Custom solution utilizing modified Spring Security LDAP seamlessly integrating Active Directory as an additional authentication mechanism.

Some of the problems included:

  • Company’s product required authenticating its users with credentials stored in Active Directory server
  • Default role mapping behavior of Spring Security built-in Active Directory authentication provider could not be used
  • Default user mapping behavior of Spring Security built-in LDAP authentication provider could not be used

Some of the solutions applied included:

  • Researching and prototyping to understand whether Spring Security built-in support for Active Directory authentication can be used
  • Implementing custom LDAP authorities populator for retrieving groups assigned to given user from ‘memberOf’ attribute
  • Implementing custom LDAP authorities mapper for mapping AD/LDAP groups to roles used in Company’s product
  • Implementing custom LDAP user details context mapper so instance of object used in Company’s product is returned after successful authentication instead of the default LdapUserDetails
  • Enabling optional usage of Active Directory authentication mechanism or the default database authentication mechanism or both mechanisms without requiring recompilation of Company’s product, utilizing different Spring bean profiles

Technology stack

  • Java
  • Spring
  • Spring Security LDAP
  • OSGi
  • Apache Aries Blueprint

Industry

IT