CODEWITHSUNDEEP
springspring-bootspring-securityldap
Priya
Priya

Reputation: 1236

securing an application with spring security and LDAP

I am very new to spring security. I want to implement it in my spring boot application with LDAP. Whenever I try to understand the concepts of security, i end up in confused state. can somebody suggest me a guide or give me a gist of what spring security does. In my project, am using only spring security and LDAP. What I observe is, spring boot creates it's own login page and once the user is authenticated, it sets a cookie called JSESSIONID and for further requests, it is using that session Id only.We can clear that session id during logout. But I also heard the concept of token base authentication, so am not sure if I want to use that or not. The secured URLs are called from a external angular application. Can someone help ..

Upvotes: 0

Views: 277

Answers (1)

Simon Martinelli
Simon Martinelli

Reputation: 36223

You can use Spring Security LDAP.

Add these dependencies to your pom.xml:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.ldap</groupId>
    <artifactId>spring-ldap-core</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
    <groupId>com.unboundid</groupId>
    <artifactId>unboundid-ldapsdk</artifactId>
</dependency>

And then you have to create a configuration class:

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .authorizeRequests()
        .anyRequest().fullyAuthenticated()
        .and()
      .formLogin();
  }

  @Override
  public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
      .ldapAuthentication()
        .userDnPatterns("uid={0},ou=people")
        .groupSearchBase("ou=groups")
        .contextSource()
          .url("ldap://localhost:8389/dc=springframework,dc=org")
          .and()
        .passwordCompare()
          .passwordEncoder(new LdapShaPasswordEncoder())
          .passwordAttribute("userPassword");
  }

}

Please find the whole guide here:

https://spring.io/guides/gs/authenticating-ldap/

Upvotes: 0

Related Questions