tessl/maven-org-springframework-security--spring-security-ldap
Spring Security LDAP module providing comprehensive LDAP authentication and authorization capabilities for enterprise applications
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-org-springframework-security--spring-security-ldap@6.5.0index.mddocs/
Spring Security LDAP
Spring Security LDAP is a comprehensive Java library that provides LDAP (Lightweight Directory Access Protocol) authentication and authorization capabilities for Spring Security applications. It enables seamless integration with LDAP directory servers for user authentication, user details retrieval, and role-based access control, supporting both traditional and modern enterprise environments.
Package Information
- Package Name: org.springframework.security:spring-security-ldap
- Package Type: maven
- Language: Java
- Installation: Add to your Maven dependencies:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>6.5.1</version>
</dependency>For Gradle:
implementation 'org.springframework.security:spring-security-ldap:6.5.1'Core Imports
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.userdetails.LdapUserDetailsService;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.LdapUsernameToDnMapper;
import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper;Basic Usage
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
// Configure LDAP context source
DefaultSpringSecurityContextSource contextSource =
new DefaultSpringSecurityContextSource("ldap://localhost:389/dc=springframework,dc=org");
contextSource.setUserDn("cn=manager,dc=springframework,dc=org");
contextSource.setPassword("password");
// Configure user search
FilterBasedLdapUserSearch userSearch =
new FilterBasedLdapUserSearch("ou=people", "uid={0}", contextSource);
// Configure authenticator
BindAuthenticator authenticator = new BindAuthenticator(contextSource);
authenticator.setUserSearch(userSearch);
// Create authentication provider
LdapAuthenticationProvider authProvider = new LdapAuthenticationProvider(authenticator);Architecture
Spring Security LDAP is organized around several key architectural components:
- Context Management:
DefaultSpringSecurityContextSourcemanages LDAP connections and context operations - Authentication Strategies: Multiple authentication approaches including bind authentication and password comparison
- User Details Services: Integration with Spring Security's UserDetailsService for user information retrieval
- Search Strategies: Flexible user search implementations for locating users in LDAP directories
- Authorities Population: Automatic role and authority mapping from LDAP groups and attributes
- Server Integration: Support for embedded LDAP servers for testing and development
- Enterprise Features: Password policy support, Active Directory integration, and modern serialization
Capabilities
LDAP Authentication
Core authentication functionality supporting multiple authentication strategies including bind authentication and password comparison for flexible integration with different LDAP server configurations.
public class LdapAuthenticationProvider implements AuthenticationProvider {
public LdapAuthenticationProvider(LdapAuthenticator authenticator);
public Authentication authenticate(Authentication authentication) throws AuthenticationException;
public void setUserDetailsContextMapper(UserDetailsContextMapper mapper);
public void setAuthoritiesPopulator(LdapAuthoritiesPopulator authoritiesPopulator);
}User Details and Search
User details services and search implementations for retrieving user information from LDAP directories with comprehensive mapping and customization options.
public class LdapUserDetailsService implements UserDetailsService {
public LdapUserDetailsService(LdapUserSearch userSearch);
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
public void setUserDetailsMapper(UserDetailsContextMapper mapper);
}
public interface LdapUserSearch {
DirContextOperations searchForUser(String username);
}Context Management
LDAP context source and template classes for managing connections to LDAP servers with support for authentication, connection pooling, and operation execution.
public class DefaultSpringSecurityContextSource implements InitializingBean, DisposableBean {
public DefaultSpringSecurityContextSource(String providerUrl);
public void setUserDn(String userDn);
public void setPassword(String password);
public DirContext getReadOnlyContext() throws NamingException;
public DirContext getReadWriteContext() throws NamingException;
}
public class SpringSecurityLdapTemplate {
public SpringSecurityLdapTemplate(ContextSource contextSource);
public DirContextOperations searchForSingleEntry(String base, String filter, Object[] params);
public boolean authenticate(String base, String filter, Object[] params, String password);
}Authorities Population
Authority and role mapping from LDAP groups and attributes with customizable population strategies for complex authorization scenarios.
public interface LdapAuthoritiesPopulator {
Collection<? extends GrantedAuthority> getGrantedAuthorities(
DirContextOperations userData, String username);
}
public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
public DefaultLdapAuthoritiesPopulator(ContextSource contextSource, String groupSearchBase);
public void setGroupSearchFilter(String groupSearchFilter);
public void setGroupRoleAttribute(String groupRoleAttribute);
}Embedded Server Support
Embedded LDAP server containers for testing and development environments with support for Apache Directory Server and UnboundID implementations.
public class ApacheDSContainer implements InitializingBean, DisposableBean, Lifecycle {
public ApacheDSContainer(String root, String ldifs);
public void start();
public void stop();
public int getPort();
public void setPort(int port);
}Password Policy Support
LDAP password policy controls and exception handling for enterprise environments requiring advanced password management features.
public class PasswordPolicyControl extends BasicControl {
public static final String OID = "1.3.6.1.4.1.42.2.27.8.5.1";
public PasswordPolicyControl();
public PasswordPolicyControl(boolean criticality);
}
public enum PasswordPolicyErrorStatus {
PASSWORD_EXPIRED, ACCOUNT_LOCKED, CHANGE_AFTER_RESET,
PASSWORD_MOD_NOT_ALLOWED, MUST_SUPPLY_OLD_PASSWORD,
INSUFFICIENT_PASSWORD_QUALITY, PASSWORD_TOO_SHORT,
PASSWORD_TOO_YOUNG, PASSWORD_IN_HISTORY;
}JSON Serialization Support
Jackson JSON serialization support for Spring Security LDAP classes enabling serialization and deserialization of LDAP user details and authorities.
public class LdapJackson2Module extends SimpleModule {
public LdapJackson2Module();
public void setupModule(SetupContext context);
}Types
public interface LdapUserDetails extends UserDetails {
String getDn();
Attributes getAttributes();
}
public class LdapUserDetailsImpl implements LdapUserDetails, CredentialsContainer {
public String getDn();
public Attributes getAttributes();
// UserDetails implementation methods
public String getUsername();
public String getPassword();
public Collection<? extends GrantedAuthority> getAuthorities();
public boolean isAccountNonExpired();
public boolean isAccountNonLocked();
public boolean isCredentialsNonExpired();
public boolean isEnabled();
}
public interface UserDetailsContextMapper {
UserDetails mapUserFromContext(DirContextOperations ctx, String username,
Collection<? extends GrantedAuthority> authorities);
void mapUserToContext(UserDetails user, DirContextAdapter ctx);
}
public interface LdapAuthenticator {
DirContextOperations authenticate(Authentication authentication);
}
public interface LdapAuthoritiesPopulator {
Collection<? extends GrantedAuthority> getGrantedAuthorities(
DirContextOperations userData, String username);
}
public class LdapAuthority implements GrantedAuthority {
private final String role;
private final String dn;
public LdapAuthority(String role, String dn);
public String getAuthority();
public String getDn();
}
public interface LdapUsernameToDnMapper {
LdapName buildLdapName(String username);
@Deprecated
DistinguishedName buildDn(String username);
}
public class DefaultLdapUsernameToDnMapper implements LdapUsernameToDnMapper {
public DefaultLdapUsernameToDnMapper(String userDnBase, String usernameAttribute);
public LdapName buildLdapName(String username);
}