I'm trying to learn spring and create a web site where the authentication will be down via login page with angular passed to spring which needs to use ldap to authenticate. I figured I'd start on Spring site and walk through there guide but it seems to use deprecated code and it has an error.
I've been through several stackoverflow topics and google search but I'm not finding what I need.
src/main/java/hello/WebSecurityConfig.java
package hello;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.url("ldap://localhost:8389/dc=springframework,dc=org")
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
}
The problem is ".passwordEncoder(new LdapShaPasswordEncoder()) .passwordAttribute("userPassword")" LdapShaPasswordEncoder is deprecated and so it either what .passwordEncoder takes or the PasswordEncoder being returned by LdapShaPasswordEncoder. I have tried the BCrypt example I found on stack using BCryptPasswordEncoder but I still get an error from .passwordEncoder that it's not the correct PasswordEncoder org.springframework.security.authentication.encoding.PasswordEncoder vs org.springframework.security.crypto.password.PasswordEncoder
