Not granted any authorities error while authenticating user via Spring security ldap

1
votes

I am trying to authenticate user via LDAP server using spring boot for which I have confiured LDAP successfully. Now, while I am authenticatig user credentials using authenticationManager(), I am getting not granted any authorities error. I have tried several code but didn't find any suitable solution or may be I am missing some important point for this whole authentication process.

Controller:

@RequestMapping(value = "/login", method = RequestMethod.POST)
//  public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginRequest loginRequest, BindingResult result){

    public ResponseEntity<?> authenticateUser(@Valid @ModelAttribute LoginRequest loginRequest, BindingResult result){
        ResponseEntity<?> errorMap = mapValidationErrorService.getMapValidationErrors(result);
        if(errorMap != null) return errorMap;
        String jwt = null;

        try {
                Authentication authentication = authenticationManager.authenticate(
                new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword()) );
                System.out.println("test : "+authentication.toString());
                SecurityContextHolder.getContext().setAuthentication(authentication);
                jwt = TOKEN_PREFIX + tokenProvider.generateToken(authentication);
        }catch (Exception e) {
                return new ResponseEntity<>("Not Authorized", HttpStatus.FORBIDDEN);
        }

Security Config

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${ldap-url}")
    private String url;

    @Value("${ldap-basedn}")
    private String baseDn;

    @Value("${ldap-user-password}")
    private String userPassword;

    @Value("${ldap-user-dnpattern}")
    private String userDnPattern;

    @Value("${ldap.password}")
    private String ldapPrincipalPassword;

    @Value("${ldap.username}")
    private String ldapSecurityPrincipal;

    @Autowired
    private JwtAuthenticationEntryPoint unauthorizedhandler;

    @Autowired
    private CustomUserDetailsService customUserDetailsService;

    @Autowired
    private BCryptPasswordEncoder bCryptPasswordEncoder;

    @Bean
    public JwtAuthenticationFilter jwtAuthenticationFilter() { return new JwtAuthenticationFilter();}

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
        .ldapAuthentication()
            .userDnPatterns(userDnPattern)
            .contextSource()
                .url(url+baseDn)
                .managerDn(ldapSecurityPrincipal)
                .managerPassword(ldapPrincipalPassword)
                .and()
                .passwordCompare()
                .passwordEncoder(new LdapShaPasswordEncoder())
                .passwordAttribute("userPassword");


//      super.configure(auth);
//      auth.userDetailsService(customUserDetailsService).passwordEncoder(bCryptPasswordEncoder);
    }


    @Override
    @Bean(BeanIds.AUTHENTICATION_MANAGER)
    protected AuthenticationManager authenticationManager() throws Exception {
        // TODO Auto-generated method stub
        return super.authenticationManager();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.cors();
        http.csrf().disable()
            .exceptionHandling().authenticationEntryPoint(null).and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .headers().frameOptions().sameOrigin()
            .and()
            .authorizeRequests()
            .antMatchers(
                    "/",
                    "favicon.ico",
                    "/**/*.png",
                    "/**/*.gif",
                    "/**/*.svg",
                    "/**/*.jpg",
                    "/**/*.html",
                    "/**/*.css",
                    "/**/*.js"
            ).permitAll()
            .antMatchers("/api/users/**").permitAll()
            .anyRequest().fullyAuthenticated();

//          .antMatchers(SIGN_UP_URLS).permitAll()
//          .anyRequest()
//          .authenticated();


            http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);

        super.configure(http);
    }

     @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
        return bCryptPasswordEncoder;
    }

}

Authentication result is:

test : org.springframework.security.authentication.UsernamePasswordAuthenticationToken@58d6c26a: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@a7293dae: Dn: [email protected],ou=projectName,o=companyName; Username: [email protected]; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: null; Not granted any authorities

Please help me out with this. How to avoid not granted authorities error. Thanks in advance!

1
spring-bootspring-securityldapspring-ldapspring-security-ldap
Were you able to resolve the issue? I am facing the same issue.user1985948
yes, I was able to solve the issue. I changed security config, try to use ldapAuthoritiesPopulator.Balram Chauhan
thank you very muchuser1985948

1 Answers

0
votes

Update security config class instead of First configure method (AuthenticationManagerBuilder) use:

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

             auth.ldapAuthentication()
             .userDnPatterns(userDnPattern)
                .contextSource()
                    .url(url+baseDn)
                    .managerDn(ldapSecurityPrincipal)
                    .managerPassword(ldapPrincipalPassword)
                    .and()
                    .ldapAuthoritiesPopulator(myAuthPopulator);
        }

Also, autowire LdapAuthoritiesPopulator