All geek questions in one place

How to Use Spring Ldap Authentication

In my current project, I have to implement LDAP authentication. I am using JSF 2.2, primefaces and Spring 4.0 and spring -ldap-core 1.3.2 and spring -security-ldap-3.2.0. The following are the work that I still did to achieve:

Spring -Ldap.xml

<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
 <property name="url" value="ldap://mumcXXXXXXX" />
 <property name="base" value="dc=ad,dc=XXX,dc=com"/>
 <property name="userDn" value="XXXX@ad.XXX.com" />
 <property name="password" value="XXXX" />
 </bean>

 <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
    <constructor-arg ref="contextSource" />
</bean>

<bean id="ldapContact"
    class="com.csap.research.LDAPContactDAO">
    <property name="ldapTemplate" ref="ldapTemplate" />
</bean>

My LdapContactDao

public boolean login(String username, String password) {
        AndFilter filter = new AndFilter();
        ldapTemplate.setIgnorePartialResultException(true); 
        filter.and(new EqualsFilter("userPrincipalName", username+"@ad.cXXX.com"));
        return ldapTemplate.authenticate("", filter.toString(), password);
}

Here, the username and password come from the login screen as input. My problem is very tough. I do not want to hardcode the username and password in Spring -Ldap.xml . Therefore, it was suggested to use spring -security -Ldap here Spring roles LdapAuthentication and Load from the local database , but I could not figure it out.

, Ldap Spring corse JSF, . .

+4
2

LDAP :

  1. Maven

    <dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-ldap</artifactId>
  <version>4.0.2.RELEASE</version>
</dependency>

  2. WebSecurityConfigurerAdapter:

    @Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

private static final String SSO_HEADER = "AUTH_USER";

public static final String ADMIN = "ROLE_ADMIN";
public static final String USER = "ROLE_USER";
public static final String ANONYMOUS = "ROLE_ANONYMOUS";

@Autowired
Environment env;

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests()
            .antMatchers("/css/**","/js/**","/images/**","/fonts/**","/api/**","/sendRedirect/**","/test/**").permitAll()
            .anyRequest().fullyAuthenticated().and().formLogin().loginPage("/login")
            .failureUrl("/login?error").permitAll()
            .and()
            .logout()
            .deleteCookies("remove")
            .invalidateHttpSession(true)
            .logoutUrl("/logout")
            .logoutSuccessUrl("/login?logout")
            .and()
        // Cross-site request forgery is turned off for RESTful API calls with the assumption that
        // authentication will be sufficient protection
        .csrf().ignoringAntMatchers("/api/**", "/space/{\\d+}/**", "/admin/**");
}

@Override
public AuthenticationManager authenticationManagerBean()
    throws Exception
{
    return authenticationManager();
}

@Configuration
protected static class AuthenticationConfiguration extends
        GlobalAuthenticationConfigurerAdapter {

    @Autowired
    Environment env;

    @Override
    public void init(AuthenticationManagerBuilder auth) throws Exception {
        auth.ldapAuthentication().userDnPatterns("cn={0}")
                .contextSource(contextSource());
    }

    @Bean
    public LdapContextSource contextSource() {
        LdapContextSource contextSource = new LdapContextSource();
        contextSource.setUrl(env.getRequiredProperty("ldap.url"));
        contextSource.setBase(env.getRequiredProperty("ldap.base"));
        contextSource.setUserDn(env.getRequiredProperty("ldap.username"));
        contextSource.setPassword(env.getRequiredProperty("ldap.password"));
        return contextSource;
    }
}

}
0

Source: https://habr.com/ru/post/1525245/

More articles:


All Articles