LDAP security config refactoring

kafbat · Dec 16, 2024 · 488f5b3 · 488f5b3
1 parent d507a9f
commit 488f5b3
Showing 1 changed file with 19 additions and 7 deletions.
diff --git a/api/src/main/java/io/kafbat/ui/config/auth/LdapSecurityConfig.java b/api/src/main/java/io/kafbat/ui/config/auth/LdapSecurityConfig.java
@@ -63,24 +63,32 @@ public ReactiveAuthenticationManager authenticationManager(LdapContextSource lda
       ba.setUserSearch(userSearch);
     }
 
+    var authenticationProvider = getAuthenticationProvider(authoritiesExtractor, rbacEnabled, ba);
+
+    AuthenticationManager am = new ProviderManager(List.of(authenticationProvider));
+
+    return new ReactiveAuthenticationManagerAdapter(am);
+  }
+
+  private AbstractLdapAuthenticationProvider getAuthenticationProvider(LdapAuthoritiesPopulator authoritiesExtractor,
+                                                                       boolean rbacEnabled,
+                                                                       BindAuthenticator bindAuthenticator) {
     AbstractLdapAuthenticationProvider authenticationProvider;
+
     if (!props.isActiveDirectory()) {
       authenticationProvider = rbacEnabled
-          ? new LdapAuthenticationProvider(ba, authoritiesExtractor)
-          : new LdapAuthenticationProvider(ba);
+          ? new LdapAuthenticationProvider(bindAuthenticator, authoritiesExtractor)
+          : new LdapAuthenticationProvider(bindAuthenticator);
     } else {
       authenticationProvider = new ActiveDirectoryLdapAuthenticationProvider(props.getActiveDirectoryDomain(),
-          props.getUrls()); // TODO Issue #3741
+          props.getUrls());
       authenticationProvider.setUseAuthenticationRequestCredentials(true);
     }
 
     if (rbacEnabled) {
       authenticationProvider.setUserDetailsContextMapper(new UserDetailsMapper());
     }
-
-    AuthenticationManager am = new ProviderManager(List.of(authenticationProvider));
-
-    return new ReactiveAuthenticationManagerAdapter(am);
+    return authenticationProvider;
   }
 
   @Bean
@@ -99,6 +107,10 @@ public DefaultLdapAuthoritiesPopulator ldapAuthoritiesExtractor(ApplicationConte
                                                                   AccessControlService acs) {
     var rbacEnabled = acs != null && acs.isRbacEnabled();
 
+    if (props.isActiveDirectory()) {
+      return null;
+    }
+
     DefaultLdapAuthoritiesPopulator extractor;
 
     if (rbacEnabled) {