Configure User Authentication through Windows Active Directory Server in a Spring Boot Application

  1. Add following dependencies to pom.xml file
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();
}
@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {

ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider =
new ActiveDirectoryLdapAuthenticationProvider( "example.examplegroup.co.in", "ldap://192.168.1.25");

// to parse AD failed credentails error message due to account - expiry,lock, credentialis - expiry,lock
activeDirectoryLdapAuthenticationProvider.setConvertSubErrorCodesToExceptions(true);

return activeDirectoryLdapAuthenticationProvider;
}


@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
}}
  • /hello — return “Hello World”
  • /user — return json object of authenticated user details received from windows AD server.
@RestController
public class MyController {

@GetMapping("/hello")
public String sayHello() {
return "hello world";
}
@GetMapping("/user")
public Authentication getLoggedUserDeatil() {

Authentication auth = SecurityContextHolder.getContext().getAuthentication();
//get username
String username = auth.getName();
// concat list of authorities to single string seperated by comma
String authorityString = auth
.getAuthorities()
.stream()
.map(GrantedAuthority::getAuthority)
.collect(Collectors.joining(","));
// check if the user have authority -roleA
String role = "role_A";
boolean isCurrentUserInRole = auth
.getAuthorities()
.stream()
.anyMatch(role::equals);
//return Authentication object
return auth;
}}
login form when trying to access API
API /hello output after authentication
API /user output after authentication

--

--

--

System Administrator and Full stack web developer.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Share your secrets between your teams and applications with Secret Manager on Google Cloud Platform

How to estimate an app cost as a freelancer

Your First Open Source Contribution & Git

Cloud Architects— Closing on ‘go-live’

How to Implement Concurrency and Parallelism in Go

Drawing multiline text to Canvas on Android

Best 8 DreamHost Alternatives 2019

Reasons to Stay Connected

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Himanshu Pratap

Himanshu Pratap

System Administrator and Full stack web developer.

More from Medium

DevOps: Jenkins integration with GitHub using Webhooks and Pipelines to ensure CI/CD (Continuous…

Deploy java/spring application with mysql DB on Kubernetes

Easy approach for implementing CI/CD using Jenkins-Part 2

Scan vulnerabilities for language-specific packages using GitLab CI