First create a LDAP server. I've created a sample server using Apache Directory Studio.
<parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.3.3.RELEASE</version> <relativePath/> </parent> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-devtools</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-ldap</artifactId> </dependency> <dependency> <groupId>org.apache.directory.server</groupId> <artifactId>apacheds-server-jndi</artifactId> <version>1.5.5</version> </dependency> </dependencies>
Then in your sample application extend the WebSecurityConfigurerAdapter class and override the below two methods. Provide the connection details as per the ldap server created above.
@Configuration @EnableWebSecurity public class LdapSecurity extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity.httpBasic().and().authorizeRequests().anyRequest().authenticated().and().csrf().disable(); } @Override protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception { authenticationManagerBuilder.ldapAuthentication() .contextSource().url("ldap://localhost:10389/dc=example,dc=com") .managerDn("uid=admin,ou=system").managerPassword("secret") .and() .userSearchBase("ou=users") .userSearchFilter("(cn={0})"); } }
That's it the spring will engage basic authenticate your requests to the webapp.
Now start the app using mvn spring-boot:run or using the java -jar spring-boot-ldap-sample.jar, Access the webapp using http://localhost:8080/ and provide the credentials of a user in the ldap user base. You'll see the authenticated user's details after a successful authentication.
Full source to the sample can be found here.
Hi Aruna
ReplyDeleteI'm facing one issue. I created LDAP server added user with password, when I hit localhost:8080 prompt for username/password comes but when I enters it same popup coming again, it means its not getting authenticated. Can you share u r views/
Probably an issue when connecting to the LDAP. Can you verify those configurations are correct.
ReplyDelete.contextSource().url("ldap://localhost:10389/dc=example,dc=com")
.managerDn("uid=admin,ou=system").managerPassword("secret")
.and()
.userSearchBase("ou=users")
.userSearchFilter("(cn={0})");
authenticationManagerBuilder.ldapAuthentication()
Delete.contextSource().url("ldap://localhost:10389/dc=example,dc=com")
.managerDn("uid=admin,ou=system").managerPassword("secret")
.and()
.userSearchBase("ou=users")
.userSearchFilter("(cn={0})")
No, I meant did you create those manager, user groups, in your LDAP correctly?..
Deletedc=example,dc=com
ReplyDelete|
-ou=system
|
--ou=users
|
---uid=kirantest
Both the ou=groups and ou=users should be present inside the dc. Check the ldap image in my post.
ReplyDeleteHi Aruna I am also facing the same issue will you please share a pic of users and groups created in your active directory
ReplyDelete