Fix LDAP, refactor

Haarolean · Haarolean · commit bba68eb7aa5e · 2024-12-25T04:21:03.000+08:00
diff --git a/api/src/main/java/io/kafbat/ui/config/auth/AbstractAuthSecurityConfig.java b/api/src/main/java/io/kafbat/ui/config/auth/AbstractAuthSecurityConfig.java
@@ -1,11 +1,19 @@
 package io.kafbat.ui.config.auth;
 
+import io.kafbat.ui.util.EmptyRedirectStrategy;
+import java.net.URI;
+import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
+import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
+
 abstract class AbstractAuthSecurityConfig {
 
   protected AbstractAuthSecurityConfig() {
 
   }
 
+  protected static final String LOGIN_URL = "/login";
+  protected static final String LOGOUT_URL = "/auth?logout";
+
   protected static final String[] AUTH_WHITELIST = {
       /* STATIC */
       "/index.html",
@@ -30,4 +38,16 @@ protected AbstractAuthSecurityConfig() {
       "/api/authorization"
   };
 
+  protected RedirectServerAuthenticationSuccessHandler emptyRedirectSuccessHandler() {
+    final var authHandler = new RedirectServerAuthenticationSuccessHandler();
+    authHandler.setRedirectStrategy(new EmptyRedirectStrategy());
+    return authHandler;
+  }
+
+  protected RedirectServerLogoutSuccessHandler redirectLogoutSuccessHandler() {
+    final var logoutSuccessHandler = new RedirectServerLogoutSuccessHandler();
+    logoutSuccessHandler.setLogoutSuccessUrl(URI.create(LOGOUT_URL));
+    return logoutSuccessHandler;
+  }
+
 }
diff --git a/api/src/main/java/io/kafbat/ui/config/auth/BasicAuthSecurityConfig.java b/api/src/main/java/io/kafbat/ui/config/auth/BasicAuthSecurityConfig.java
@@ -22,19 +22,10 @@
 @Slf4j
 public class BasicAuthSecurityConfig extends AbstractAuthSecurityConfig {
 
-  private static final String LOGIN_URL = "/login";
-  private static final String LOGOUT_URL = "/auth?logout";
-
   @Bean
   public SecurityWebFilterChain configure(ServerHttpSecurity http) {
     log.info("Configuring LOGIN_FORM authentication.");
 
-    final var authHandler = new RedirectServerAuthenticationSuccessHandler();
-    authHandler.setRedirectStrategy(new EmptyRedirectStrategy());
-
-    final var logoutSuccessHandler = new RedirectServerLogoutSuccessHandler();
-    logoutSuccessHandler.setLogoutSuccessUrl(URI.create(LOGOUT_URL));
-
     var builder = http.authorizeExchange(spec -> spec
             .pathMatchers(AUTH_WHITELIST)
             .permitAll()
@@ -43,10 +34,10 @@ public SecurityWebFilterChain configure(ServerHttpSecurity http) {
         )
         .formLogin(form -> form
             .loginPage(LOGIN_URL)
-            .authenticationSuccessHandler(authHandler)
+            .authenticationSuccessHandler(emptyRedirectSuccessHandler())
         )
         .logout(spec -> spec
-            .logoutSuccessHandler(logoutSuccessHandler)
+            .logoutSuccessHandler(redirectLogoutSuccessHandler())
             .requiresLogout(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/logout")))
         .csrf(ServerHttpSecurity.CsrfSpec::disable);
 
diff --git a/api/src/main/java/io/kafbat/ui/config/auth/LdapSecurityConfig.java b/api/src/main/java/io/kafbat/ui/config/auth/LdapSecurityConfig.java
@@ -1,7 +1,5 @@
 package io.kafbat.ui.config.auth;
 
-import static io.kafbat.ui.config.auth.AbstractAuthSecurityConfig.AUTH_WHITELIST;
-
 import io.kafbat.ui.service.rbac.AccessControlService;
 import io.kafbat.ui.service.rbac.extractor.RbacLdapAuthoritiesExtractor;
 import io.kafbat.ui.util.StaticFileWebFilter;
@@ -15,14 +13,14 @@
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
 import org.springframework.ldap.core.support.LdapContextSource;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.ReactiveAuthenticationManagerAdapter;
-import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
@@ -38,14 +36,15 @@
 import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
 import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
 import org.springframework.security.web.server.SecurityWebFilterChain;
+import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
 
 @Configuration
 @EnableWebFluxSecurity
 @ConditionalOnProperty(value = "auth.type", havingValue = "LDAP")
 @EnableConfigurationProperties(LdapProperties.class)
 @RequiredArgsConstructor
 @Slf4j
-public class LdapSecurityConfig {
+public class LdapSecurityConfig extends AbstractAuthSecurityConfig {
 
   private final LdapProperties props;
 
@@ -129,8 +128,13 @@ public SecurityWebFilterChain configureLdap(ServerHttpSecurity http) {
             .anyExchange()
             .authenticated()
         )
-        .formLogin(Customizer.withDefaults())
-        .logout(Customizer.withDefaults())
+        .formLogin(form -> form
+            .loginPage(LOGIN_URL)
+            .authenticationSuccessHandler(emptyRedirectSuccessHandler())
+        )
+        .logout(spec -> spec
+            .logoutSuccessHandler(redirectLogoutSuccessHandler())
+            .requiresLogout(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/logout")))
         .csrf(ServerHttpSecurity.CsrfSpec::disable);
 
     builder.addFilterAt(new StaticFileWebFilter(), SecurityWebFiltersOrder.LOGIN_PAGE_GENERATING);
