Spring Boot LDAP Authentication from scratch with Spring Security and LDAP Server

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone welcome back to talented developer in this video we are going to create spring boot L app authentication project from the scratch so what are the step we are going to follow we'll be building a spring boot application from the scratch using the Spring Security then we'll create aab server from the scratch then we'll try to add a user with the credential then we'll write our ldap authentication code in a spring boot application and we'll try to test our user login if everything works fine then we'll try to see what are the error and exception you might face during your ldap authentication and the last step will be like shortcut so using that one you can put your some of the ldap configuration code directly to the property file and you can reduce your code so first of all we have to create one spring boot application so what you can do so just open your web browser and search a spring initializer you can open this one here you can give your project name so I can say here com do learn you can put here L Au I'm going to select as mun you can select your Java version and you can select your dependency as a web then add a spring security and L daab you can click on generate after that you can extract your compress folder you can see project has been created now you can try to export this project into your ID currently I'm using Eclipse so you can click on file import Maven exit exting M project new you can select your project you can see pom.xml now click on finish so this is our entry point here you can see notation spring boot application and if you open here pom.xml I'm just going to comment this spring security for now only now we need to create One controller so before that let's try to open one spring document search spring ldap you you can open this link so in this document they have created one ldap authentication but they have used here LD file here we are not going to follow this approach we will see this in upcoming video for now we'll try to create user like realtime application so we need to copy one API let's copy for now and we'll put into our controller so before that we need to create One controller click on new class and you can give your controller name as a ldap authentication controller and you can give the package name here do controller click on finish and you can copy paste and put annotation on the top at theate rest controller now you have to import from this spring so one small spring boot application has been created let's run you can see here our spring boot application is running at Local Host 8080 Port so let's go here type Local Host 8080 you can see it is showing here welcome to the homepage correctly it's working fine but now what we'll do we'll try to implement our Spring Security so if the user is having the valid credential then we can see this message otherwise it will not show at all so now you can again come back to your pom.xml and try to UNC commmand that line now you can stop your server again try to run your application now try to load the same URL you can see now it is showing username and password this is the default feature of sping security Now we will go our second step our second step is what we have to create one ldap server from the scratch so here I'm going to use Apache directory Studio before that let's understand what is the benefit so generally elap means lightweight directory access protocol and using this one you can easily pyot role in a streaming line identity management even that you can Implement authentication and directory Services after that you can also also configure your network security and you can provide different kind of Access Controller to different kind of user download this one you can just go on Google and just search Apache directory Studio otherwise you can just check this video Once installation is done try to search Apache directory studio so you can see here this section is called ldap server so click on this icon new server here you can select Apache DS 2.0 using this one you can create your server so might be when you try to start the server it will show a stop so try to open your Apache directory Studio as a administrator otherwise try to use Java 11 because sometime Java 17 or 21 is causing the issue once your server is started then we have to create one connection so what you can do just right click and click on create connection so you can see our connection has been created and if you open here dit you can see OU that means organization unit as a system and here we have one U that is called admin so by default this will be created now if you want to know like what is our ldap URL so what you can do you can select anywhere and just click on properties you can see Here ldap Local Host 10389 this is our URL for ldap otherwise you what you can do just you can come in your connection also and you can just click on properties you will get entire details here so third step is what we have to create a user so what you can do just come to this OU equal to users here you can keep all the users so for now you can just try to add a user just select right click new new entry create entry from scratch here you can select inet organization person you can see it will add four object classes now click on next so our parent is what OU equal to users and it is inside the system you can see here OU equal to user users and OU equal to system now you can follow here CN that means common name and here I'm going to put the name like Ram so you can see the DN DN is what CN equal to Ram U equal to users and OU equal to system click on next and you can put here surname me here I can say Kumar and click on finish so we have created a user and if you click on properties this is the DN of that user DN means distinguished name and here we are going to add one field that will contain the user password so click on here new attribute and here you can see all the attribute if you want to add U ID photo and blah blah blah you can easily add so for now I'm going to add the user password you can click finish and here one popup will come here you can enter the password I'm just going to enter as a one 2 3 4 5 6 1 2 3 4 5 6 you can you can see this is our password now click on okay so one user has been created you can see the CN is what RAM and it is inside OU equal to system and OU equal to user so we have follow still step three now we'll try to create one a spring security file so if you see their document you can come down this is their web security config you can see they're putting annotation as a configuration and here they're doing security filter chain so what we can do just come right click here I can say security config file and put here package name as a config so we are going to override the sping security configuration so you can come and put annotation as a configuration and after that try to add here enable web security also now you can open that spring document and we are going to copy paste the security filter chain I will explain what it will do so currently we are using the latest spring so our all the configuration file our all the code will be latest only so now you can import it so here what will be happen here we are getting all the HTTP security and after that we are saying like okay whatever request is coming try to do the fully authentication and by default we are saying like Okay try to load here form login thing so now we are going as step four that means we are going to create here ldap authentication related code here we are going to follow two approach so first of all I am going to put all the ldap configuration in this security config do Java file only after that we'll try to play and then we'll put into properties file so in this security config we are going to create three bin first bin will be ldap template and in that one we'll try to pass the context source that context Source will come from the another bin that will call ldap context source and it will contain the lb configuration like URL user DN and password and once everything is ready then we'll create another bin that will call authentication manager and here we'll put the configuration related to the user like user DN or search give notation as a be and you can create one ldap template here try to load from the spring code now it will ask you to return your ldap template so what we'll do just copy this one and return here return new ldap template and here we are going to pass here context source so context Source means it will contain the ldap context source so what we'll do we just come again down and we'll create one bin just put here public ldap context source and here we'll try to create one ldap context source so first try to import please do not get confused we'll explain everything in detail So currently we'll be interacting with ldap using the ldap template that's why we have created one context and we'll put our entire ldap related configuration file and when the template will be load it will try to put into a spring security so we have created our ldap context Source we have to now add all the ldap configuration so just use here ldap context Source dot set URL so this will contain your ldap url so what you can do you can just open your ldap select anywhere OU or any user you can copy from L daab to your port number now what just copy and put here dot set user DN for now I'm just going to add here admin but I will show like without any credential also you can work I will try to add the value but before that just come here and put here set password so now we have to put what admin user DM so how you will get the admin user DN just open your L tab here we have admin so just come open the property and you can blandly copy the DN so we have copied the DN now we need some password here you can play here you can try to add some different user also now you can open now we need the password so what you can do you can see user password is here just double click and it will ask you to verify the password by default password will be secret just click on verify and you can see this is the actual password now you can add here so what we have done we have added our ldap URL we have also added one user DN and now we have added the password now try to return the context so we have added our ldap context Source our ldap template is also ready so whenever we'll run our application it will take the ldap template and it will try to get all the configuration thing from your ldap context Source now we have to create one Authentication manager so what you can do just come down and give a notation as a bean in the latest spring so many things has been changed so just use authentication manager try to import from Spring Security and here we have to pass base L path contact Source now what we'll do here we'll try to create one object for L bind authentication manager Factory and we'll try to return the authentication manager so whenever our spring application will be run it will get all the details whatever we have set for the ldap then it will create one authentication manager and after that it will try to work so try to create one object for ldap bind authentication manager Factory you can import and you can give here new and you can pass Source now we'll try to return Factory do create Authentication manager you can see here it will return the configure authentication manager that can be used to perform ldap authentication so if you see here it is showing what the type org. spring framework security. elap authentication bind authenticator cannot be resolved so now we have to import one more dependency so what you can do just copy this line and just come and type here MAV and that dependency name is Spring Security L app you can take the latest one copy this one open your pom.xml you can go to your dependency and try to add so now you can see here our security chain is also ready our ldap context is ready we have added the ldap credential now what will be the challenge here we have to say to our Java code like okay you can take the user from this OU currently don't know like okay I need to take from where so what you can do you can just come and try to do here factory do set user DN pattern so for now I am going with the CN if you have U ID you can proceed with the uid you can try to go with the unique thing but for now I'm just going CN it is just test project so what you can do just come here and type here CN equal to Open Bracket zero and close bracket try to pass here zero that means it will try to replace dynamically so here zero means currently it will treat like whatever username will pass it will understand like okay CN equal to that username so for now I have added the CN so now we have to add our OU also what you can do just come and right click and copy this and you can put comma and save it so for now I am just going to put entire DN here so here you can see CN and this will be replaced dynamically and after that the user is belong from users and this will belong entirely from system and this whole DN will be inside ldb URL so you can cross check also you can see here this is the actual URL you might need to check your URL and DN perfectly otherwise you can get exception so if you don't want to go this approach what you can do you can just come and you can put here like Factory dot set you can see here user search base user search filter according to your preference you can select anything now we have done everything so let's stop our server again try to run and we'll try to see like okay it's working or not you can refresh so our username is what Ram so you can see currently I'm going with CN that means common name and our password is what 1 2 3 4 4 5 6 now click on sign in you can see it is showing here welcome to the home page so how we can cross check like okay it is actually taking correct credential or not so what you can do just come stop your server and this time we'll try to pass different Ram one let's go with same password you can see here bad credential so actually it is going to your lb URL and from ldb it is taking that DN you can see here this is our DN and it is crosschecking okay this user is valid or invalid but if you see the spring document you can see they have gone with configur they put here autowire annotation and they have done this thing I really don't like this approach when I'm going with Dynamic data and if you try to notice their LD file also you can see they are putting only one password that is called encrypted here you can see otherwise all password is are like plain text so this is also another challenge you will face so what are the step we have mentioned we have currently follow maximum thing like first step is like we are going to create one spring boot application yes we have done then we have created one ldap server also yes that is also done then we have added the user with credential and after that we have added our ldap authentication code now I will tell you one more thing so in this sec you can comment this one why I will tell you so many times maybe your admin will be enable the URL but sometime if they will say like no without credential you cannot access on that time you have to definitely mention the user DN and password now you can stop the server and again try to run again come refresh type RAM and password you can see it is working fine without admin credential also the next step is like what are the exception you might face so first of all what I will do I will try to stop my ldap server just click on red you can see now my server is stopped now you can stop your sprot application and again try to restart try to reload the page now if you try to enter the credential you can enter correct credential also you can see here it is showing Local Host 10389 that means it is your ldap url when ever you will get this kind of message that means your ldap server is down if you want to again cross check what you can do you can come and you can see here connection refuse if you go on the top it will show every details here now this is the first thing the major problem where user will face when they will pass the DN of the user trust me you might also face this issue so how we can easily see our error so what we can do for now just start your server and you can try to open your lb band authentication manager Factory and here you can see it is going inside the spring framework security lb again you can open this one and just put your break point now just stop your server and try to run your project into debug mode this will be very interesting 1 2 3 4 5 6 click on sign in you can see internally it will call the authenticate method here you can see it is your username as RAM and the password is what 1 2 3 4 5 6 in case if your password having some wrong length you'll get this kind of message now let's come to this line I'll put some more break point so try to go for next one so here you can see the DN DN you can see this DN you can copy paste for your reference and open the notepad and you can copy paste here now now what will be happen it will open one function that is called bind with DN and it will again open the below function let's open this class perfectly put one breako here and here so now our full DN is what you can see CN equal to Ram o equal to user o equal to system this is same as whatever we just copy and after that it will try to pass your password and your full DN into get context source so using this approach what will be happen it will try to match okay your password is wrong or what now what will be happen if everything will be fine you will go at line number 113 at all you can see it's working fine so now user is what user is not null and user is not null then you can see some details here and after that you will see the next API page okay welcome to home now what I will do I will try to enter the wrong data so open this one and I will try to remove this system let's save and try to again run now refresh Intero credential 1 2 3 4 5 6 it will come here then go next then the DN see the DN you can again copy now go for next next next you can see now user is null then again null then you will get this message and after that you can see again it will try to go for bind with DN it will try to follow the search approach but if your credential is wrong definitely you will get error like bad credential so how you can cross check you can easily cross check using your CN so if you copy this whole URL and if you put here so you know this will be your L URL and this will be the DN this DN and this DN must has to be same otherwise you will get error like wrong Credence here so whenever you are building this kind of project please make sure like your ldap url is correct your DN is correct and there must be a user with that actual password so if everything is fine and you are getting wrong credential that means definitely your password is wrong now let's come to the last section here it is like bonus thing so I told you to write the big code for context Source then adap tempate so now we know need to write also there is a one small approach what we can do just come comment this line you can close you can set down your server you can again comment this line so now what we have currently we just have now authentication manager and now we have spring filter chain apart from that we are not going to keep anything so let's open your property file it will be inside the resource and here here we can add our ldap URL directly so what you can do just write here spring. ldap do URLs equal to you can copy paste whatever URL you have in your L daap save it and now try to run this one now come refresh 1 2 3 4 5 six so now you can see I just entered the correct credential but it is showing password is wrong because here we have removed another OU what was the OU it was OU equal to system just save stop your server so in case if you're getting this kind of is you can easily debug whatever approach I just told you now you can again come refresh use Ram 1 2 3 4 5 6 boom so you can see we are able to authenticate the user using the property file also now let's come for another learning thing what you can do you can just cut entire this thing no need to go that on you can just put your DN pattern here and here what you can do just come here and type spring dot ldap do base and you can copy paste no need to put comma here like in the beginning of OU equal to user so whatever we have done earlier like initially we have put our ldap URL and the base inside the Java file now we have moved into property file now you can come to your security file so currently we don't have anything we have just one security config class we have two annotation one is called configuration and second one is called enable web security here we have added security filter chain and here we are doing all the authentication manager here we are just putting our DN pattern if you have a uid you can start with uid now again you can start your server refresh type password I will try to enter wrong password see it is showing bad credential 1 2 3 4 5 6 boom perfectly working everything so whatever step we have planned we have achieved everything so I hope you understand how you can configure your ldap with a spring security using the latest spring code the document is showing using the L if definitely we learn but in upcoming video thanks for the watching entire video so if you really like this video you can subscribe and you can press on like button and feel free to deep diver into each step so in the next video we'll learn how to get the login user details that means once the user is login they can access this API similarly we'll create another API and once the login is successful then we'll try to send the login user details in the API [Music] response

Info

Channel: Talented Developer

Views: 7,408

Rating: undefined out of 5

Keywords: spring boot ldap authentication, Spring LDAP, Spring Security LDAP-based authentication, Authenticating a User with LDAP, Spring Security LDAP Authentication Example, ldap spring boot, ldap authentication spring boot, ldap auth, LDAP and DB authentication with Spring Security, ldap java, ldap spring boot security example, ldap tutorial java, java spring ldap, spring boot authentication, spring boot auth ldap, talented developer ldap, ldap, spring boot security, spring boot

Id: figTvA-MAZA

Channel Id: undefined

Length: 26min 21sec (1581 seconds)

Published: Fri Jan 12 2024