Pages

Subscribe:

Ads 468x60px

Saturday, November 5, 2016

Spring Boot Application connect to LDAP Userstore

In this blog post we are going to connect a sample spring boot application with LDAP based userstore to do the authentication.
First create a LDAP server. I've created a sample server using Apache Directory Studio.
Then create a sample spring-boot application with the following dependencies.

<parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>1.3.3.RELEASE</version>
        <relativePath/> 
    </parent>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-ldap</artifactId>
        </dependency>
        <dependency>
            <groupId>org.apache.directory.server</groupId>
            <artifactId>apacheds-server-jndi</artifactId>
            <version>1.5.5</version>
        </dependency>
    </dependencies>

Then in your sample application extend the WebSecurityConfigurerAdapter class and override the below two methods. Provide the connection details as per the ldap server created above.

@Configuration
@EnableWebSecurity
public class LdapSecurity extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.httpBasic().and().authorizeRequests().anyRequest().authenticated().and().csrf().disable();

    }

    @Override
    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.ldapAuthentication()
                .contextSource().url("ldap://localhost:10389/dc=example,dc=com")
                .managerDn("uid=admin,ou=system").managerPassword("secret")
                .and()
                .userSearchBase("ou=users")
                .userSearchFilter("(cn={0})");
    }
}

That's it the spring will engage basic authenticate your requests to the webapp.
Now start the app using mvn spring-boot:run or using the java -jar spring-boot-ldap-sample.jar, Access the webapp using http://localhost:8080/ and provide the credentials of a user in the ldap user base. You'll see the authenticated user's details after a successful authentication.


Full source to the sample can be found here.

7 comments:

  1. Hi Aruna
    I'm facing one issue. I created LDAP server added user with password, when I hit localhost:8080 prompt for username/password comes but when I enters it same popup coming again, it means its not getting authenticated. Can you share u r views/

    ReplyDelete
  2. Probably an issue when connecting to the LDAP. Can you verify those configurations are correct.

    .contextSource().url("ldap://localhost:10389/dc=example,dc=com")
    .managerDn("uid=admin,ou=system").managerPassword("secret")
    .and()
    .userSearchBase("ou=users")
    .userSearchFilter("(cn={0})");

    ReplyDelete
    Replies
    1. authenticationManagerBuilder.ldapAuthentication()
      .contextSource().url("ldap://localhost:10389/dc=example,dc=com")
      .managerDn("uid=admin,ou=system").managerPassword("secret")
      .and()
      .userSearchBase("ou=users")
      .userSearchFilter("(cn={0})")

      Delete
    2. No, I meant did you create those manager, user groups, in your LDAP correctly?..

      Delete
  3. dc=example,dc=com
    |
    -ou=system
    |
    --ou=users
    |
    ---uid=kirantest

    ReplyDelete
  4. Both the ou=groups and ou=users should be present inside the dc. Check the ldap image in my post.

    ReplyDelete
  5. Hi Aruna I am also facing the same issue will you please share a pic of users and groups created in your active directory

    ReplyDelete