0

Our legacy application is deployed on Glassfish, and uses javax.security to manage authorization.

The following code retrieves from LDAP the Active Director groups the user is a member of:

try{
    subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");  
    Principal principal; 
    if (subject != null) {
        Iterator<Principal> principalsIt = subject.getPrincipals().iterator(); 
        while (principalsIt.hasNext()) { 
            principal = principalsIt.next(); 
            ldapGroups.add(principal.toString());
        } 
    } 
}catch (PolicyContextException e) {
    ...
}

In our new Spring Boot application, after login, we can use the Spring SecurityContextHolder to get user details:

Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String currentPrincipalName = authentication.getName();

This is how the user is being authenticated and authorized:

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.ldapAuthentication().userSearchFilter("(...)")
                .userSearchBase("...")
                .groupSearchBase("...").groupSearchFilter("member={0}").contextSource()
                .url("...").managerDn("...").managerPassword("...");
    }

    @Override
    protected void configure(HttpSecurity security) throws Exception {
        security.authorizeRequests().antMatchers("/*/**").permitAll().anyRequest().fullyAuthenticated().and()
                .formLogin().loginPage("/login").successHandler(new AuthenticationSuccessHandler() {
                    @Override
                    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                            Authentication authentication) throws IOException, ServletException {
                        redirectStrategy.sendRedirect(request, response, "/campaigns/myCampaigns");
                    }
                });

    }
}

Is there a way to modify the code which logs the user in, so that at the same time that they are authenticated and authorized, it also retrieves their groups at the same time. So far, the only examples I have found involve the use of LdapTemplate and making a separate call.

Thanks

Improve this question
3
  • there is too little information, how is the userdetails object built, how do you fetch the user in the spring boot application, etc. Voted to close needs more debugging details. Commented Jul 16, 2021 at 8:02
  • Edited question, hope it add what you want. Thank you very much. Commented Jul 20, 2021 at 11:01
  • so you are basically asking us to solve your problem. What have you tried? i don't even see any code of you even trying please read this meta.stackoverflow.com/questions/261592/… have you even read the documentation? Commented Jul 20, 2021 at 11:30
Related questions
2
How to obtain all LDAP groups in spring security
0
How do I get Active Directory groups when already authenticated through ldap Spring 3.0?
0
parse memberOf attribute to get group in spring security3
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.