Configure User Authentication through Windows Active Directory Server in a Spring Boot Application

  1. Add following dependencies to pom.xml file
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();
}
@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {

ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider =
new ActiveDirectoryLdapAuthenticationProvider( "example.examplegroup.co.in", "ldap://192.168.1.25");

// to parse AD failed credentails error message due to account - expiry,lock, credentialis - expiry,lock
activeDirectoryLdapAuthenticationProvider.setConvertSubErrorCodesToExceptions(true);

return activeDirectoryLdapAuthenticationProvider;
}


@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
}}
  • /hello — return “Hello World”
  • /user — return json object of authenticated user details received from windows AD server.
@RestController
public class MyController {

@GetMapping("/hello")
public String sayHello() {
return "hello world";
}
@GetMapping("/user")
public Authentication getLoggedUserDeatil() {

Authentication auth = SecurityContextHolder.getContext().getAuthentication();
//get username
String username = auth.getName();
// concat list of authorities to single string seperated by comma
String authorityString = auth
.getAuthorities()
.stream()
.map(GrantedAuthority::getAuthority)
.collect(Collectors.joining(","));
// check if the user have authority -roleA
String role = "role_A";
boolean isCurrentUserInRole = auth
.getAuthorities()
.stream()
.anyMatch(role::equals);
//return Authentication object
return auth;
}}
login form when trying to access API
API /hello output after authentication
API /user output after authentication

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Himanshu Pratap

Himanshu Pratap

System Administrator and Full stack web developer.