I am currently creating a new web application using Spring Boot and began the process of integrating Spring Security for authentication. After successfully following the Spring Boot-based LDAP tutorial, I wanted to point my JavaConfig-based configuration to my Active Directory instance.
My application now handles bad credentials as expected, but valid credentials now result in
javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ''
This is a common problem -- there are a number of places where this issue has been encountered. The solution appears to be setting Context.REFERRAL to "follow", but I can't find any documentation indicating how to set that option using JavaConfig. Is my only option here to revert to an XML-based configuration? It seems like Spring is pushing developers toward JavaConfig, so I'd like to avoid mixing the two approaches, if possible.
The following is my security configuration:
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/css/**").permitAll().anyRequest()
.fullyAuthenticated().and().formLogin();
}
@Configuration
protected static class AuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.userSearchBase("")
.userSearchFilter("(&(cn={0}))").contextSource()
.managerDn("<username>")
.managerPassword("<password>")
.url("ldap://<url>");
}
}
}
Method 1: Changing in the application properties file Now go to any browser and type localhost:8080 and try to access any local API we cannot access the API first we have to bypass the security. The user name and password are the same as we mention in the application. properties file.
LDAP Authentication It allows you to specify users/user-groups in a hierarchical structure and define their permissions. Spring Security has a project called "spring-security-ldap" that allows us to use LDAP Authentication in our Spring apps.
I had the feeling I'd need to use an instance of LdapContextSource
to make this happen (since it conveniently has a setReferral
method), but I struggled a bit with the details. A forum post on spring.io gave me enough to go on, and it looks like I now have things working.
It's not clear to me if there are any significant flaws with what I'm doing here, but it seems to work, so hopefully this will be helpful to someone else in the future:
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/css/**").permitAll().anyRequest()
.fullyAuthenticated().and().formLogin();
}
@Configuration
protected static class AuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource("ldap://<url>");
contextSource.setUserDn("<username>");
contextSource.setPassword("<password>");
contextSource.setReferral("follow");
contextSource.afterPropertiesSet();
LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> ldapAuthenticationProviderConfigurer = auth.ldapAuthentication();
ldapAuthenticationProviderConfigurer
.userSearchFilter("(&(cn={0}))")
.userSearchBase("")
.contextSource(contextSource);
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With