Configure User Authentication through Windows Active Directory Server in a Spring Boot Application

  1. Add following dependencies to pom.xml file
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();
}
@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {

ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider =
new ActiveDirectoryLdapAuthenticationProvider( "example.examplegroup.co.in", "ldap://192.168.1.25");

// to parse AD failed credentails error message due to account - expiry,lock, credentialis - expiry,lock
activeDirectoryLdapAuthenticationProvider.setConvertSubErrorCodesToExceptions(true);

return activeDirectoryLdapAuthenticationProvider;
}


@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
}}
  • /hello — return “Hello World”
  • /user — return json object of authenticated user details received from windows AD server.
@RestController
public class MyController {

@GetMapping("/hello")
public String sayHello() {
return "hello world";
}
@GetMapping("/user")
public Authentication getLoggedUserDeatil() {

Authentication auth = SecurityContextHolder.getContext().getAuthentication();
//get username
String username = auth.getName();
// concat list of authorities to single string seperated by comma
String authorityString = auth
.getAuthorities()
.stream()
.map(GrantedAuthority::getAuthority)
.collect(Collectors.joining(","));
// check if the user have authority -roleA
String role = "role_A";
boolean isCurrentUserInRole = auth
.getAuthorities()
.stream()
.anyMatch(role::equals);
//return Authentication object
return auth;
}}
login form when trying to access API
API /hello output after authentication
API /user output after authentication

--

--

--

System Administrator and Full stack web developer.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Agile + Scrumban For Better Productivity: How to Create a Hybrid Software Development Process

How to integrate SentinelOne with ForgeRock SSO

Embed Medium Blog Posts in Website

APACHE STORM INTERVIEW QUESTIONS AND ANSWERS

The Straightforward guide for installing Arch Linux (2020) — Part 2, Installing Utilities and…

What is id?

Summer of Codeprentice

GCP Cloud SQL — Recovering an accidentally deleted database/Cloud SQL Instance

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Himanshu Pratap

Himanshu Pratap

System Administrator and Full stack web developer.

More from Medium

Generate P12 file for spring boot HTTPS configuration using OpenSSL

How Log4j May Infected Your Application?

What is the “strength” parameter in BcryptEncoder of Spring Security

Spring Security