Here we will learn about spring security ldap authentication, authorisation and security related stuff with the help of LDAP Server. Active directory is an LDAP implementation by Microsoft for Windows. Current tutorial will use AD as LDAP server.
Technology Used
- Spring Security 3.1 (Requires Java1.5 and Spring 3.0.6)
- Spring 3.0.6
- Java 1.6
Configuring LDAP Authentication Provider
<authentication-manager>
<authentication-provider ref="ldapActiveDirectoryAuthProvider"/>
</authentication-manager>
<bean id="ldapActiveDirectoryAuthProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<!--Domain Name-->
<constructor-arg value="abc.com" />
<!--LDAP URL-->
<constructor-arg value="ldap://abc.com:339/" />
</bean>
This is it. You don’t need to provide any other configuration.
Note here we have provided port no as 339. Which is the port for ldap. But if you want to use ldaps then port no would be 636.
If you are using ldaps you might face error like
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Reason for above error is that Certificate returned during SSL handshake is not signed by any authority in simple word there is no Certificate configured in your JRE keystore.
To resolve this error you need to add returned certificate from LDAP server in your JRE keystore either in cacerts or jssecacerts. These two files are inside “C:Program FilesJavajdk1.6.0jrelibsecurity” folder. You can use “InstallCert.java” open source program for this purpose. It will add the certificate in keystore.
Great post. I really love it