ldap & JWT authentication without spring security

0
votes

I'm trying to create a security module that will check against LDAP for user credentials (on login) and on successful login generate a JWT for further requests to the server.

currently my module works like this: i have 3 rest API endpoints to provide authentication (login, validate JWT, logout) that are not protected as anyone must be able to access those endpoints, and also 1 userUpdate endpoint protected with spring security via a JWTAuthenticationProvider

all the stuff pertaining the JWT is ready, now I just need to create a method to check in LDAP if the user and password are correct. but i am having some trouble understanding how am i supposed to do soldap users

i already have the master user and pass to conect to ldap, but most of the examples i find about ldap authentication are with spring security and i dont think thats the way to do it in this case as i need to verify the matching us/pass only on login (and not protect my endpoints with security).

can anyone tell me how im supposed to do that verification? any stuff i am not being clear on? please ask and comment and answer.

thanks

oh one edit:

@Override
public AuthenticationResponse login(AuthenticationRequest authenticationRequest) {
    checkNotNull(authenticationRequest, "The authenticationRequest is a required argument!");

    AuthenticationResponse authenticationResponse = AuthenticationResponse.builder().build();

    //currently a pseudo authentication, here is where i should authenticate against LDAP
    Optional<Usuario> optionalUsuario = service.findByNombreUsuario(authenticationRequest);

    if (optionalUsuario.isPresent()) {
        Usuario usuario = optionalUsuario.get();

        String token = JwtTokenUtil.generateToken(authenticationRequest);
        authenticationResponse.setAuthenticationToken(token);

        repository.saveToken(UserToken.builder()
                .nombreUsuario(usuario.getNombreUsuario())
                .roles(usuario.getRoles())
                .build(), token);

as you can see i intent to make the authentication against ldap only at login, and only to check if the user and pass are correct, i will manage the roles and authorities using other DB

another edit: i have some basic ldap structure for ldap auth using spring security, but i always get bad credentials

edit again: i managed to make it work with spring security, but (as expected) was told by my team that we need to implement that authentication without spring security to integrate with our custom role loader and token creation

1
javaauthenticationspring-securityldapjwt
Hi Fernando, is did you find any solution for your question? If so, please share with us. Best.mgyky

1 Answers

0
votes

use http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.html to authenticate and get roles from LDAP, it should be done using spring security, I probably missed smth but could you explain why you don't want use it as far it is security standart