How to use active directory over LDAP for authorization only using spring security3.1

[jdeveloper04]

Hi All,

I am new to spring security. We built a security framework with active directory over LDAP by using plain filters and java classes. But we are planning to move that to spring security and use spring security only for authorization authentication is done through siteminder. Can you please provide me the guidance about how to use pre-authentication filters in this case?

Thanks.

[jdeveloper04]

Any ideas/comments?

[Rob Winch]

Please refer to the Pre-Authentication Scenarios section of the reference.

[jdeveloper04]

Rob,

As I mentioned earlier we are using siteMinder for authentication. Once the user is authenticated HTTP cookie is set with SSO (User) id only, no password details are maintained in that cookie. I have reviewed the Pre-Authentication Scenarios section of the reference. Based on the notes user id and password both are required to create authentication token. How can I handle that in my scenario?

Thanks

[jdeveloper04]

Rob,

Just reviewed the source code for RequestHeaderAuthenticationFilter. My earlier question is answered. But have another question about UserDetailsService. Can we implement this class to read data from Active directory?

[Rob Winch]

Yes you can easily provide a custom UserDetailsService implementation. Alternatively, you may be able to use <ldap-userdetails-service> to leverage the built in LdapUserDetailsService.

[jdeveloper04]

Rob,

Thanks for the quick reply. I have reviewed the following classes for implementing LdapUserDetailsService.

1. FilterBasedLdapUserSearch

2. SpringSecurityLdapTemplate

FilterBasedLdapUserSearch calls searchForSingleEntry(SpringSecurityLdapTemplate) method to search for user in LDAP. But we are using Actvie directory over LDAP. Do you see any issue with the way DirContext object is created in searchForSingleEntry method. if yes then how can I solve that issue?