Spring Boot offers a wide range of authentication options through Spring Security module. We usually use custom authentication code that finds username/password in database (preferring MongoDB) and do proper authentication. In some cases, based on company accounts handling culture, there is a request to authenticate users based on existing Active Directory accounts. When digging around this one can find, that it’s quite easy to do in Spring Boot with Spring Security module.
To accomplish Active Directory based authentication, we should simply create a @Configuration bean that is going to be scanned and loaded during a Spring Boot application start (the following assume we have initial Spring Boot project created and Spring Security Starter referenced as Maven or Gradle dependency). The bean must inherit WebSecurityConfigurerAdapter and implement appropriate methods to configure what we need here see my gist below.
Configuration options like AD domain name and URL can be specified in application.properties file and loaded using @Value annotation. And thats it. When configured properly, Spring Security will use this configuration and ask Active Directory for authenticating you! Its really such easy …
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
package app.config; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider; import java.util.Arrays; @Configuration @EnableWebSecurity public class WebSecurityConfigAD extends WebSecurityConfigurerAdapter { @Value("${ad.domain}") private String AD_DOMAIN; @Value("${ad.url}") private String AD_URL; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().authenticated().and().httpBasic(); } @Override protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception { authManagerBuilder.authenticationProvider(activeDirectoryLdapAuthenticationProvider()).userDetailsService(userDetailsService()); } @Bean public AuthenticationManager authenticationManager() { return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider())); } @Bean public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() { ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(AD_DOMAIN, AD_URL); provider.setConvertSubErrorCodesToExceptions(true); provider.setUseAuthenticationRequestCredentials(true); return provider; } } |