Pages

Subscribe:

Ads 468x60px

Saturday, November 5, 2016

Spring Boot Application connect to LDAP Userstore

In this blog post we are going to connect a sample spring boot application with LDAP based userstore to do the authentication.
First create a LDAP server. I've created a sample server using Apache Directory Studio.
Then create a sample spring-boot application with the following dependencies.

<parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>1.3.3.RELEASE</version>
        <relativePath/> 
    </parent>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-ldap</artifactId>
        </dependency>
        <dependency>
            <groupId>org.apache.directory.server</groupId>
            <artifactId>apacheds-server-jndi</artifactId>
            <version>1.5.5</version>
        </dependency>
    </dependencies>

Then in your sample application extend the WebSecurityConfigurerAdapter class and override the below two methods. Provide the connection details as per the ldap server created above.

@Configuration
@EnableWebSecurity
public class LdapSecurity extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.httpBasic().and().authorizeRequests().anyRequest().authenticated().and().csrf().disable();

    }

    @Override
    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.ldapAuthentication()
                .contextSource().url("ldap://localhost:10389/dc=example,dc=com")
                .managerDn("uid=admin,ou=system").managerPassword("secret")
                .and()
                .userSearchBase("ou=users")
                .userSearchFilter("(cn={0})");
    }
}

That's it the spring will engage basic authenticate your requests to the webapp.
Now start the app using mvn spring-boot:run or using the java -jar spring-boot-ldap-sample.jar, Access the webapp using http://localhost:8080/ and provide the credentials of a user in the ldap user base. You'll see the authenticated user's details after a successful authentication.


Full source to the sample can be found here.