From 00f042f7e671948dd0e4710831e0df4bd94fcb80 Mon Sep 17 00:00:00 2001
From: Roman Zabaluev <gpg@haarolean.dev>
Date: Mon, 14 Apr 2025 00:13:22 +0800
Subject: [PATCH 1/2] BE: Auth: Fix LDAP SPEL

---
 api/src/main/java/io/kafbat/ui/config/auth/LdapProperties.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/main/java/io/kafbat/ui/config/auth/LdapProperties.java b/api/src/main/java/io/kafbat/ui/config/auth/LdapProperties.java
index 3478d3fbc..d2849fc2f 100644
--- a/api/src/main/java/io/kafbat/ui/config/auth/LdapProperties.java
+++ b/api/src/main/java/io/kafbat/ui/config/auth/LdapProperties.java
@@ -20,7 +20,7 @@ public class LdapProperties {
 
   @Value("${oauth2.ldap.activeDirectory:false}")
   private boolean isActiveDirectory;
-  @Value("${oauth2.ldap.activeDirectory.domain:@null}")
+  @Value("${oauth2.ldap.activeDirectory.domain:#{null}}")
   private String activeDirectoryDomain;
 
 }

From 31b0decc54814cee8a32bb13a93eab21cb02293d Mon Sep 17 00:00:00 2001
From: Roman Zabaluev <gpg@haarolean.dev>
Date: Mon, 14 Apr 2025 00:16:39 +0800
Subject: [PATCH 2/2] Throw a warning when no value is set

---
 .../java/io/kafbat/ui/config/auth/LdapSecurityConfig.java    | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/api/src/main/java/io/kafbat/ui/config/auth/LdapSecurityConfig.java b/api/src/main/java/io/kafbat/ui/config/auth/LdapSecurityConfig.java
index 4267a4b0e..06444b9f1 100644
--- a/api/src/main/java/io/kafbat/ui/config/auth/LdapSecurityConfig.java
+++ b/api/src/main/java/io/kafbat/ui/config/auth/LdapSecurityConfig.java
@@ -12,6 +12,7 @@
 import java.util.stream.Stream;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
@@ -163,6 +164,10 @@ public SecurityWebFilterChain configureLdap(ServerHttpSecurity http) {
   }
 
   private ActiveDirectoryLdapAuthenticationProvider activeDirectoryProvider(LdapAuthoritiesPopulator populator) {
+    if (StringUtils.isBlank(props.getActiveDirectoryDomain())) {
+      throw new IllegalArgumentException("Active Directory domain is required but not specified");
+    }
+
     ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(
         props.getActiveDirectoryDomain(),
         props.getUrls()