Spring Boot + Spring Security authentication with LDAP


This page will walk through Spring Boot + Spring Security authentication with LDAP. LDAP is an application protocol used to access and maintain directory information over an Internet Protocol (IP) network. LDAP stands for Lightweight Directory Access Protocol.

Spring Security provides AuthenticationManagerBuilder class contain a method named ldapAuthentication() which allows customization of the LDAP authentication. LDAP uses the LDAP Data Interchange Format (LDIF) file format for data interchange.

Similar Posts:

  1. Spring Boot + Spring Security with JPA authentication and MySQL
  2. Spring Security JDBC authentication with Spring Boot

What we’ll build

We will build a Spring Boot application, expose REST endpoint that returns a simple message, setup local LDAP instance and secure the application by Spring Security authenticated with LDAP server.

Technology Used

Find the list of all technologies used in this application.

  1. Spring Tool Suite 4
  2. JDK 8
  3. Spring Boot 2.2.1.RELEASE
  4. Spring Security 5.1.6.RELEASE
  5. Unboundid-ldapsdk 4.0.12
  6. Maven 3.6

Required Dependencies

Authentication with LDAP of Spring Boot application, we need a local LDAP server instance and Spring Security which connect and authenticate with LDAP server. The following dependencies will help to set up all these things:

pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.2.1.RELEASE</version>
		<relativePath /> <!-- lookup parent from repository -->
	</parent>
	<groupId>org.websparrow</groupId>
	<artifactId>spring-boot-security-ldap</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<name>spring-boot-security-ldap</name>
	<properties>
		<java.version>1.8</java.version>
	</properties>
	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<!-- An open source implementation of LDAP server -->
		<dependency>
			<groupId>com.unboundid</groupId>
			<artifactId>unboundid-ldapsdk</artifactId>
		</dependency>
		<!-- Spring integration library that work with LDAP -->
		<dependency>
			<groupId>org.springframework.ldap</groupId>
			<artifactId>spring-ldap-core</artifactId>
		</dependency>
		<!-- Help to integrate Spring Security with LDAP -->
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-ldap</artifactId>
		</dependency>
	</dependencies>
	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>
</project>

Project Structure

The final project structure of our application in STS 4 IDE will look like as follows:

Spring Boot + Spring Security authentication with LDAP

Controller

Create GreetController class which handles a GET request by returning a simple message.

GreetController.java
package org.websparrow.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class GreetController {

	@GetMapping("greet")
	public String greet() {
		return "Welcome to home page";
	}
}

Configure LDAP Instance

The local LDAP instance in Spring Boot project can be configured using an application.properties file.

application.properties
############## Local LDAP instance setup  ##############

#LDAP server port  
spring.ldap.embedded.port=8090
#LDIF file location 
spring.ldap.embedded.ldif=classpath:user-data.ldif
#Base root
spring.ldap.embedded.base-dn=dc=springframework,dc=org

Spring Security Java Configuration

This configuration file tells Spring Security to authorized every request and each request must be authenticated by using the LDAP authentication.

SecurityConfiguration.java
package org.websparrow.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.LdapShaPasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

	//Authorized every request and each request must be authenticated
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http
			.authorizeRequests()
			.anyRequest().fullyAuthenticated()
			.and()
			.formLogin();
	}

	// Configure Spring Security to use the LDAP authentication
	@Override
	public void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth
			.ldapAuthentication()
			.userDnPatterns("uid={0},ou=people")
			.groupSearchBase("ou=groups")
			.contextSource()
			.url("ldap://localhost:8090/dc=springframework,dc=org")
			.and()
			.passwordCompare()
			.passwordEncoder(new LdapShaPasswordEncoder())
			.passwordAttribute("userPassword");
	}
}

Set up User Data

LDAP servers can use LDIF (LDAP Data Interchange Format) files to exchange user data. The spring.ldap.embedded.ldif property inside the application.properties let Spring Boot pull in an LDIF data file.

user-data.ldif
dn: dc=springframework,dc=org
objectclass: top
objectclass: domain
objectclass: extensibleObject
dc: springframework

dn: ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups

dn: ou=subgroups,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: subgroups

dn: ou=people,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people

dn: ou=space cadets,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: space cadets

dn: ou=\"quoted people\",dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: "quoted people"

dn: ou=otherpeople,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: otherpeople

dn: uid=ben,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Ben Alex
sn: Alex
uid: ben
userPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=

dn: uid=bob,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Bob Hamilton
sn: Hamilton
uid: bob
userPassword: bobspassword

dn: uid=joe,ou=otherpeople,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Joe Smeth
sn: Smeth
uid: joe
userPassword: joespassword

Source: spring.io

Run the application

The SpringBootSecurityLDAPApp class contains the main method and responsible to start the application.

SpringBootSecurityLDAPApp.java
package org.websparrow;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class SpringBootSecurityLDAPApp {

	public static void main(String[] args) {
		SpringApplication.run(SpringBootSecurityLDAPApp.class, args);
	}
}

Test the application

To test the application, start the Spring Boot application by executing the above class and follow the below steps:

1. Visit the site at http://localhost:8080/greet, you should be redirected to a login page provided by Spring Security.

2. Enter a user name of ben and a password of benspassword. You should see the following message in your browser:

Welcome to home page

References

  1. Getting Started with Spring Security
  2. LDAP Authentication

Similar Posts

About the Author

Atul Rai
I love sharing my experiments and ideas with everyone by writing articles on the latest technological trends. Read all published posts by Atul Rai.