Implement Kerberos Search

api/src/main/scala/za/co/absa/loginsvc/rest/SecurityConfig.scala

@@ -16,18 +16,23 @@
 
 package za.co.absa.loginsvc.rest
 
+import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.{Bean, Configuration}
-import org.springframework.security.authentication.AuthenticationManager
+import org.springframework.security.authentication.{AuthenticationManager, ProviderManager}
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.http.SessionCreationPolicy
-import org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter
+import za.co.absa.loginsvc.rest.config.provider.AuthConfigProvider
+import za.co.absa.loginsvc.rest.provider.kerberos.{KerberosSPNEGOAuthenticationProvider, RestApiKerberosAuthentication}
 
 @Configuration
 @EnableWebSecurity
-class SecurityConfig {
+class SecurityConfig@Autowired()(authConfigsProvider: AuthConfigProvider) {
+
+  //TODO: Neaten up checking for Config
+  private val KerberosConfig = authConfigsProvider.getLdapConfig.orNull
 
   @Bean
   def filterChain(http: HttpSecurity): SecurityFilterChain = {
@@ -51,8 +56,18 @@ class SecurityConfig {
         .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
         .and()
       .httpBasic()
-      //.and()
-      //.addFilterBefore(spnegoAuthenticationProcessingFilter(authenticationManager), classOf[BasicAuthenticationFilter])
+
+    //TODO: Neaten up checking for Config
+    if(KerberosConfig != null)
+      {
+        if(KerberosConfig.enableKerberos.isDefined)
+          {
+            val kerberos = new KerberosSPNEGOAuthenticationProvider(KerberosConfig)
+            http.addFilterBefore(
+              RestApiKerberosAuthentication.spnegoAuthenticationProcessingFilter(
+                new ProviderManager(kerberos.kerberosServiceAuthenticationProvider())), classOf[BasicAuthenticationFilter])
+          }
+      }
 
     http.build()
   }

api/src/main/scala/za/co/absa/loginsvc/rest/provider/kerberos/KerberosSPNEGOAuthenticationProvider.scala

@@ -24,6 +24,7 @@ import scala.collection.JavaConverters._
 
 class KerberosSPNEGOAuthenticationProvider(activeDirectoryLDAPConfig: ActiveDirectoryLDAPConfig) {
 
+  //TODO: Split into Multiple files for neater implementation
   private val serviceAccount = activeDirectoryLDAPConfig.serviceAccount
   private val kerberos = activeDirectoryLDAPConfig.enableKerberos.get
   private val kerberosDebug = kerberos.debug.getOrElse(false)
@@ -75,14 +76,10 @@ class KerberosSPNEGOAuthenticationProvider(activeDirectoryLDAPConfig: ActiveDire
 object RestApiKerberosAuthentication {
   private val logger = LoggerFactory.getLogger(this.getClass)
 
-  def spnegoAuthenticationProcessingFilter(authenticationManager: AuthenticationManager, authenticationSuccessHandler: AuthenticationSuccessHandler): SpnegoAuthenticationProcessingFilter = {
+  def spnegoAuthenticationProcessingFilter(authenticationManager: AuthenticationManager): SpnegoAuthenticationProcessingFilter = {
     val filter = new SpnegoAuthenticationProcessingFilter()
     filter.setAuthenticationManager(authenticationManager)
     filter.setSkipIfAlreadyAuthenticated(true)
-    filter.setSuccessHandler(authenticationSuccessHandler)
-    filter.setFailureHandler((request: HttpServletRequest, response: HttpServletResponse, exception: AuthenticationException) => {
-      logger.error(exception.getStackTrace.toString)
-    })
     filter
   }
 }