I am trying to authenticate against AD in my application created with Vaadin, which is using also Spring (SpringVaadinIntegration).
I can't find any information about how to achieve this and a lot of confusing, different and partial ways to connect to Active Directory with Spring security. Since Vaadin form fields don't have a name, I don't know if I can even use a normal form or I have to write my own JSP. My impression is that to map the username and the password entered in the form to the xml it's necessary that the fields have a name.
Has anybody achieved this or anybody has a clue on how to do it?
If somebody can provide a link where this is explained step by step, for dummies, would be great too. I just can find partial solutions, where you don't get an overall of the system and how should be configured.
We have a TextField
(username), a PasswordField
(password) and a Button
on a UI
:
public class MyUI extends UI {
@Override
protected void init( VaadinRequest request ) {
setContent( VaadinSession.getCurrent().getAttribute("userId") == null ? getNewLoginLayout() : getNewMainLayout() );
}
private VerticalLayout getNewLoginLayout() {
TextField username = ...
TextField password = ...
Button login = ...
return new VerticalLayout(username, password, login);
}
}
When the button pushed we do a simple LDAP search like this on the server side (for example pass these parameters to a Spring bean). If it is successful we set a VaadinSession
attribute (userId) and change the UI
content to the main layout. Spring security need not necessarily.
Even this question is already answered I want to show you my solution.
We use Spring Security for LDAP authentication, so we have these two configuration classes:
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, proxyTargetClass = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception
{
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated() // Alle Requests erfordern einen Login...
.and()
.formLogin().loginPage("/login").defaultSuccessUrl("/#!").permitAll() // http://docs.spring.io/spring-security/site/docs/4.0.3.RELEASE/reference/htmlsingle/#jc-form
.and()
.logout().permitAll() // http://docs.spring.io/spring-security/site/docs/4.0.3.RELEASE/reference/htmlsingle/#jc-logout
.and()
.csrf().disable(); // CSRF (https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html) wird von Vaadin selbst gehandhabt!
// @formatter:on
}
/**
* @see http://stackoverflow.com/questions/34944617/java-config-for-spring-security-with-vaadin/35212403#35212403
*/
@Override
public void configure(WebSecurity web) throws Exception
{
// @formatter:off
web
.ignoring()
.antMatchers("/resources/**", "/VAADIN/**");
// @formatter:on
}
}
@Configuration
public class SecurityConfigActiveDirectory
{
@Value("${ldap.url}")
String ldapUrl;
@Value("${ldap.domain}")
String ldapDomain;
@Bean
public AuthenticationManager authenticationManager()
{
ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(ldapDomain, ldapUrl);
adProvider.setConvertSubErrorCodesToExceptions(true);
adProvider.setUseAuthenticationRequestCredentials(true);
adProvider.setAuthoritiesMapper(getAuthorityMapper());
return new ProviderManager(Arrays.asList(adProvider));
}
private static SimpleAuthorityMapper getAuthorityMapper()
{
SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
mapper.setConvertToUpperCase(true);
return mapper;
}
}
SecurityConfig
class defines which pages should be protected in our web application and SecurityConfigActiveDirectory
defines the LDAP authentication provider.
ldap.domain
can be something like private.myTest.de and ldap.url
something like ldap://myLdapHost.private.myTest.de:389 .
Cheers!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.