In this article, we will learn how to use the LDAP server and Spring Security to implement user authentication.
We will use an embedded LDAP server to store the user credentials.
Version details:
- Spring boot version: 2.4.0
- Java version 11.
Table of Contents
- Creating the Spring security login with LDAP
- Configure spring security and embedded LDAP
- Testing the application
- Conclusion
Creating the Spring security login with LDAP
Create a new spring boot project. Add below maven dependencies to the application’s pom.xml configuration file.
The unboundid-ldapsdk dependency helps us by setting up an embedded LDAP server during runtime.
Also, the spring-security-ldap dependency provides required support to for the LDAP based security for our application.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
<groupId>com.unboundid</groupId>
<artifactId>unboundid-ldapsdk</artifactId>
</dependency>
Configure spring security and embedded LDAP
The next step is to configure the application with embedded LDAP.
We will also add required configurations to set up spring security to use the embedded LDAP for user authentication.
Setup embedded LDAP
Create a file with the name server.ldif under the location /src/main/resources/.
In the server.ldif file, we will add LDAP organization, group, and the user details as given below.
We have two users with the first username arun and password 12345 and the second username sara with the password abcd.
dn: dc=asbnotebook,dc=com objectclass: top objectclass: domain objectclass: extensibleObject dc: asbnotebook dn: ou=groups,dc=asbnotebook,dc=com objectclass: top objectclass: organizationalUnit ou: groups dn: uid=arun,ou=groups,dc=asbnotebook,dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Arun sn: Arun uid: arun userPassword: 12345 dn: uid=sara,ou=groups,dc=asbnotebook,dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Sara sn: Sara uid: sara userPassword: abcd
Also, add the below configuration properties to the application.properties file.
spring.ldap.embedded.ldif=classpath:server.ldif spring.ldap.embedded.base-dn=dc=asbnotebook,dc=com spring.ldap.embedded.port=33389
Configure the spring security
Create a spring security configuration class as shown below.
We are configuring the UserDetailsService bean that uses an embedded LDAP server as the spring security context source.
We also have configured a password encoder bean that is used by the spring security.
@Configuration
public class LdapSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public UserDetailsService userDetailsService() {
var cs = new DefaultSpringSecurityContextSource("ldap://127.0.0.1:33389/dc=asbnotebook,dc=com");
cs.afterPropertiesSet();
var manager = new LdapUserDetailsManager(cs);
manager.setUsernameMapper(new DefaultLdapUsernameToDnMapper("ou=groups", "uid"));
manager.setGroupSearchBase("ou=groups");
return manager;
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
Create a secured resource
Finally, we can add a secure resource, protected by the spring security from public access.
@RestController
public class HelloController {
@GetMapping("/")
public String getMessage() {
return "Hello!";
}
}
Testing the application
Run the spring boot application.
Open the URL http://localhost:8080/. The spring security login page gets opened, as shown below.
Use the user credentials that we configured earlier.
After successful login, we get the below screen.
Visit the URL http://8080/logout for logging out the user. The application will as for logout confirmation as shown below.
Click on the Log Out button, and the page gets redirected to the login page.
Conclusion
In this article, we learned how to implement user authentication with spring and embedded LDAP.
We also learned how spring security provides login and logout pages out of the box.
Example code is available on Github.
