Currently, I'm authenticating against a LDAP server using Spring Security. This is really an Active Directory, so users have to enter their Windows user and password to login into Windows, and then the same user and password to login into this app. This is driving my users crazy.
Is there a way to instruct Spring to use Windows' credentials if the browser provides them, and show the login form otherwise?
This is my current configuration:
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/admin/**"
access="hasRole('ADMIN')" />
<security:intercept-url pattern="/**"
access="isAuthenticated()" />
</security:http>
<security:ldap-server id="ldapServer"
url="ldap://ldapserver:389/OU=Users,OU=Prod,DC=hhh,DC=org"
manager-dn="[email protected]" manager-password="xxx" />
<security:authentication-manager alias="ldapAuthenticationManager">
<security:ldap-authentication-provider user-context-mapper-ref="userContextMapper"
user-search-filter="(sAMAccountName={0})"/>
</security:authentication-manager>
Where userContextMapper is a class I implemented to load my user entity.