Win a copy of Java Persistence with Spring Data and Hibernate this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Tim Cooke
  • Paul Clapham
  • Liutauras Vilda
  • Junilu Lacar
  • Rob Spoor
  • Jeanne Boyarsky
Saloon Keepers:
  • Stephan van Hulst
  • Carey Brown
  • Tim Holloway
  • Piet Souris

LDAP authentication using Spring Boot

Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have created Restful API. I am using in here ldap authentication. Our company has ldap directory server and I am using below method as utility in my service layer.

This is my ldap authentication method, which I am using this method as utility in my serivce layer.

This is my service layer class and I am making utility class as injection which can be used authentication method as you know. When I send request in swagger or postman username and password, given the values comes from request, I am persist them into to database of table. but before persist authentication method controls my username and password. if password or username is not correct I return error response to the client otherwise I return success response to the client. both situation I insert given values to the database of table from the request .

Now I don't need to use this method, instead, does spring boot itself have a similar method or any feature, just like the method I showed above?
The same operations will be repeated, but the difference is that I will delete the method I wrote in java and use the spring boot's ldap security authentication feature instead.
Saloon Keeper
Posts: 26738
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It looks like your present method is doing a lot more than just authenticating. It's returning "amap", and presumably an entire user profile.

Spring Security is going to act like standard JEE security and simply return a "authenticated/not authenticated" binary response. Also, if it's doing the authentication via standard JEE security, it wouldn't have any application logic at all, since all the LDAP checking would be in the server's security Realm component. That's not only authentication, but role-checking. So that would be totally configuration statements and not active logic.

There's nothing wrong with keeping general account information in LDAP, but that's stuff that you'd still have to code as part of the application, as Spring wouldn't know what to do with it. Ideally, retrieval of that information would be done using different credentials that didn't have the right to read passwords or browse for other user IDs.
and POOF! You're gone! But look, this tiny ad is still here:
The Low Tech Laboratory Movie Kickstarter is LIVE NOW!
    Bookmark Topic Watch Topic
  • New Topic