Spring MVC Security LDAP Authentication Java Config

STEP 1:- Open Eclipse and Create Dynamic Web Project named SpringSecurityLdapJavaConfig

STEP 2:- Make sure you use Target Runtime as Apache Tomcat 7.0.

STEP 3:- copy below jars to WEB-INF/lib folder.

  • antlr-2.7.6.jar
  • aopalliance-1.0.jar
  • apacheds-all-1.5.5.jar
  • apacheds-server-jndi-1.5.5.jar
  • commons-logging-1.2.jar
  • dom4j-1.6.1.jar
  • hibernate-commons-annotations-4.0.4.Final.jar
  • hibernate-core-4.3.6.Final.jar
  • hibernate-jpa-2.1-api-1.0.0.Final.jar
  • hibernate-validator-4.3.2.Final.jar
  • javassist-3.12.1.GA.jar
  • jboss-logging-3.1.0.CR1.jar
  • jta.jar
  • jtds.jar
  • log4j-1.2.17.jar
  • persistence-api-1.0.2.jar
  • slf4j-api-1.5.6.jar
  • slf4j-simple-1.5.6.jar
  • spring-aop-4.1.4.RELEASE.jar
  • spring-aspects-4.1.4.RELEASE.jar
  • spring-beans-4.1.4.RELEASE.jar
  • spring-context-4.1.4.RELEASE.jar
  • spring-core-4.1.4.RELEASE.jar
  • spring-expression-4.1.4.RELEASE.jar
  • spring-jdbc-4.1.4.RELEASE.jar
  • spring-ldap-core-2.0.3.RELEASE.jar
  • spring-ldap-core-tiger-2.0.1.RELEASE.jar
  • spring-orm-4.1.4.RELEASE.jar
  • spring-security-config-4.0.2.RELEASE.jar
  • spring-security-core-4.0.2.RELEASE.jar
  • spring-security-ldap-4.0.2.RELEASE.jar
  • spring-security-taglibs-4.0.2.RELEASE.jar
  • spring-security-web-4.0.2.RELEASE.jar
  • spring-tx-4.1.4.RELEASE.jar
  • spring-web-4.1.4.RELEASE.jar
  • spring-webmvc-4.1.4.RELEASE.jar
STEP 4:- Create Spring security configuration file.
  • Package: com.tutorialsdesk.config
  • Filename: SecurityConfig.java
package com.tutorialsdesk.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import
org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import
org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 @Autowired
 public void init(AuthenticationManagerBuilder auth) throws Exception {
 auth.ldapAuthentication()
 .userSearchFilter("(uid={0})")
 .userSearchBase("ou=users")
 .groupSearchFilter("(uniqueMember={0})")
 .groupSearchBase("ou=groups")
 .groupRoleAttribute("cn")
 .rolePrefix("ROLE_")
 .contextSource().ldif("/WEB-INF/conf/users.ldif").root("o=tutorialsdesk");
 }

 @Override
 protected void configure(HttpSecurity http) throws Exception {

 http.authorizeRequests()
 .antMatchers("/").permitAll()
 .antMatchers("/home").permitAll()
 .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
 .antMatchers("/api/**").access("hasRole('ROLE_ADMIN') or
hasRole('ROLE_API')")
 .and().formLogin()
 .and().exceptionHandling().accessDeniedPage("/Access_Denied");
 
 }
 
}

STEP 5:- Create a class extends AbstractSecurityWebApplicationInitializer, it will load the springSecurityFilterChain automatically.
  • Package: com.tutorialsdesk.config.core
  • Filename: SpringSecurityInitializer.java
package com.tutorialsdesk.config.core;

import
org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SpringSecurityInitializer extends
 AbstractSecurityWebApplicationInitializer {

}
STEP 6:- Create Spring MVC configuration file. A Config class, define the view’s technology and imports above SecurityConfig.java.
  • Package: com.tutorialsdesk.config
  • Filename: AppConfig.java
package com.tutorialsdesk.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.view.JstlView;

@EnableWebMvc
@Configuration
@ComponentScan({ "com.tutorialsdesk.controller" })
@Import({ SecurityConfig.class })
public class AppConfig {

 @Bean
 public InternalResourceViewResolver viewResolver() {
 InternalResourceViewResolver viewResolver 
 = new InternalResourceViewResolver();
 viewResolver.setViewClass(JstlView.class);
 viewResolver.setPrefix("/WEB-INF/views/");
 viewResolver.setSuffix(".jsp");
 return viewResolver;
 }
}

STEP 7:- Create a Sevlet Initializer class, to load everything.
  • Package: com.tutorialsdesk.config.core
  • Filename: SpringMvcInitializer.java
package com.tutorialsdesk.config.core;

import
org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;

import com.tutorialsdesk.config.AppConfig;

public class SpringMvcInitializer extends
 AbstractAnnotationConfigDispatcherServletInitializer {

 @Override
 protected Class<?>[] getRootConfigClasses() {
 
 return new Class[] { AppConfig.class };
 }

 @Override
 protected Class<?>[] getServletConfigClasses() {
 
 return null;
 }

 @Override
 protected String[] getServletMappings() {
 
 return new String[] { "/" };
 }

}

STEP 8 :- Create Controller Class.
  • Package: com.tutorialsdesk.controller
  • Filename: IndexController.java
package com.tutorialsdesk.controller;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import
org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;

@Controller
@RequestMapping("/")
public class IndexController {

 @RequestMapping(value = { "/", "/login" }, method =
RequestMethod.GET)
 public String loginPage(ModelMap model, @RequestParam(value = "error",
required = false) String error) {
 
 if (error != null) {
 model.addAttribute("error", "Invalid username and password!");
 }
 return "login";
 }
 
 @RequestMapping(value = { "/home" }, method = RequestMethod.GET)
 public String homePage(ModelMap model) {
 model.addAttribute("greeting", "Hi, Welcome to mysite. ");
 return "welcome";
 }
 
 @RequestMapping(value = "/admin", method = RequestMethod.GET)
 public String adminPage(ModelMap model) {
 model.addAttribute("user", getPrincipal());
 return "admin";
 }
 
 @RequestMapping(value = "/api", method = RequestMethod.GET)
 public String dbaPage(ModelMap model) {
 model.addAttribute("user", getPrincipal());
 return "api";
 }
 
 @RequestMapping(value="/logout", method = RequestMethod.GET)
 public String logoutPage (ModelMap model,HttpServletRequest request,
HttpServletResponse response) {
 Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 if (auth != null){ 
 new SecurityContextLogoutHandler().logout(request, response, auth);
 }
 model.addAttribute("msg", "You've been logged out
successfully.");
 return "login";
 }
 
 @RequestMapping(value = "/Access_Denied", method = RequestMethod.GET)
 public String accessDeniedPage(ModelMap model) {
 model.addAttribute("user", getPrincipal());
 return "accessDenied";
 }
 
 private String getPrincipal(){
 String userName = null;
 Object principal =
SecurityContextHolder.getContext().getAuthentication().getPrincipal();
 
 System.out.println("HelloWorldController.getPrincipal()" +
SecurityContextHolder.getContext().getAuthentication().getAuthorities().size());
 
 System.out.println("HelloWorldController.getPrincipal()" +
SecurityContextHolder.getContext().getAuthentication().getAuthorities().toString());
 
 if (principal instanceof UserDetails) {
 userName = ((UserDetails)principal).getUsername();
 } else {
 userName = principal.toString();
 }
 return userName;
 }
}

STEP 9 :- Create a LDIF file in /WebContent/WEB-INF/conf/users.ldif file as below :-
version: 1

dn: o=tutorialsdesk
objectClass: organization
objectClass: extensibleObject
objectClass: top
o: tutorialsdesk

dn: ou=users,o=tutorialsdesk
objectClass: extensibleObject
objectClass: organizationalUnit
objectClass: top
ou: users

dn: ou=groups,o=tutorialsdesk
objectClass: extensibleObject
objectClass: organizationalUnit
objectClass: top
ou: groups

dn: cn=User,ou=groups,o=tutorialsdesk
objectClass: groupOfUniqueNames
objectClass: top
cn: User
uniqueMember: cn=Normal User,ou=users,o=tutorialsdesk
uniqueMember: cn=Api User,ou=users,o=tutorialsdesk
uniqueMember: cn=Admin User,ou=users,o=tutorialsdesk

dn: cn=Admin,ou=groups,o=tutorialsdesk
objectClass: groupOfUniqueNames
objectClass: top
cn: Admin
uniqueMember: cn=Admin User,ou=users,o=tutorialsdesk

dn: cn=Api,ou=groups,o=tutorialsdesk
objectClass: groupOfUniqueNames
objectClass: top
cn: Api
uniqueMember: cn=Api User,ou=users,o=tutorialsdesk
uniqueMember: cn=Admin User,ou=users,o=tutorialsdesk

dn: cn=Normal User,ou=users,o=tutorialsdesk
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
cn: Normal User
sn: Normal
uid: user
userPassword:: cGFzcw==

dn: cn=Admin User,ou=users,o=tutorialsdesk
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
cn: Admin User
sn: Admin
uid: adminuser
userPassword:: cGFzcw==

dn: cn=Api User,ou=users,o=tutorialsdesk
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
cn: Api User
sn: Api
uid: apiuser
userPassword:: cGFzcw==

STEP 10 :- Create jsp files in /WebContent/WEB-INF/views folder
  • Filename: login.jsp
<%@ taglib prefix="c"
uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<html>
<head>
<title>Login Page</title>
<style>
.error {
 padding: 15px;
 margin-bottom: 20px;
 border: 1px solid transparent;
 border-radius: 4px;
 color: #a94442;
 background-color: #f2dede;
 border-color: #ebccd1;
}

.msg {
 padding: 15px;
 margin-bottom: 20px;
 border: 1px solid transparent;
 border-radius: 4px;
 color: #31708f;
 background-color: #d9edf7;
 border-color: #bce8f1;
}

#login-box {
 width: 300px;
 padding: 20px;
 margin: 100px auto;
 background: #fff;
 -webkit-border-radius: 2px;
 -moz-border-radius: 2px;
 border: 1px solid #000;
}
</style>
</head>
<body onload='document.loginForm.username.focus();'>

 <h1>Spring Security Login Form (LDAP Authentication)</h1>

 <div id="login-box">

 <h2>Login with Username and Password</h2>

 <c:if test="${not empty error}">
 <div class="error">${error}</div>
 </c:if>
 <c:if test="${not empty msg}">
 <div class="msg">${msg}</div>
 </c:if>

 <form name='loginForm'
 action="<c:url value='/login' />" method='POST'>

 <table>
 <tr>
 <td>User:</td>
 <td><input type='text' name='username'></td>
 </tr>
 <tr>
 <td>Password:</td>
 <td><input type='password' name='password' /></td>
 </tr>
 <tr>
 <td colspan='2'><input name="submit"
type="submit"
 value="submit" /></td>
 </tr>
 </table>

 <input type="hidden" name="${_csrf.parameterName}"
 value="${_csrf.token}" />

 </form>
 </div>

</body>
</html>
  • Filename: welcome.jsp
<%@ page language="java" contentType="text/html;
charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c"
uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
 <meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
 <title>HelloWorld page</title>
</head>
<body>
 Greeting : ${greeting}
 This is a welcome page. <a href="<c:url value="/logout"
/>">Logout</a>
 <br/><br/>
 Go to Admin page <a href="<c:url value="/admin"
/>">click here</a><br/><br/>
 Go to API page <a href="<c:url value="/api"
/>">click here</a>
 
</body>
</html>

  • Filename: admin.jsp
<%@ page language="java" contentType="text/html;
charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c"
uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
 <meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
 <title>HelloWorld Admin page</title>
</head>
<body>
 Dear <strong>${user}</strong>, Welcome to Admin Page.
 <br/><br/><a href="<c:url value="/home"
/>">Home</a> | <a href="<c:url
value="/logout" />">Logout</a>
</body>
</html>

  • Filename: accessDenied.jsp
<%@ page language="java" contentType="text/html;
charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c"
uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
 <meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
 <title>AccessDenied page</title>
</head>
<body>
 Dear <strong>${user}</strong>, You are not authorized to access this page
 <br/><br/><a href="<c:url value="/home"
/>">Home</a> | <a href="<c:url
value="/logout" />">Logout</a>
</body>
</html>

  • Filename: api.jsp
<%@ page language="java" contentType="text/html;
charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c"
uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
 <meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
 <title>DBA page</title>
</head>
<body>
 Dear <strong>${user}</strong>, Welcome to API Page.
 <br/><br/><a href="<c:url value="/home"
/>">Home</a> | <a href="<c:url
value="/logout" />">Logout</a>
</body>
</html>

STEP 11 :- Run your project enter below URL in your browser 

http://localhost:8080/SpringSecurityLdapJavaConfig/

Keep visiting TutorialsDesk for more tutorials and practical programming examples on Spring MVC. Hope we are able to explain you Spring MVC Security LDAP Authentication Java Config Example, if you have any questions or suggestions please write to us using contact us form.

Please share us on social media if you like the tutorial.