databind.DeserializationContext;
|
||||
import com.fasterxml.jackson.databind.JsonDeserializer;
|
||||
|
||||
import org.springframework.ldap.support.LdapUtils;
|
||||
|
||||
public class NameDeserializer extends JsonDeserializer<Name> {
|
||||
|
||||
@Override
|
||||
public Name deserialize(JsonParser p, DeserializationContext ctxt) throws IOException, JacksonException {
|
||||
if (p.currentToken() == JsonToken.START_OBJECT) {
|
||||
p.nextToken();
|
||||
}
|
||||
String value = p.getCodec().readValue(p, String.class);
|
||||
return LdapUtils.newLdapName(value);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,43 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example.ldap;
|
||||
|
||||
import java.util.Locale;
|
||||
|
||||
import javax.naming.Name;
|
||||
|
||||
import org.springframework.format.Formatter;
|
||||
import org.springframework.lang.NonNull;
|
||||
import org.springframework.ldap.support.LdapUtils;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
@Component
|
||||
public class NameFormatter implements Formatter<Name> {
|
||||
|
||||
@Override
|
||||
@NonNull
|
||||
public String print(@NonNull Name object, @NonNull Locale locale) {
|
||||
return object.toString();
|
||||
}
|
||||
|
||||
@Override
|
||||
@NonNull
|
||||
public Name parse(@NonNull String text, @NonNull Locale locale) {
|
||||
return LdapUtils.newLdapName(text);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,32 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example.ldap;
|
||||
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.ldap.NameNotFoundException;
|
||||
import org.springframework.web.bind.annotation.ControllerAdvice;
|
||||
import org.springframework.web.bind.annotation.ExceptionHandler;
|
||||
|
||||
@ControllerAdvice
|
||||
public class NameNotFoundHandler {
|
||||
|
||||
@ExceptionHandler(NameNotFoundException.class)
|
||||
public ResponseEntity<?> notFound() {
|
||||
return ResponseEntity.notFound().build();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,35 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example.ldap;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.naming.Name;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonGenerator;
|
||||
import com.fasterxml.jackson.databind.JsonSerializer;
|
||||
import com.fasterxml.jackson.databind.SerializerProvider;
|
||||
|
||||
public class NameSerializer extends JsonSerializer<Name> {
|
||||
|
||||
@Override
|
||||
public void serialize(Name name, JsonGenerator jsonGenerator, SerializerProvider serializerProvider)
|
||||
throws IOException {
|
||||
serializerProvider.defaultSerializeValue(name.toString(), jsonGenerator);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,33 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example.security;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
|
||||
import org.springframework.security.authorization.AuthorizationResult;
|
||||
import org.springframework.security.authorization.method.MethodAuthorizationDeniedHandler;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
@Component
|
||||
public class NullMethodAuthorizationDeniedHandler implements MethodAuthorizationDeniedHandler {
|
||||
|
||||
@Override
|
||||
public Object handleDeniedInvocation(MethodInvocation methodInvocation, AuthorizationResult authorizationResult) {
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
spring.jackson.default-property-inclusion=non_null
|
||||
@@ -0,0 +1,65 @@
|
||||
dn: ou=groups,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: organizationalUnit
|
||||
ou: groups
|
||||
|
||||
dn: ou=people,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: organizationalUnit
|
||||
ou: people
|
||||
|
||||
dn: uid=user,ou=people,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: person
|
||||
objectclass: organizationalPerson
|
||||
objectclass: inetOrgPerson
|
||||
cn: User User
|
||||
sn: User
|
||||
uid: user
|
||||
userPassword: password
|
||||
|
||||
dn: uid=may,ou=people,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: person
|
||||
objectclass: organizationalPerson
|
||||
objectclass: inetOrgPerson
|
||||
cn: May Bea
|
||||
sn: May
|
||||
uid: may
|
||||
userPassword: later
|
||||
|
||||
dn: uid=hal,ou=people,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: person
|
||||
objectclass: organizationalPerson
|
||||
objectclass: inetOrgPerson
|
||||
cn: Hal 2000
|
||||
sn: Hal
|
||||
uid: hal
|
||||
userPassword: sorrydave
|
||||
|
||||
dn: uid=dante,ou=people,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: person
|
||||
objectclass: organizationalPerson
|
||||
objectclass: inetOrgPerson
|
||||
cn: Dante Alvarez
|
||||
sn: Alvarez
|
||||
uid: dante
|
||||
userPassword: secret
|
||||
|
||||
dn: cn=developers,ou=groups,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: groupOfUniqueNames
|
||||
cn: developers
|
||||
ou: developer
|
||||
uniqueMember: uid=dante,ou=people,dc=springframework,dc=org
|
||||
uniqueMember: uid=may,ou=people,dc=springframework,dc=org
|
||||
|
||||
dn: cn=managers,ou=groups,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: groupOfUniqueNames
|
||||
cn: managers
|
||||
ou: manager
|
||||
uniqueMember: uid=hal,ou=people,dc=springframework,dc=org
|
||||
uniqueMember: uid=may,ou=people,dc=springframework,dc=org
|
||||
@@ -0,0 +1,166 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import com.fasterxml.jackson.core.type.TypeReference;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.ldap.support.LdapUtils;
|
||||
import org.springframework.security.ldap.server.UnboundIdContainer;
|
||||
import org.springframework.security.test.context.support.WithMockUser;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
*/
|
||||
@SpringBootTest
|
||||
@AutoConfigureMockMvc
|
||||
public class SecurityApplicationTests {
|
||||
|
||||
@Autowired
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@Autowired
|
||||
private ObjectMapper mapper;
|
||||
|
||||
@Autowired
|
||||
UnboundIdContainer container;
|
||||
|
||||
@BeforeEach
|
||||
void setup() {
|
||||
this.container.start();
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
void teardown() {
|
||||
this.container.stop();
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser
|
||||
void authenticatedPersonsThenOk() throws Exception {
|
||||
// @formatter:off
|
||||
String json = this.mockMvc.perform(get("/people"))
|
||||
.andExpect(status().isOk())
|
||||
.andReturn().getResponse().getContentAsString();
|
||||
List<Person> people = this.mapper.readValue(json, new TypeReference<>() { });
|
||||
assertThat(people).hasSize(4)
|
||||
.extracting(Person::getUsername).containsExactlyInAnyOrder("user", "may", "hal", "dante");
|
||||
assertThat(people)
|
||||
.extracting(Person::getName).containsOnlyNulls();
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(roles = "ADMIN")
|
||||
void adminAuthenticatedPersonsThenOk() throws Exception {
|
||||
// @formatter:off
|
||||
String json = this.mockMvc.perform(get("/people"))
|
||||
.andExpect(status().isOk())
|
||||
.andReturn().getResponse().getContentAsString();
|
||||
List<Person> people = this.mapper.readValue(json, new TypeReference<>() { });
|
||||
assertThat(people).hasSize(4)
|
||||
.extracting(Person::getUsername).containsExactlyInAnyOrder("user", "may", "hal", "dante");
|
||||
assertThat(people)
|
||||
.extracting(Person::getName).containsExactlyInAnyOrder(
|
||||
"User User", "May Bea", "Hal 2000", "Dante Alvarez");
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Test
|
||||
void basicAuthenticatedPersonsThenOk() throws Exception {
|
||||
// @formatter:off
|
||||
String json = this.mockMvc.perform(get("/people").with(httpBasic("dante", "secret")))
|
||||
.andExpect(status().isOk())
|
||||
.andReturn().getResponse().getContentAsString();
|
||||
List<Person> people = this.mapper.readValue(json, new TypeReference<>() { });
|
||||
assertThat(people).hasSize(4)
|
||||
.extracting(Person::getUsername).containsExactlyInAnyOrder("user", "may", "hal", "dante");
|
||||
assertThat(people)
|
||||
.extracting(Person::getName).containsOnlyNulls();
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Test
|
||||
void basicAdminAuthenticatedPersonsThenOk() throws Exception {
|
||||
// @formatter:off
|
||||
String json = this.mockMvc.perform(get("/people").with(httpBasic("may", "later")))
|
||||
.andExpect(status().isOk())
|
||||
.andReturn().getResponse().getContentAsString();
|
||||
List<Person> people = this.mapper.readValue(json, new TypeReference<>() { });
|
||||
assertThat(people).hasSize(4)
|
||||
.extracting(Person::getUsername).containsExactlyInAnyOrder("user", "may", "hal", "dante");
|
||||
assertThat(people)
|
||||
.extracting(Person::getName).containsExactlyInAnyOrder(
|
||||
"User User", "May Bea", "Hal 2000", "Dante Alvarez");
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Test
|
||||
void meThenCurrentPerson() throws Exception {
|
||||
String json = this.mockMvc.perform(get("/people/me").with(httpBasic("user", "password")))
|
||||
.andExpect(status().isOk())
|
||||
.andReturn()
|
||||
.getResponse()
|
||||
.getContentAsString();
|
||||
Person person = this.mapper.readValue(json, Person.class);
|
||||
assertThat(person.getUsername()).isEqualTo("user");
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(roles = "ADMIN")
|
||||
void partiallyUpdatePersonThenUpdated() throws Exception {
|
||||
Person person = new Person("dante");
|
||||
person.setDn(LdapUtils.newLdapName("uid=dante,ou=people"));
|
||||
person.setUsername("ari");
|
||||
String json = this.mapper.writeValueAsString(person);
|
||||
String updated = this.mockMvc
|
||||
.perform(put("/people/" + person.getDn()).content(json).contentType(MediaType.APPLICATION_JSON))
|
||||
.andExpect(status().isOk())
|
||||
.andReturn()
|
||||
.getResponse()
|
||||
.getContentAsString();
|
||||
person = this.mapper.readValue(updated, Person.class);
|
||||
assertThat(person.getUsername()).isEqualTo("ari");
|
||||
assertThat(person.getDn().toString()).isEqualTo("uid=ari,ou=people");
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(roles = "ADMIN")
|
||||
void deletePersonThenRemoved() throws Exception {
|
||||
String dn = "uid=hal,ou=people";
|
||||
this.mockMvc.perform(delete("/people/" + dn)).andExpect(status().isOk());
|
||||
this.mockMvc.perform(get("/people/" + dn)).andExpect(status().isNotFound());
|
||||
}
|
||||
|
||||
}
|
||||
@@ -20,6 +20,7 @@ plugins {
|
||||
}
|
||||
|
||||
include ":servlet:spring-boot:java:boot"
|
||||
include ":servlet:spring-boot:java:security"
|
||||
include ":servlet:xml:java:odm"
|
||||
include ":servlet:xml:java:plain"
|
||||
include ":servlet:xml:java:user-admin"
|
||||
|
||||
Reference in New Issue
Block a user