Reputation: 463
Spring Security LDAP Authentication does not work with Java 8
I am trying to use LDAP Authentication provided by Spring Security. Everything compiles fine. I get the following error on deploying the application.
Caused by: java.lang.RuntimeException: Could not postProcess org.springframework.security.ldap.server.ApacheDSContainer@54a76efa of type class org.springframework.security.ldap.server.ApacheDSContainer
at org.springframework.security.config.annotation.configuration.AutowireBeanFactoryObjectPostProcessor.postProcess(AutowireBeanFactoryObjectPostProcessor.java:70)
at org.springframework.security.config.annotation.SecurityConfigurerAdapter$CompositeObjectPostProcessor.postProcess(SecurityConfigurerAdapter.java:123)
at org.springframework.security.config.annotation.SecurityConfigurerAdapter.postProcess(SecurityConfigurerAdapter.java:82)
at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.access$400(LdapAuthenticationProviderConfigurer.java:58)
at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer$ContextSourceBuilder.build(LdapAuthenticationProviderConfigurer.java:555)
at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer$ContextSourceBuilder.access$500(LdapAuthenticationProviderConfigurer.java:446)
at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.getContextSource(LdapAuthenticationProviderConfigurer.java:606)
at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.build(LdapAuthenticationProviderConfigurer.java:76)
Spring Core version is 4.3.2. Spring Security LDAP version is 4.1.1.
My Google research listed a 2013 post which says that the issue is because of incompatibility between Spring Security LDAP and Java 8. The same article said it has been fixed in some Spring Boot version. It does not talk about any fix for non-Spring boot libraries.
Has anybody tried Spring Security LDAP Authentication using Java 8? Please help.
Upvotes: 0
Views: 8472
Answers (1)
Reputation: 1166
Here's my working config using Java 8 and Spring Security LDAP. We're connecting our Spring Web app to an Active Directory instance to secure access by URL.
If I recall correctly, it took longer than I expected to get this working.
You'll need to change the "Base" for the LDAP context path, and note that the ldap.user is the full LDAP CN, not just a username. You can use and LDAP browser like JXplorer (http://jxplorer.org/) to get the LDAP settings correct.
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger LOGGER = LoggerFactory.getLogger(SecurityConfig.class);
@Value("ldap://${ldap.host}:${ldap.port:389}")
private String url;
@Value("${ldap.user}")
private String user;
@Value("${ldap.password}")
private String password;
@Override
protected void configure(HttpSecurity http) throws Exception {
LOGGER.info("Configuring security...");
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/index.html").permitAll()
.anyRequest().fullyAuthenticated()
.and()
.httpBasic();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.userSearchFilter("(&(objectClass=user)(sAMAccountName={0}))")
.contextSource(ldapContextSource());
}
@Bean
public BaseLdapPathContextSource ldapContextSource() {
LOGGER.info("LDAP: {}", url);
LdapContextSource bean = new LdapContextSource();
bean.setUrl(url);
bean.setBase("DC=CORP,DC=MyCompany,DC=com");
bean.setUserDn(user);
bean.setPassword(password);
bean.setPooled(true);
bean.setReferral("follow");
return bean;
}
}
This assumes you have your LDAP settings in a configuration file that looks something like this
ldap.host=ldap.mycompany.com
ldap.user=CN=MyUser,OU=Service Accounts,OU=New-York,DC=CORP,DC=MyCompany,DC=com
# Encrypt using Jasypt or something
ldap.password=B1gS3cr3t
Upvotes: 2
Related Questions
- LDAP authentication using Spring security 2.0.3
- Spring Security with LDAP - error after login
- LDAP authentication with Spring Security
- LDAP authentication with Java config
- Spring Security LDAP Login Bad Credentials
- Spring Security LDAP authentication: exception while not specifying OUs
- Spring Security LDAP Authentication Error - Authentication exception instead of Password Lock
- Spring security configuration to authenticate ldap user
- Spring Security + LDAP always returns BadCredentialsException
- LDAP Authentication with Spring Security 3