Add LDAP authorization and MongoDB session storage (#86)

Add LDAP authorization to http requests

Author: Christoffer-Cortes

pom.xml

@@ -10,7 +10,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>1.5.5.RELEASE</version>
+        <version>2.0.1.RELEASE</version>
         <relativePath/> <!-- ..  lookup parent from repository -->
     </parent>
 
@@ -83,11 +83,31 @@
             <artifactId>spring-boot-starter-tomcat</artifactId>
             <scope>compile</scope>
         </dependency>
+        
+        <dependency>
+            <groupId>org.springframework.ldap</groupId>
+            <artifactId>spring-ldap-core</artifactId>
+        </dependency>
+        
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-ldap</artifactId>
+        </dependency>
+        
+        <dependency>
+            <groupId>org.springframework.session</groupId>
+            <artifactId>spring-session-data-mongodb</artifactId>
+        </dependency>
+        
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-mongodb</artifactId>
+        </dependency>
 
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.8.9</version>
+            <version>2.9.4</version>
         </dependency>
 
         <dependency>
@@ -202,8 +222,8 @@
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
             </plugin>
-                        
-      <!-- PhoenixNAP RAML Code Generator plugin used to generate sources
+            
+              <!-- PhoenixNAP RAML Code Generator plugin used to generate sources
                 from raml -->
             <plugin>
                 <groupId>com.phoenixnap.oss</groupId>
@@ -254,8 +274,8 @@
                         </configuration>
                     </execution>
                 </executions>
-            </plugin>                         
-                        
+            </plugin> 
+                                                                   
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>

src/main/java/com/ericsson/ei/App.java

@@ -26,7 +26,7 @@
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.builder.SpringApplicationBuilder;
-import org.springframework.boot.web.support.SpringBootServletInitializer;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
 import org.springframework.context.support.SimpleThreadScope;
 import org.springframework.scheduling.annotation.EnableAsync;
 import org.springframework.scheduling.annotation.EnableScheduling;

src/main/java/com/ericsson/ei/EndpointSecurity.java

@@ -0,0 +1,96 @@
+/*
+   Copyright 2017 Ericsson AB.
+   For a full list of individual contributors, please see the commit history.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package com.ericsson.ei;
+
+import org.apache.tomcat.util.codec.binary.Base64;
+import org.apache.tomcat.util.codec.binary.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+
+@Configuration
+@EnableWebSecurity
+public class EndpointSecurity extends WebSecurityConfigurerAdapter {
+    
+    private static Logger LOGGER = (Logger) LoggerFactory.getLogger(EndpointSecurity.class);
+    
+    @Value("${ldap.enabled}")
+    private boolean ldapEnabled;
+    
+    @Value("${ldap.url}")
+    private String ldapUrl;
+    
+    @Value("${ldap.base.dn}")
+    private String ldapBaseDn;
+    
+    @Value("${ldap.username}")
+    private String ldapUsername;
+    
+    @Value("${ldap.password}")
+    private String ldapPassword;
+    
+    @Value("${ldap.user.filter}")
+    private String ldapUserFilter;
+    
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        if(ldapEnabled) {
+            LOGGER.info("LDAP security configuration is enabled");
+            http
+            .authorizeRequests()
+                .anyRequest().authenticated()
+            .and()
+                .sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+            .and()
+                .httpBasic()
+            .and()
+                .csrf().disable();
+        }
+        else {
+            LOGGER.info("LDAP security configuration is disabled");
+            http
+            .csrf().disable();
+        }
+    }
+
+    @Override
+    public void configure(AuthenticationManagerBuilder auth) throws Exception {
+        if(ldapEnabled) {
+            auth
+            .eraseCredentials(false)
+            .ldapAuthentication()
+                .userSearchFilter(ldapUserFilter)
+                .contextSource()
+                    .url(ldapUrl)
+                    .root(ldapBaseDn)
+                    .managerDn(ldapUsername)
+                    .managerPassword(decodeBase64(ldapPassword));
+        }
+    }
+    
+    private String decodeBase64(String password) {
+        return StringUtils.newStringUtf8(Base64.decodeBase64(password));
+    }
+}

src/main/java/com/ericsson/ei/EnpointSecurity.java

@@ -0,0 +1,23 @@
+package com.ericsson.ei.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Primary;
+import org.springframework.data.mongodb.core.MongoOperations;
+import org.springframework.session.data.mongo.MongoOperationsSessionRepository;
+import org.springframework.session.data.mongo.config.annotation.web.http.EnableMongoHttpSession;
+
+@EnableMongoHttpSession(collectionName="sessions")
+public class HttpSessionConfig {
+    
+    @Value("${server.session-timeout}")
+    private int maxInactiveIntervalInSeconds;
+    
+    @Primary
+    @Bean
+    public MongoOperationsSessionRepository mongoSessionRepository(MongoOperations mongoOperations) {
+        MongoOperationsSessionRepository repository = new MongoOperationsSessionRepository(mongoOperations);
+        repository.setMaxInactiveIntervalInSeconds(maxInactiveIntervalInSeconds);
+        return repository;
+    }
+}

src/main/java/com/ericsson/ei/config/HttpSessionConfig.java

@@ -46,7 +46,7 @@ public class EventToObjectMapHandler {
     static Logger log = (Logger) LoggerFactory.getLogger(ExtractionHandler.class);
 
     @Value("${event_object_map.collection.name}") private String collectionName;
-    @Value("${database.name}") private String databaseName;
+    @Value("${spring.data.mongodb.database}") private String databaseName;
 
     private final String listPropertyName = "objects";
 

src/main/java/com/ericsson/ei/handlers/EventToObjectMapHandler.java

@@ -48,9 +48,9 @@ public class ObjectHandler {
     @Value("${aggregated.collection.name}")
     private String collectionName;
 
-    @Getter
-    @Setter
-    @Value("${database.name}")
+
+    @Getter @Setter
+    @Value("${spring.data.mongodb.database}")
     private String databaseName;
 
     @Setter

src/main/java/com/ericsson/ei/handlers/ObjectHandler.java

@@ -49,19 +49,20 @@
 @Component
 public class MongoDBHandler {
     static Logger log = (Logger) LoggerFactory.getLogger(MongoDBHandler.class);
-
+    
+    @Getter
     MongoClient mongoClient;
 
     public void setMongoClient(MongoClient mongoClient) {
         this.mongoClient = mongoClient;
     }
 
     @Getter
-    @Value("${mongodb.host}")
+    @Value("${spring.data.mongodb.host}")
     private String host;
 
     @Getter
-    @Value("${mongodb.port}")
+    @Value("${spring.data.mongodb.port}")
     private int port;
 
     // TODO establish connection automatically when Spring instantiate this

src/main/java/com/ericsson/ei/mongodbhandler/MongoDBHandler.java

@@ -43,7 +43,7 @@ public class ProcessAggregatedObject {
     @Value("${aggregated.collection.name}")
     private String aggregationCollectionName;
 
-    @Value("${database.name}")
+    @Value("${spring.data.mongodb.database}")
     private String aggregationDataBaseName;
 
     private static final Logger LOGGER = (Logger) LoggerFactory.getLogger(ProcessAggregatedObject.class);

src/main/java/com/ericsson/ei/queryservice/ProcessAggregatedObject.java

@@ -42,7 +42,7 @@ public class ProcessQueryParams {
     @Value("${aggregated.collection.name}")
     private String aggregationCollectionName;
 
-    @Value("${database.name}")
+    @Value("${spring.data.mongodb.database}")
     private String dataBaseName;
 
     @Value("${missedNotificationCollectionName}")