GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Allow port=0 for ApacheDSContainer 

Fixes gh-8144
pull/8581/head
Evgeniy Cheban 6 years ago committed by Rob Winch
parent
06254a4fd4
commit
0fa339f75b
4 changed files with 115 additions and 55 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 43
      config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
  2. 82
      config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
  3. 19
      ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
  4. 22
      ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java

43
config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
Unescape View File

@ -442,14 +442,20 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
* embedded LDAP instance. * embedded LDAP instance.
* *
* @author Rob Winch * @author Rob Winch
* @author Evgeniy Cheban
* @since 3.2 * @since 3.2
*/ */
public final class ContextSourceBuilder { public final class ContextSourceBuilder {
private static final String APACHEDS_CLASSNAME = "org.apache.directory.server.core.DefaultDirectoryService";
private static final String UNBOUNDID_CLASSNAME = "com.unboundid.ldap.listener.InMemoryDirectoryServer";
private static final int DEFAULT_PORT = 33389;
private static final int RANDOM_PORT = 0;
private String ldif = "classpath*:*.ldif"; private String ldif = "classpath*:*.ldif";
private String managerPassword; private String managerPassword;
private String managerDn; private String managerDn;
private Integer port; private Integer port;
private static final int DEFAULT_PORT = 33389;
private String root = "dc=springframework,dc=org"; private String root = "dc=springframework,dc=org";
private String url; private String url;
@ -540,6 +546,10 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
} }
private DefaultSpringSecurityContextSource build() throws Exception { private DefaultSpringSecurityContextSource build() throws Exception {
if (this.url == null) {
startEmbeddedLdapServer();
}
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource( DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(
getProviderUrl()); getProviderUrl());
if (managerDn != null) { if (managerDn != null) {
@ -551,26 +561,29 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
contextSource.setPassword(managerPassword); contextSource.setPassword(managerPassword);
} }
contextSource = postProcess(contextSource); contextSource = postProcess(contextSource);
if (url != null) {
return contextSource; return contextSource;
} }
if (ClassUtils.isPresent("org.apache.directory.server.core.DefaultDirectoryService", getClass().getClassLoader())) {
ApacheDSContainer apacheDsContainer = new ApacheDSContainer(root, ldif); private void startEmbeddedLdapServer() throws Exception {
if (ClassUtils.isPresent(APACHEDS_CLASSNAME, getClass().getClassLoader())) {
ApacheDSContainer apacheDsContainer = new ApacheDSContainer(this.root, this.ldif);
apacheDsContainer.setPort(getPort()); apacheDsContainer.setPort(getPort());
postProcess(apacheDsContainer); postProcess(apacheDsContainer);
this.port = apacheDsContainer.getLocalPort();
} }
else if (ClassUtils.isPresent("com.unboundid.ldap.listener.InMemoryDirectoryServer", getClass().getClassLoader())) { else if (ClassUtils.isPresent(UNBOUNDID_CLASSNAME, getClass().getClassLoader())) {
UnboundIdContainer unboundIdContainer = new UnboundIdContainer(root, ldif); UnboundIdContainer unboundIdContainer = new UnboundIdContainer(this.root, this.ldif);
unboundIdContainer.setPort(getPort()); unboundIdContainer.setPort(getPort());
postProcess(unboundIdContainer); postProcess(unboundIdContainer);
this.port = unboundIdContainer.getPort();
}
else {
throw new IllegalStateException("Embedded LDAP server is not provided");
} }
return contextSource;
} }
private int getPort() { private int getPort() {
if (port != null && port == 0) { if (port == null) {
port = getRandomPort();
} else if (port == null) {
port = getDefaultPort(); port = getDefaultPort();
} }
return port; return port;
@ -580,15 +593,7 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
try (ServerSocket serverSocket = new ServerSocket(DEFAULT_PORT)) { try (ServerSocket serverSocket = new ServerSocket(DEFAULT_PORT)) {
return serverSocket.getLocalPort(); return serverSocket.getLocalPort();
} catch (IOException e) { } catch (IOException e) {
return getRandomPort(); return RANDOM_PORT;
}
}
private int getRandomPort() {
try (ServerSocket serverSocket = new ServerSocket(0)) {
return serverSocket.getLocalPort();
} catch (IOException e) {
return DEFAULT_PORT;
} }
} }

82
config/src/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
Unescape View File

@ -18,17 +18,19 @@ package org.springframework.security.config.ldap;
import java.io.IOException; import java.io.IOException;
import java.net.ServerSocket; import java.net.ServerSocket;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Element; import org.w3c.dom.Element;
import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.parsing.BeanComponentDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser; import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser; import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.security.config.BeanIds; import org.springframework.security.config.BeanIds;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.server.ApacheDSContainer; import org.springframework.security.ldap.server.ApacheDSContainer;
import org.springframework.security.ldap.server.UnboundIdContainer; import org.springframework.security.ldap.server.UnboundIdContainer;
import org.springframework.util.ClassUtils; import org.springframework.util.ClassUtils;
@ -37,12 +39,11 @@ import org.springframework.util.StringUtils;
/** /**
* @author Luke Taylor * @author Luke Taylor
* @author Eddú Meléndez * @author Eddú Meléndez
* @author Evgeniy Cheban
*/ */
public class LdapServerBeanDefinitionParser implements BeanDefinitionParser { public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
private static final String CONTEXT_SOURCE_CLASS = "org.springframework.security.ldap.DefaultSpringSecurityContextSource"; private static final String CONTEXT_SOURCE_CLASS = "org.springframework.security.ldap.DefaultSpringSecurityContextSource";
private final Log logger = LogFactory.getLog(getClass());
/** /**
* Defines the Url of the ldap server to use. If not specified, an embedded apache DS * Defines the Url of the ldap server to use. If not specified, an embedded apache DS
* instance will be created * instance will be created
@ -66,8 +67,8 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
/** Defines the port the LDAP_PROVIDER server should run on */ /** Defines the port the LDAP_PROVIDER server should run on */
public static final String ATT_PORT = "port"; public static final String ATT_PORT = "port";
private static final String RANDOM_PORT = "0";
private static final int DEFAULT_PORT = 33389; private static final int DEFAULT_PORT = 33389;
public static final String OPT_DEFAULT_PORT = String.valueOf(DEFAULT_PORT);
private static final String APACHEDS_CLASSNAME = "org.apache.directory.server.core.DefaultDirectoryService"; private static final String APACHEDS_CLASSNAME = "org.apache.directory.server.core.DefaultDirectoryService";
private static final String UNBOUNID_CLASSNAME = "com.unboundid.ldap.listener.InMemoryDirectoryServer"; private static final String UNBOUNID_CLASSNAME = "com.unboundid.ldap.listener.InMemoryDirectoryServer";
@ -136,28 +137,22 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
suffix = OPT_DEFAULT_ROOT_SUFFIX; suffix = OPT_DEFAULT_ROOT_SUFFIX;
} }
String port = element.getAttribute(ATT_PORT);
if ("0".equals(port)) {
port = getRandomPort();
if (logger.isDebugEnabled()) {
logger.debug("Using default port of " + port);
}
} else if (!StringUtils.hasText(port)) {
port = getDefaultPort();
if (logger.isDebugEnabled()) {
logger.debug("Using default port of " + port);
}
}
String url = "ldap://127.0.0.1:" + port + "/" + suffix;
BeanDefinitionBuilder contextSource = BeanDefinitionBuilder BeanDefinitionBuilder contextSource = BeanDefinitionBuilder
.rootBeanDefinition(CONTEXT_SOURCE_CLASS); .rootBeanDefinition(CONTEXT_SOURCE_CLASS);
contextSource.addConstructorArgValue(url); contextSource.addConstructorArgValue(suffix);
contextSource.addPropertyValue("userDn", "uid=admin,ou=system"); contextSource.addPropertyValue("userDn", "uid=admin,ou=system");
contextSource.addPropertyValue("password", "secret"); contextSource.addPropertyValue("password", "secret");
BeanDefinition embeddedLdapServerConfigBean = BeanDefinitionBuilder
.rootBeanDefinition(EmbeddedLdapServerConfigBean.class).getBeanDefinition();
String embeddedLdapServerConfigBeanName = parserContext.getReaderContext()
.generateBeanName(embeddedLdapServerConfigBean);
parserContext.registerBeanComponent(new BeanComponentDefinition(embeddedLdapServerConfigBean,
embeddedLdapServerConfigBeanName));
contextSource.setFactoryMethodOnBean("createEmbeddedContextSource", embeddedLdapServerConfigBeanName);
String mode = element.getAttribute("mode"); String mode = element.getAttribute("mode");
RootBeanDefinition ldapContainer = getRootBeanDefinition(mode); RootBeanDefinition ldapContainer = getRootBeanDefinition(mode);
ldapContainer.setSource(source); ldapContainer.setSource(source);
@ -169,9 +164,7 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
} }
ldapContainer.getConstructorArgumentValues().addGenericArgumentValue(ldifs); ldapContainer.getConstructorArgumentValues().addGenericArgumentValue(ldifs);
ldapContainer.getPropertyValues().addPropertyValue("port", port); ldapContainer.getPropertyValues().addPropertyValue("port", getPort(element));
logger.info("Embedded LDAP server bean definition created for URL: " + url);
if (parserContext.getRegistry() if (parserContext.getRegistry()
.containsBeanDefinition(BeanIds.EMBEDDED_APACHE_DS) || .containsBeanDefinition(BeanIds.EMBEDDED_APACHE_DS) ||
@ -217,19 +210,46 @@ public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
return "unboundid".equals(mode) || ClassUtils.isPresent(UNBOUNID_CLASSNAME, getClass().getClassLoader()); return "unboundid".equals(mode) || ClassUtils.isPresent(UNBOUNID_CLASSNAME, getClass().getClassLoader());
} }
private String getPort(Element element) {
String port = element.getAttribute(ATT_PORT);
return (StringUtils.hasText(port) ? port : getDefaultPort());
}
private String getDefaultPort() { private String getDefaultPort() {
try (ServerSocket serverSocket = new ServerSocket(DEFAULT_PORT)) { try (ServerSocket serverSocket = new ServerSocket(DEFAULT_PORT)) {
return String.valueOf(serverSocket.getLocalPort()); return String.valueOf(serverSocket.getLocalPort());
} catch (IOException e) { } catch (IOException e) {
return getRandomPort(); return RANDOM_PORT;
} }
} }
private String getRandomPort() { private static class EmbeddedLdapServerConfigBean implements ApplicationContextAware {
try (ServerSocket serverSocket = new ServerSocket(0)) {
return String.valueOf(serverSocket.getLocalPort()); private ApplicationContext applicationContext;
} catch (IOException e) {
return String.valueOf(DEFAULT_PORT); @Override
public void setApplicationContext(ApplicationContext applicationContext) {
this.applicationContext = applicationContext;
}
@SuppressWarnings("unused")
private DefaultSpringSecurityContextSource createEmbeddedContextSource(String suffix) {
int port;
if (ClassUtils.isPresent(APACHEDS_CLASSNAME, getClass().getClassLoader())) {
ApacheDSContainer apacheDSContainer = this.applicationContext.getBean(ApacheDSContainer.class);
port = apacheDSContainer.getLocalPort();
}
else if (ClassUtils.isPresent(UNBOUNID_CLASSNAME, getClass().getClassLoader())) {
UnboundIdContainer unboundIdContainer = this.applicationContext.getBean(UnboundIdContainer.class);
port = unboundIdContainer.getPort();
}
else {
throw new IllegalStateException("Embedded LDAP server is not provided");
}
String providerUrl = "ldap://127.0.0.1:" + port + "/" + suffix;
return new DefaultSpringSecurityContextSource(providerUrl);
} }
} }
} }

19
ldap/src/integration-test/java/org/springframework/security/ldap/server/ApacheDSContainerTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2020 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -39,6 +39,7 @@ import org.springframework.util.FileCopyUtils;
* @author Luke Taylor * @author Luke Taylor
* @author Rob Winch * @author Rob Winch
* @author Gunnar Hillert * @author Gunnar Hillert
* @author Evgeniy Cheban
* @since 3.0 * @since 3.0
*/ */
public class ApacheDSContainerTests { public class ApacheDSContainerTests {
@ -212,4 +213,20 @@ public class ApacheDSContainerTests {
} }
} }
} }
@Test
public void afterPropertiesSetWhenPortIsZeroThenRandomPortIsSelected() throws Exception {
ApacheDSContainer server = new ApacheDSContainer("dc=springframework,dc=org",
"classpath:test-server.ldif");
server.setPort(0);
try {
server.afterPropertiesSet();
assertThat(server.getPort()).isEqualTo(0);
assertThat(server.getLocalPort()).isNotEqualTo(0);
}
finally {
server.destroy();
}
}
} }

22
ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2020 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -15,6 +15,7 @@
*/ */
package org.springframework.security.ldap.server; package org.springframework.security.ldap.server;
import java.net.InetSocketAddress;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
@ -39,6 +40,7 @@ import org.apache.directory.server.protocol.shared.store.LdifFileLoader;
import org.apache.directory.server.protocol.shared.transport.TcpTransport; import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.directory.shared.ldap.exception.LdapNameNotFoundException; import org.apache.directory.shared.ldap.exception.LdapNameNotFoundException;
import org.apache.directory.shared.ldap.name.LdapDN; import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.mina.transport.socket.SocketAcceptor;
import org.springframework.beans.BeansException; import org.springframework.beans.BeansException;
import org.springframework.beans.factory.DisposableBean; import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
@ -69,6 +71,7 @@ import org.springframework.util.Assert;
* @author Luke Taylor * @author Luke Taylor
* @author Rob Winch * @author Rob Winch
* @author Gunnar Hillert * @author Gunnar Hillert
* @author Evgeniy Cheban
* @deprecated Use {@link UnboundIdContainer} instead because ApacheDS 1.x is no longer * @deprecated Use {@link UnboundIdContainer} instead because ApacheDS 1.x is no longer
* supported with no GA version to replace it. * supported with no GA version to replace it.
*/ */
@ -80,6 +83,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
final DefaultDirectoryService service; final DefaultDirectoryService service;
LdapServer server; LdapServer server;
private TcpTransport transport;
private ApplicationContext ctxt; private ApplicationContext ctxt;
private File workingDir; private File workingDir;
@ -88,6 +92,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
private final JdbmPartition partition; private final JdbmPartition partition;
private final String root; private final String root;
private int port = 53389; private int port = 53389;
private int localPort;
private boolean ldapOverSslEnabled; private boolean ldapOverSslEnabled;
private File keyStoreFile; private File keyStoreFile;
@ -143,7 +148,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
server.setDirectoryService(service); server.setDirectoryService(service);
// AbstractLdapIntegrationTests assume IPv4, so we specify the same here // AbstractLdapIntegrationTests assume IPv4, so we specify the same here
TcpTransport transport = new TcpTransport(port); this.transport = new TcpTransport(port);
if (ldapOverSslEnabled) { if (ldapOverSslEnabled) {
transport.setEnableSSL(true); transport.setEnableSSL(true);
server.setKeystoreFile(this.keyStoreFile.getAbsolutePath()); server.setKeystoreFile(this.keyStoreFile.getAbsolutePath());
@ -190,6 +195,15 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
return this.port; return this.port;
} }
/**
* Returns the port that is resolved by {@link TcpTransport}.
*
* @return the port that is resolved by {@link TcpTransport}
*/
public int getLocalPort() {
return this.localPort;
}
/** /**
* If set to {@code true} will enable LDAP over SSL (LDAPs). If set to {@code true} * If set to {@code true} will enable LDAP over SSL (LDAPs). If set to {@code true}
* {@link ApacheDSContainer#setCertificatePassord(String)} must be set as well. * {@link ApacheDSContainer#setCertificatePassord(String)} must be set as well.
@ -262,6 +276,10 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
logger.error("Lookup failed", e); logger.error("Lookup failed", e);
} }
SocketAcceptor socketAcceptor = this.server.getSocketAcceptor(this.transport);
InetSocketAddress localAddress = socketAcceptor.getLocalAddress();
this.localPort = localAddress.getPort();
running = true; running = true;
try { try {

Write Preview
Loading…
Cancel
Save