Announcement Announcement Module
Collapse
No announcement yet.
Spring Security- LDAP and authenticationManagerBuilder Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security- LDAP and authenticationManagerBuilder

    I'm working on a new spring boot app and looking to build my authentication using authenticationManagerBuilder. I'm connected to our ldap system can authenticate and find me, but not me in the correct group. This causes me to receive a 403 - forbidden when I attempt to login. I've tried a couple tricks for getting a navigating the tree of groups to find all groups, but I don't seem to have much luck. I'm looking to see if someone can shed some light on what I may be missing.

    I was looking to get away from building out my own dao and simply using the details returned from the Authentication Manager upon a users login for authentication. Here is my http security code.

    Code:
    @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests().antMatchers("/error").anonymous()
                    .antMatchers("/navigation").anonymous()
                    .antMatchers("/").hasRole("ACS-IVR-EXTMGMT_ADMIN")
                    .and().formLogin().permitAll().defaultSuccessUrl("/").and()
                    
                    .csrf().disable();
        }
    
    
    //The following is the code used to access ldap
    
        @Autowired
        @Override
        protected void configure(AuthenticationManagerBuilder authManagerBuilder)
                throws Exception {
            authManagerBuilder
                    .ldapAuthentication()
                    .userDnPatterns("CN=LDAP,CN=Users,DC=acslan,DC=ac,DC=americancentury,DC=com")
                    .userSearchFilter("(&(sAMAccountName={0})(objectclass=user))")
                    .groupSearchBase("OU=LDAP-Apps")
                    .groupSearchFilter("(member:1.2.840.113556.1.4.1941:=(sAMAccountName={0},cn=users,DC=acslan,DC=ac,DC=americancentury,DC=com))")
                    .contextSource()
                        .url("ldap://ldap:389/DC=acslan,DC=ac,DC=americancentury,DC=com")
                        .managerDn("CN=SomeUser,CN=Users,DC=acslan,DC=ac,DC=americancentury,DC=com")
                        .managerPassword("somePassword");
                    
        }
    Finally, I am returned the following log upon login. Based on the returned ou that it finds for me, this is working correctly, but I am attempting it to return the complete list of authorities. Do I need to go ahead and define a specific bean for the UserDetailsService or AuthenticationProvider?

    Code:
    2014-04-23 10:57:21.343  WARN 5964 --- [nio-8085-exec-2] o.s.s.a.event.LoggerListener             : Authentication event AuthenticationSuccessEvent: r2n; details: org.springframework.security.web.authentication.WebAuthentication[email protected]: RemoteIpAddress: 127.0.0.1; SessionId: null
    2014-04-23 10:57:21.344  INFO 5964 --- [nio-8085-exec-2] o.s.b.a.audit.listener.AuditListener     : AuditEvent [timestamp=Wed Apr 23 10:57:21 CDT 2014, principal=r2n, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.Web[email protected]: RemoteIpAddress: 127.0.0.1; SessionId: null}]
    2014-04-23 10:57:21.345  WARN 5964 --- [nio-8085-exec-2] o.s.s.a.event.LoggerListener             : Authentication event InteractiveAuthenticationSuccessEvent: r2n; details: org.springframework.security.web.authentication.WebAuthentication[email protected]: RemoteIpAddress: 127.0.0.1; SessionId: null
    2014-04-23 10:57:21.345  INFO 5964 --- [nio-8085-exec-2] o.s.b.a.audit.listener.AuditListener     : AuditEvent [timestamp=Wed Apr 23 10:57:21 CDT 2014, principal=r2n, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.Web[email protected]: RemoteIpAddress: 127.0.0.1; SessionId: null}]
    2014-04-23 10:57:21.361  WARN 5964 --- [nio-8085-exec-3] o.s.s.access.event.LoggerListener        : Security authorization failed due to: org.springframework.security.access.AccessDeniedException: Access is denied; authenticated principal: org.springframework.security.authentication.UsernamePasswordAuthe[email protected]: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@efe0855c: Dn: cn=Ron Nelson,ou=Users-DesktopSupport,dc=acslan,dc=ac,dc=americancentury,dc=com; Username: r2n; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthentication[email protected]: RemoteIpAddress: 127.0.0.1; SessionId: null; Not granted any authorities; secure object: FilterInvocation: URL: /; configuration attributes: [hasRole('ROLE_ACS-IVR-EXTMGMT_ADMIN')]
    2014-04-23 10:57:21.362  INFO 5964 --- [nio-8085-exec-3] o.s.b.a.audit.listener.AuditListener     : AuditEvent [timestamp=Wed Apr 23 10:57:21 CDT 2014, principal=r2n, type=AUTHORIZATION_FAILURE, data={message=Access is denied, type=org.springframework.security.access.AccessDeniedException}]
Working...
X