In this article, we'll take a look at how to use Spring Boot and LDAP for security and authentication. We'll explore three different ways to configure Spring Boot to use LDAP for authentication:
spring-boot-starter-security-ldap
dependencyWe'll also look at how to use Spring Boot's auto-configuration feature to configure an embedded LDAP server.
There are three different ways to configure Spring Boot to use LDAP for authentication.
spring-boot-starter-security-ldap
DependencyThe easiest way to configure Spring Boot to use LDAP for authentication is to use the spring-boot-starter-security-ldap
dependency. This dependency will automatically configure Spring Security to use an embedded LDAP server.
To use the spring-boot-starter-security-ldap
dependency, add the following dependency to your pom.xml
file:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security-ldap</artifactId>
</dependency>
If you want more control over the configuration of the LDAP server, you can configure Spring Security to use an LDAP server. To do this, you need to add the following dependencies to your pom.xml
file:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-all</artifactId>
</dependency>
You also need to configure the UserDetailsService
bean. The UserDetailsService
bean is responsible for loading the user's details from the LDAP server.
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.url("ldap://localhost:10389/dc=springframework,dc=org")
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
}
In the code example above, we've configured the UserDetailsService
to search for users in the ou=people
LDAP group and to search for groups in the ou=groups
LDAP group. We've also configured the password encoder to use the LdapShaPasswordEncoder
encoder.
If you want to use a more fully-featured LDAP server, you can configure ApacheDS. To do this, you need to add the following dependency to your pom.xml
file:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-all</artifactId>
</dependency>
You also need to configure the UserDetailsService
bean. The UserDetailsService
bean is responsible for loading the user's details from the LDAP server.
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.url("ldap://localhost:10389/dc=springframework,dc=org")
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
}
In the code example above, we've configured the UserDetailsService
to search for users in the ou=people
LDAP group and to search for groups in the ou=groups
LDAP group. We've also configured the password encoder to use the LdapShaPasswordEncoder
encoder.
Spring Boot's auto-configuration feature can be used to configure an embedded LDAP server. To use the auto-configuration feature, you need to add the following dependency to your pom.xml
file:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure</artifactId>
</dependency>
You also need to configure the UserDetailsService
bean. The UserDetailsService
bean is responsible for loading the user's details from the LDAP server.
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.url("ldap://localhost:10389/dc=springframework,dc=org")
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
}
In the code example above, we've configured the UserDetailsService
to search for users in the ou=people
LDAP group and to search for groups in the ou=groups
LDAP group. We've also configured the password encoder to use the LdapShaPasswordEncoder
encoder.
In this article, we've explored three different ways to configure Spring Boot to use LDAP for authentication. We've also looked at how to use Spring Boot's auto-configuration feature to configure an embedded LDAP server.