spring ldap security without xml

Question

This documentation explains how to configure Spring-Security LDAP:

http://docs.spring.io/spring-security/site/docs/3.2.4.CI-SNAPSHOT/reference/htmlsingle/#ldap

3.4.5. Spring Bean Configuration

<bean id="contextSource"
        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <constructor-arg value="ldap://monkeymachine:389/dc=springframework,dc=org"/>
  <property name="userDn" value="cn=manager,dc=springframework,dc=org"/>
  <property name="password" value="password"/>
</bean>

<bean id="ldapAuthProvider"
    class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
 <constructor-arg>
   <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
     <constructor-arg ref="contextSource"/>
     <property name="userDnPatterns">
       <list><value>uid={0},ou=people</value></list>
     </property>
   </bean>
 </constructor-arg>
 <constructor-arg>
   <bean
     class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
     <constructor-arg ref="contextSource"/>
     <constructor-arg value="ou=groups"/>
     <property name="groupRoleAttribute" value="ou"/>
   </bean>
 </constructor-arg>
</bean>

how can we achieve this without xml? Here we have a sample which uses a local ldif file: https://github.com/spring-projects/spring-security/blob/master/samples/ldap-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

I've modified SecurityConfig.java as follows:

    public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception {
        DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(ldap_url);
        contextSource.setUrl(ldap_user);
        contextSource.setPassword(ldap_password);

        DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(contextSource, "ou=groups");
        ldapAuthoritiesPopulator.setGroupRoleAttribute("ou");

        LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> ldapAuthenticationProviderConfigurer = auth.ldapAuthentication();

        ldapAuthenticationProviderConfigurer
            .userDnPatterns("uid={0},ou=people")
            .groupSearchBase("ou=groups")
            .contextSource(contextSource)
            .ldapAuthoritiesPopulator(ldapAuthoritiesPopulator);
    }
}

but when I login using the web form, I get this error:

java.lang.NullPointerException
    at java.util.Hashtable.<init>(Hashtable.java:296)
    at org.springframework.ldap.core.support.AbstractContextSource.getAuthenticatedEnv(AbstractContextSource.java:499)
    at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:114)
    at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:110)
    at org.springframework.security.ldap.authentication.BindAuthenticator.bindWithDn(BindAuthenticator.java:112)

Is there a similar documentation to http://docs.spring.io/spring-security/site/docs/3.2.4.CI-SNAPSHOT/reference/htmlsingle/#ldap explaining how to achieve this without spring xml?

Answer 1

You need to call

contextSource.afterPropertiesSet()

if you are using the class outside an application context (see the source and Javadoc for Spring LDAP's AbstractContextSource for more information). Either that or you can just make it an @Bean and Spring will call the method and initialize it for you.

Also

contextSource.setUrl(ldap_user);

doesn't look right. Shouldn't that be setUserDn ?