'How to replace an user's authentication 'http.formLogin()' with a form that is on another frontend server?
Inside a class that extends WebSecurityConfigurerAdapter, I have this authencitation method. I store my users inside an Active Directory.
@Override
public void configure(AuthenticationManagerBuilder auth) {
ActiveDirectoryLdapAuthenticationProvider adProvider
= new ActiveDirectoryLdapAuthenticationProvider("domain.com", "ldap", "ou, dc");
adProvider.setConvertSubErrorCodesToExceptions(true);
adProvider.setUseAuthenticationRequestCredentials(true);
adProvider.setUserDetailsContextMapper(userDetailsContextMapper());
auth.authenticationProvider(adProvider);
}
I used to use a http.formLogin() for testing purpose. Whenever I call localhost:80/security I had to write my username and password in the form.
This method was perfect for testing my connexion to the AD.
But now, I have my frontend in a different server. So here is my question, where should I pass the username and the password to the authentication method ?
How can I hardcode the username and the password and authenicate to my Active Directory ? (for testing only now, after I'm going to use filters and controllers after).
I hope my question is clear.
Solution 1:[1]
You have mixed two different questions: How to create outer login page and How to integrate your application with ActiveDirectory.
For single-page applications, your API should send a 200 response along with the user data, or a 4xx response. This can be done by supplying your own handlers, like this (pseudocode just show the idea):
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
...
.successHandler(your authentication success handler object)
.failureHandler(your authentication failure handler object)
.and()
.logout()
...
.logoutSuccessHandler(your logout success handler object)
.and()
.exceptionHandling()
.authenticationEntryPoint(new Http403ForbiddenEntryPoint())
...
}
For example, these are coded as below.
Authentication success handler:
@Component
public class AuthSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
@Autowired
private ObjectMapper objectMapper;
@Autowired
private MyService myService;
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
response.setStatus(HttpServletResponse.SC_OK);
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
AbstractUser currentUser = myService.userForClient();
response.getOutputStream().print(
objectMapper.writeValueAsString(currentUser));
clearAuthenticationAttributes(request);
}
}
In summary, it returns a response code 200 with the JSONified current user in the response data.
Authentication failure handler
In fact, there is no need to code a class for the authentication failure handler - the SimpleUrlAuthenticationFailureHandler provided by Spring, if instantiated without any arguments, works as desired.
Logout success handler
public class MyLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
response.setStatus(HttpServletResponse.SC_OK);
}
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 |