LDAP authentication using Spring Boot

I have created Restful API. I am using in here ldap authentication. Our company has ldap directory server and I am using below method as utility in my service layer.

This is my ldap authentication method, which I am using this method as utility in my serivce layer.

public Map<String, Object> authenticate(String user, String pass) {    String returnedAtts[] = {"sn", "givenName", "name", "userPrincipalName", "displayName", "memberOf"};    String searchFilter = "(&(objectClass=User)(sAMAccountName=" + user + "))";    // Create the search controls    SearchControls searchCtls = new SearchControls();    searchCtls.setReturningAttributes(returnedAtts);    // Specify the search scope    searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);    Hashtable<String, String> env = new Hashtable<String, String>();    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");    env.put(Context.PROVIDER_URL, ldapHost);    env.put(Context.SECURITY_AUTHENTICATION, "simple");    env.put(Context.SECURITY_PRINCIPAL, user + "@" + domain);    env.put(Context.SECURITY_CREDENTIALS, pass);    env.put(Context.SECURITY_PROTOCOL, "SSL");    LdapContext ctxGC = null;    NamingEnumeration<SearchResult> answer = null;    Attributes attrs = null;    SearchResult sr = null;    NamingEnumeration<?> ne = null;    Attribute attr = null;    try {        ctxGC = new InitialLdapContext(env, null);        if (ctxGC != null) {            answer = ctxGC.search(searchBase, searchFilter, searchCtls);            if (answer != null) {                while (answer.hasMoreElements()) {                    sr = (SearchResult) answer.next();                    attrs = sr.getAttributes();                    if (attrs != null) {                        amap = new HashMap<String, Object>();                        ne = attrs.getAll();                        attr = (Attribute) ne.next();                        amap.put(attr.getID(), attr.get());                        ne.close();                    }                    ctxGC.close();         // Close and clean up                }            } else {                System.out.println("Answer from domen controller is null!");            }        } else {            System.out.println("Login or Password is wrong! ");        }    } catch (NamingException ex) {        System.out.println("Exception: "+ex.toString());    } finally {        System.out.println("");    }    return amap; }

This is my service layer class and I am making utility class as injection which can be used authentication method as you know. When I send request in swagger or postman username and password, given the values comes from request, I am persist them into to database of table. but before persist authentication method controls my username and password. if password or username is not correct I return error response to the client otherwise I return success response to the client. both situation I insert given values to the database of table from the request .

@Override    public Optional<ResponseEntity<? extends ResponseDto>> login(String username, String password, String type) { //Is there any method or feature that spring boot provides us instead of the method you see here?        Map<String, Object> authenticate = this.controlDomainLogin.authenticate(username, password); //Is there any method or feature that spring boot provides us instead of the method you see here?        if (authenticate != null) {            DomainLogin domainLogin = new DomainLogin();            domainLogin.setUsername(username);            domainLogin.setType(type);            domainLogin.setLogDate(new Date());            ResponseEntity<ResponseDto> responseDtoResponseEntity = new ResponseEntity<>(new SuccessResponseDto(SUCCESS_OPERATION.getMessage(), SUCCESS_OPERATION.getCode(), authenticate), HttpStatus.OK);            domainLogin.setResponse(Objects.requireNonNull(responseDtoResponseEntity.getBody()).getMessage() + "," + responseDtoResponseEntity.getBody().getCode());            this.domainLoginRepository.save(domainLogin);            return Optional.of(responseDtoResponseEntity);        } else {            DomainLogin domainLogin = new DomainLogin();            domainLogin.setUsername(username);            domainLogin.setType(type);            domainLogin.setLogDate(new Date());            ResponseEntity<ResponseDto> responseDtoResponseEntity = new ResponseEntity<>(new ErrorResponseDto(WRONG_USERNAME.getMessage(), WRONG_USERNAME.getCode()), HttpStatus.NOT_FOUND);            domainLogin.setResponse(Objects.requireNonNull(responseDtoResponseEntity.getBody()).getMessage() + "," + responseDtoResponseEntity.getBody().getCode());            domainLogin.setException(Objects.requireNonNull(responseDtoResponseEntity.getBody()).getMessage() + "," + responseDtoResponseEntity.getBody().getCode());            this.domainLoginRepository.save(domainLogin);            return Optional.of(responseDtoResponseEntity);        }    }

Now I don't need to use this method, instead, does spring boot itself have a similar method or any feature, just like the method I showed above?
The same operations will be repeated, but the difference is that I will delete the method I wrote in java and use the spring boot's ldap security authentication feature instead.

It looks like your present method is doing a lot more than just authenticating. It's returning "amap", and presumably an entire user profile.

Spring Security is going to act like standard JEE security and simply return a "authenticated/not authenticated" binary response. Also, if it's doing the authentication via standard JEE security, it wouldn't have any application logic at all, since all the LDAP checking would be in the server's security Realm component. That's not only authentication, but role-checking. So that would be totally configuration statements and not active logic.

There's nothing wrong with keeping general account information in LDAP, but that's stuff that you'd still have to code as part of the application, as Spring wouldn't know what to do with it. Ideally, retrieval of that information would be done using different credentials that didn't have the right to read passwords or browse for other user IDs.