Spring security LDAP Authentication without specifying authentication details in the configuration file

1
votes

We are using Spring security LDAP authentication in our application for authentication purpose. For ldap authentication, we configure a userid and password in the applicationContext-security.xml. I would like to know if there is a way to authenticate via LDAP without specifying the User parameters for accessing the LDAP server in the configuration(applicationContext-security.xml) file .

Thanks in Advance

2
springspring-securityspring-ldap
Did you see the answer below? Was it helpful?Michael

2 Answers

1
votes

Jasypt supports encrypting .properties files and transparently decrypting it when Spring accesses it.

So , you can try to specify the authentication details inside a .properties file , then use Jasypt to encrypt this .properties file . Use <context:property-placeholder> to inject the authentication details from the .properties files into the applicationContext-security.xml

0
votes

If your LDAP allows anonymous access you may not specify userDn and password in the configuration of contextSource. In this case Spring Security will use anonymous for read-write operations.