I am working on a spring boot maven project to authenticate users having username and password. The microservice needs to return true/false if user is authenticated.
The SecurityConfiguration.java
package com.app.config;
import java.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
private static final Logger logger = LoggerFactory.getLogger(SecurityConfiguration.class);
private String url = "ldaps://org.abc.in:3387";
private String domain = "org.abc.in";
private String userDNPattern = "CN=pan,OU=Users,OU=UCV,DC=org,DC=abc,DC=in";
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests().antMatchers("/", "logout").permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
}
@Bean
public AuthenticationManager authenticationManager() {
return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
}
@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(domain, url);
adProvider.setConvertSubErrorCodesToExceptions(true);
adProvider.setUseAuthenticationRequestCredentials(true);
//adProvider.setAuthoritiesMapper(new NullAuthoritiesMapper());
return adProvider;
}
}
I am calling the following method by passing username and password
public Authentication signin(String username, String password) throws Exception{
Authentication auth = new UsernamePasswordAuthenticationToken("[email protected]", "password");
return authenticationManager.authenticate(auth); // this line gives Bad Credential error
}
I am getting the following error when calling method authenticationManager.authenticate(auth)
ctiveDirectoryLdapAuthenticationProvider : Active Directory authentication failed: Supplied password was invalid
org.springframework.security.authentication.BadCredentialsException: Bad credentials
at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.badCredentials(ActiveDirectoryLdapAuthenticationProvider.java:308)
Caused by: org.springframework.security.ldap.authentication.ad.ActiveDirectoryAuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
I went through the following links: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
Active Directory Authentication using Spring Security 3.2, Spring Ldap 2.0 and JavaConfig
Based on above links I have tried setAuthoritiesMapper and passed NullAuthoritiesMapper as I don't have any authorities to map.
adProvider.setAuthoritiesMapper(new NullAuthoritiesMapper());
I tried to make changes to userDNPattern = "CN=pan,OU=Users,OU=UCV,DC=org,DC=abc,DC=in";
but it didn't work. CN= pan is my username
I am able to access the Apache Active Directory with above url, domain and userDnPattern and password. Do I need to encode the password?