Versions Compared

Old Version 2

changes.mady.by.user Onesait Platform

Saved on

compared with

New Version Current

changes.mady.by.user Onesait Platform

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


In this post, we are going to explain how to create a new Authentication module for authenticating to authenticate users in the platform.

As a demonstration, we are going to implement LDAP protocol.

...

Where is the Authentication Provider configured?


As we know, for Authentication authentication purposes, Spring Boot uses AuthenticationProvider beans. This is configured in the class SpringSecurityConfig.java, you . You can find it in onesaitplatform-controlpanel, under the package com.minsait.onesait.platform.controlpanel.security.

...

NOTE: As we are injecting the AuthenticationProvider interface itself, we can't cannot have more than one bean/service/component implementing this interface at a given time, but we will go deeper into this later.


Integrating LDAP


The AuthenticationProviders are found in the project onesaitplatform-security-ri.

First Firstly, add the LDAP dependencies in the pom.xml.

...

Application parameters for configuration


Now, open up the controlpanel's application.yml of the controlpanel,   and the oauth-server, as this because these two modules will use the AuthenticationProvider implementation independently.

For the LDAP configuration, you will need the following parameters, so set up them in bot both yaml files:



LDAP context and template configuration

...

Now we are going to set up the LDAP Context and Template. For To do this, create a @Configuration class inside in the project.



Here we are just importing the yaml parameters and setting them up in LDAP configuration elements.

The LdapTemplate Bean is what we are going to use to exchange requests/responses between the platform and the Ldap LDAP server.


Implementing AuthenticationProvider

...

The logic we are going to implement in this component is:

  • Authenticate the user through LDAP server.
  • If the user does not exist in the ConfigDB, then create that user, extending the info information retrieved from LDAP server with a custom service . (In this example, 'LdapUserService').



@Override authenticate

...

Create filter and authenticate through LDAP server


If the user is authenticated:


If the user does not exists, then create . First searching for Ldap the user. Firstly, search for LDAP attributes. The LdapUserMapper , will map attributes cn,sn and mail from Ldap info to User entity attributes.


Then we you will need to complete the User entity before comitting committing to DB.

We set Set the userid and the password, and then call LdapUserService to assign the default Role, set it to active,   and save to DB.


@Override supports

As we you are returning an instance of UsernamePasswordAuthenticationToken, then override the method like this:


AuthenticationProvider Singleton

...

As we stated before in this tutorial, we you can only have one bean of type AuthenticationProvider at a time, so we you are going to define a @ConditionalOnProperty in each Component of this type.

For example, in the platform we have several implementations of AuthenticationProvider, so we you can add this annotation:

LdapAuthenticationProvider

...

ConfigDBAuthenticationProvider



As we you can see, the property defined in application.yml (remember to define it en in every module that uses Authentication, i.e. Oauth server and Controlpanel) 'onesaitplatform.authentication.provider, drives the switching between providers.

...