TechQA.

How to replicate user from LDAP to application database for handling authorization from application layer

736 views Asked by At

Hi I am not pretty sure about the LDAP and spring security. I have a requirement were as the application authentication has to be carried out by a LDAP and authorization mechanism has to handled by application layer. I am using Jhipster which has spring security implementation. However, I can able to connect to LDAP and authenticate the user.

Now authorization mechanism has to be handled by application layer where I could manage authorities. So I thought of replicating the user information from the LDAP to application layer database if the user is not present just after the user authentication process. So how can I implement this with spring security framework. How to intercept the filter chain or some process to do this.

And finally is this the good approach or is there a better way to handle this.

spring-boot spring-security authorization jhipster spring-ldap
Original Q&A
1

There are 1 answers

4
amant singh On

This is how I implemented LDAP authentication and local Authorization in my project.

Configuration:

<beans:bean id="ldapAuthProvider"
    class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <beans:constructor-arg name="authenticator">
        <beans:bean
            class="org.springframework.security.ldap.authentication.BindAuthenticator">
            <beans:constructor-arg ref="contextSource" />
            <beans:property name="userSearch">
                <beans:bean
                    class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                    <beans:constructor-arg name="searchBase"
                        value="ou=example,dc=springframework,dc=org" />
                    <beans:constructor-arg name="searchFilter"
                        value="(uid={0})" />
                    <beans:constructor-arg name="contextSource"
                        ref="contextSource" />
                </beans:bean>
            </beans:property>
        </beans:bean>
    </beans:constructor-arg>
    <beans:constructor-arg name="authoritiesPopulator"
        ref="myLDAPAuthPopulator" />
</beans:bean>


<authentication-manager alias="authenticationManager">
<authentication-provider ref="ldapAuthProvider" />
</authentication-manager>

Custom Authorities Populator:

@Component("myLDAPAuthPopulator")
public class MyLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {

@Autowired
private UserDao userDao;

@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(
        DirContextOperations userData, String username) {

    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    User user = userDao.searchUser(username);

    List<String> roleList = userDao.getRoles(username);
    if (!roleList.isEmpty()) {
         for (String role : roleList) {
            System.out.println(role);
            authorities.add(new SimpleGrantedAuthority(role));
        }
    } 
    return authorities;
}

Related Questions in SPRING-BOOT

Related Questions in SPRING-SECURITY

Related Questions in AUTHORIZATION

Related Questions in JHIPSTER

Related Questions in SPRING-LDAP

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions