Spring Boot: Active Directory authentication

David Marko  12 January 2017 15:00:00
Spring Boot offers a wide range of authentication options through Spring Security module. We usually use custom authentication code that finds username/password in database (preferring MongoDB) and do proper authentication. In some cases, based on company accounts handling culture, there is a request to authenticate users based on existing Active Directory accounts. When digging around this one can find, that it’s quite easy to do in Spring Boot with Spring Security module.

To accomplish Active Directory based authentication, we should simply create a @Configuration bean that is going to be scanned and loaded during a Spring Boot application start (the following assume we have initial Spring Boot project created and Spring Security Starter referenced as Maven or Gradle dependency). The bean must inherit WebSecurityConfigurerAdapter and implement appropriate methods to configure what we need here see my gist below.

Configuration options like AD domain name and URL can be specified in application.properties file and loaded using @Value annotation. And thats it. When configured properly, Spring Security will use this configuration and ask Active Directory for authenticating you! Its really such easy …

See original blog post here.

package app.config;

import org.springframework.beans.factory.annotation.Value;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.authentication.AuthenticationProvider;

import org.springframework.security.authentication.ProviderManager;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.builders.WebSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;

import java.util.Arrays;


@Configuration

@EnableWebSecurity

public class WebSecurityConfigAD extends WebSecurityConfigurerAdapter {


 @Value("${ad.domain}")

 private String AD_DOMAIN;


 @Value("${ad.url}")

 private String AD_URL;


 @Override

 protected void configure(HttpSecurity http) throws Exception {

     http.authorizeRequests().anyRequest().authenticated().and().httpBasic();

 }


 @Override

 protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {

     authManagerBuilder.authenticationProvider(activeDirectoryLdapAuthenticationProvider()).userDetailsService(userDetailsService());

 }


 @Bean

 public AuthenticationManager authenticationManager() {

     return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));

 }

 @Bean

 public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {

     ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(AD_DOMAIN, AD_URL);

     provider.setConvertSubErrorCodesToExceptions(true);

     provider.setUseAuthenticationRequestCredentials(true);


     return provider;

 }

}

Comments
no comments availabe. Be the first!
TOPlist