1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
@RestController
@RequestMapping("/api/v3")
@CrossOrigin()
@Tag(description = "Authentification au service")
public class AuthentificationEndpoint {
@Autowired
private IAuthentificationService iAuthentificationService;
@Autowired
private AuthenticationManager authenticationManager;
@Operation(summary = "CECI EST UN TEST : Authentification LDAP")
@PostMapping(value = "/ldapAuth", consumes = APPLICATION_JSON_VALUE, produces = APPLICATION_JSON_VALUE)
@ResponseStatus(HttpStatus.OK)
public void ldap(@Valid @RequestBody UserAuthentificationDTO userAuth) {
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(userAuth.getEmail(),
userAuth.getPassword()));
}
@Operation(summary = "Authentification à l'API par un utilisateur")
@PostMapping(value = "/authentificate", consumes = APPLICATION_JSON_VALUE, produces = APPLICATION_JSON_VALUE)
@ResponseStatus(HttpStatus.OK)
public JwtModelDTO authentificate(@Valid @RequestBody UserAuthentificationDTO userAuth) {
return iAuthentificationService.authentificate(userAuth.getEmail(), userAuth.getPassword());
}
}
@RequiredArgsConstructor
@Service
@Slf4j
public class AuthentificationRepositoryAdapter implements AuthentificationRepository {
private final UserJpaRepository userJpaRepository;
private final PasswordEncoder passwordEncoder;
private final JwtTokenProvider jwtTokenProvider;
private final AuthenticationManager authenticationManager;
private final TokenService tokenService;
@Autowired
private ModelMapper modelMapper;
@Override
public JwtModelDTO authentificate(String email, String password) { // Cette methode fonctionne, authentification depuis la base de données
try {
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(email, password));
AppUser appUser = userJpaRepository.findByEmail(email);
JwtModelDTO jwtModel = jwtTokenProvider.createToken(appUser, AppConstants.ACCESS_TOKEN_EXPIRATION_FOR_USER);
jwtTokenProvider.insertTokenIntoRedis(jwtModel);
return jwtModel;
} catch (AuthenticationException e) {
throw new InternalServerErrorException("Il semblerait qu'une erreur de frappe soit présente...");
}
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
// @RequiredArgsConstructor
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private JwtTokenProvider jwtTokenProvider;
private OpenLdapAuthenticationProvider openLdapAuthenticationProvider;
public WebSecurityConfig(OpenLdapAuthenticationProvider openLdapAuthenticationProvider,
JwtTokenProvider jwtTokenProvider) {
this.openLdapAuthenticationProvider = openLdapAuthenticationProvider;
this.jwtTokenProvider = jwtTokenProvider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(openLdapAuthenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(corsFilter(), ChannelProcessingFilter.class);
http.csrf().disable();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests()
.antMatchers("/api/v3/authentificate").permitAll() // On doit pouvoir s'authentifier d'ici
.antMatchers("/api/v3/signup").permitAll()
.antMatchers("/api/v3/ldapAuth").permitAll() // Uniquement pour tester
.anyRequest().authenticated();
http.apply(new JwtTokenFilterConfigurer(jwtTokenProvider));
}
@Override
public void configure(WebSecurity web) throws Exception {
// Allow swagger to be accessed without authentication
web.ignoring().antMatchers("/v3/api-docs/**")//
.antMatchers("/swagger-resources/**")//
.antMatchers("/swagger-ui/**")
.antMatchers("/swagger-ui.html");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(12);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
@Component
public class OpenLdapAuthenticationProvider implements AuthenticationProvider {
@Autowired
private LdapTemplate ldapTemplate;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
Filter filter = new EqualsFilter("mail", authentication.getName());
Boolean authenticate = ldapTemplate.authenticate(LdapUtils.emptyLdapName(), filter.encode(),
authentication.getCredentials().toString());
if (authenticate) {
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_USER"));
UserDetails userDetails = new User(authentication.getName(), authentication.getCredentials().toString(),
grantedAuthorities);
Authentication auth = new UsernamePasswordAuthenticationToken(userDetails,
authentication.getCredentials().toString(), grantedAuthorities);
return auth;
} else {
System.out.println("auth FAIL");
return null;
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
} |
Spring : Authentification depuis la base ou authentification au LDAP
: Comment coupler ces deux méthodes d'authentification ?
Répondre avec citation
Partager