How can I dynamically authenticate a user against the db or ldap with spring security?

0
votes

I configured the authentication to work with both the db and ldap like this:

auth.ldapAuthentication()
        .groupSearchBase(groupSearchBase)
        .groupSearchFilter(groupFilter)
        .userSearchFilter(userFilter).userSearchBase(userSearchBase)
        .contextSource(contextSource())
        .and()
        .jdbcAuthentication().dataSource(dataSource).usersByUsernameQuery(
        "SELECT lower(username), password, active from USER_BTABLE where lower(username)=lower(?) and LDAPAUTH=0"
).authoritiesByUsernameQuery("select lower(username), 'ROLE_USER' from USER_ATABLE where lower(username)=lower(?)");

The trouble is that if the user also exists in the configured ldap with another password starting with the 6th authentication request the following exception appears:

 org.springframework.ldap.InvalidAttributeValueException: [LDAP: error code 19 - Exceed password retry limit. Please try later.];

I check in the login filter if the user has the db auth flag set, can I configure the AuthenticationManagerBuilder on the fly there also?

1
javaspringspring-bootspring-securityspring-security-ldap
Try switching the order so JDBC authentication is first and LDAP after.holmis83
I thought about that but if the user enters the wrong password 6 times in a row for the db then it will also lock the ldap accountosmingo
What's the purpose of using both authentication types for the same user?dsep
I'm using both involuntarily by will of the framework and my lack of complete understanding of it, that's why I asked the question. It's just a business requirement that both types of authentication can be used for the users. Not all users have the db authentication and not all the users have the ldap, they're split between the two options.osmingo

1 Answers

0
votes

I eventually did a 307 redirect from a db auth server instance to an ldap auth server instance inside a doFilter method:

httpResponse.setStatus(TEMPORARY_REDIRECT);
httpResponse.setHeader("Location", req.getScheme() + "://"redirectLocation);