spring-bootcookiestokenspring-security-ldap

Returning a cookie or token with LDAP authentication in Spring security


All:

I have a basic program for Ldap authentication which returns a "Principal User "

package com.bpm.cbl.premium.controller;

import java.security.Principal;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.PostConstruct;


@RestController
@RequestMapping("custom")

public class LDAPAuthController {
    
    public static String domain;
    public static String URL;
    
    @Value("${activedirectory.domain}")
    private  String adDomain;
    
    @Value("${activedirectory.url}")
    private String adURL;
    
    @PostConstruct
    public void init(){
        domain = adDomain;
        URL = adURL;
    }

  @GetMapping("/user-login")
  @ResponseBody
  public Principal user(Principal user) {
     return user;
  }

 
  @Configuration
  @Order(SecurityProperties.BASIC_AUTH_ORDER)
  protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
      
  
    @Override
    protected void configure(HttpSecurity http) throws Exception {
      http
        .httpBasic().and()
        .logout().and()
        .authorizeRequests()
        .antMatchers("/index.html", "/", "/home", "/login", "/assets/**").permitAll()
        .anyRequest().authenticated()
        .and()
        .csrf()
        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
    }

    @Bean
    public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
        ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider = new
        ActiveDirectoryLdapAuthenticationProvider(domain, URL);
      return activeDirectoryLdapAuthenticationProvider;
    }

}
}

I dont know how to return a cookie or token instead of a object .. Iam new to spring security..Can someone help pls I have reference to another post but not sure whether it will work how to achieve Ldap Authentication using spring security(spring boot)

Can someone pls provide some inputs pls


Solution

  • Ok I got a solution; Posting for the benefit of all..

    There are lot of confusing articles in the internet and many forums but it is very simple

    Replace the function under @GetMapping("/user-login") above with a function that returns the cookie in the respose body.. Pass httpserveletresponse as argument for the function along with any other arguments needed.. Thats it the cookie will be returned in the response header;