2

I am trying to authenticate against AD in my application created with Vaadin, which is using also Spring (SpringVaadinIntegration).

I can't find any information about how to achieve this and a lot of confusing, different and partial ways to connect to Active Directory with Spring security. Since Vaadin form fields don't have a name, I don't know if I can even use a normal form or I have to write my own JSP. My impression is that to map the username and the password entered in the form to the xml it's necessary that the fields have a name.

Has anybody achieved this or anybody has a clue on how to do it?

If somebody can provide a link where this is explained step by step, for dummies, would be great too. I just can find partial solutions, where you don't get an overall of the system and how should be configured.

enkara
  • 6,189
  • 6
  • 34
  • 52

2 Answers2

1

We have a TextField (username), a PasswordField (password) and a Button on a UI:

public class MyUI extends UI {
    @Override
    protected void init( VaadinRequest request ) {
        setContent( VaadinSession.getCurrent().getAttribute("userId") == null ? getNewLoginLayout() : getNewMainLayout() );
    }
    private VerticalLayout getNewLoginLayout() {
        TextField username = ...
        TextField password = ...
        Button login = ...
        return new VerticalLayout(username, password, login);
    }
}

When the button pushed we do a simple LDAP search like this on the server side (for example pass these parameters to a Spring bean). If it is successful we set a VaadinSession attribute (userId) and change the UI content to the main layout. Spring security need not necessarily.

Krayo
  • 2,492
  • 4
  • 27
  • 45
  • 1
    For some reason I couldn't make the LDAP search work following the example in your link but it helped me find the solution. I followed this example instead: http://www.adamretter.org.uk/blog/entries/LDAPTest.java, but passing the environtment as paramter when creating the context: LdapContext ctx = new InitialLdapContext(env, null); – enkara Aug 18 '14 at 12:32
  • 1
    To authenticate I followed this: http://stackoverflow.com/questions/12163947/ldap-how-to-authenticate-user-with-connection-details – enkara Aug 19 '14 at 06:38
0

Even this question is already answered I want to show you my solution.

We use Spring Security for LDAP authentication, so we have these two configuration classes:

@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, proxyTargetClass = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        // @formatter:off
        http
            .authorizeRequests()
                .anyRequest().authenticated() // Alle Requests erfordern einen Login...
                .and()
            .formLogin().loginPage("/login").defaultSuccessUrl("/#!").permitAll() // http://docs.spring.io/spring-security/site/docs/4.0.3.RELEASE/reference/htmlsingle/#jc-form
                .and()
            .logout().permitAll() // http://docs.spring.io/spring-security/site/docs/4.0.3.RELEASE/reference/htmlsingle/#jc-logout
                .and()
            .csrf().disable(); // CSRF (https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html) wird von Vaadin selbst gehandhabt!
        // @formatter:on
    }

    /**
     * @see http://stackoverflow.com/questions/34944617/java-config-for-spring-security-with-vaadin/35212403#35212403
     */
    @Override
    public void configure(WebSecurity web) throws Exception
    {
        // @formatter:off
        web
            .ignoring()
                .antMatchers("/resources/**", "/VAADIN/**");
        // @formatter:on
    }
}

@Configuration
public class SecurityConfigActiveDirectory
{
    @Value("${ldap.url}")
    String ldapUrl;

    @Value("${ldap.domain}")
    String ldapDomain;

    @Bean
    public AuthenticationManager authenticationManager()
    {
        ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(ldapDomain, ldapUrl);
        adProvider.setConvertSubErrorCodesToExceptions(true);
        adProvider.setUseAuthenticationRequestCredentials(true);
        adProvider.setAuthoritiesMapper(getAuthorityMapper());
        return new ProviderManager(Arrays.asList(adProvider));
    }

    private static SimpleAuthorityMapper getAuthorityMapper()
    {
        SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
        mapper.setConvertToUpperCase(true);
        return mapper;
    }
}

SecurityConfig class defines which pages should be protected in our web application and SecurityConfigActiveDirectory defines the LDAP authentication provider.

ldap.domain can be something like private.myTest.de and ldap.url something like ldap://myLdapHost.private.myTest.de:389.

Cheers!

shinchillahh
  • 515
  • 1
  • 4
  • 22