Spring Boot Security LDAP authentication

0
votes

I am trying to do LDAP authentication using custom login page but its not working below is my security and ldap configuration

@Configuration
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.httpBasic().and().authorizeRequests().antMatchers("/**").permitAll()
            .anyRequest().authenticated()
            .and().formLogin().loginPage("/login")
            .usernameParameter("username")
            .passwordParameter("password")
            .failureUrl("/login?error");

    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .ldapAuthentication()
                .userDnPatterns("uid={0},ou=people")
                .groupSearchBase("ou=groups")
                .contextSource().ldif("classpath:test-server.ldif");
    }
}

Below is sample LDif file which is placed in resource folder

dn: uid=bob,ou=people,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Bob Hamilton sn: Hamilton uid: bob userPassword: bobspassword

I am looking for only valid users can access other pages in the application .

Is there any thing wrong with the configuration and will be thankful for your answers.

1
javaspringspring-securityspring-bootldap

1 Answers

-1
votes

You should change your code to the following:

   @Override
   protected void configure(HttpSecurity http) throws Exception {
   http.httpBasic().and().authorizeRequests()
   .anyRequest().authenticated()
   .and().formLogin().loginPage("/login")
   .usernameParameter("username")
   .passwordParameter("password")
   .failureUrl("/login?error");

by putting

.antMatchers("/**").permitAll()

You just allowing every user to access every page without any authentication.