1
1
.
.
5
5
.
.
2
2
L
L
D
D
A
A
P
P
I
I
n
n
f
f
o
o
[
[
G
G
]
]
LDAP Encoder uses
random salt to generate different Password Hash every time
matches() Method to compare Stored Encoded Password with the Entered Raw Password
There are two Maven dependencies that you can use to work with LDAP Encoder
spring-security-core will not add Login Form
spring-boot-starter-security will add Login Form (this one is added when you select Security Spring Boot Starter)
pom.xml (this one will not add Login Form)
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>
pom.xml (this one will add Login Form)
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
E
E
x
x
a
a
m
m
p
p
l
l
e
e
In this tutorial User is defined inside application.properties.
But instead of providing Password in raw format we will provide LDAP Encoded Password.
mypassword gets encoded into {SSHA}xK8jUaSvNK39bRn6bOCKa8hU9yzRfNoNkQF7Eg==.
Inside the Controller we have added "/EncodePassword" Endpoint which you can use to encode other Passwords.
Inside WebSecurityConfig.java we have allowed Anonymous Access to this Endpoint. If you want to use another password
Start Application
call Endpoint http://localhost:8080/EncodePassword?password=anotherpassword
copy result into application.properties under spring.security.user.password
Restart Application
try to access http://localhost:8080/Hello
in the Login Form type anotherpassword
Application Schema [Results]
Spring Boot Starters
GROUP
DEPENDENCY
DESCRIPTION
Web
Spring Web
Enables @Controller, @RequestMapping and Tomcat Server
Security
Spring Security
Enables Spring Security
http://localhost:8080/EncodePassword
?password=mypassword
Tomcat
Browser
http://localhost:8080/Hello
hello()
encodePassword()
P
P
r
r
o
o
c
c
e
e
d
d
u
u
r
r
e
e
Create Project: springbott_security_passwordencoders_ldap (add Spring Boot Starters from the table)
Edit File: application.properties (add Role, User, Password)
Create Package: controllers (inside main package)
Create Class: MyController.java (inside package controllers)
Create Package: config (inside main package)
Create Class: WebSecurityConfig.java (inside package config)
application.properties
# SECURITY
spring.security.user.name = myuser
spring.security.user.password = {SSHA}xK8jUaSvNK39bRn6bOCKa8hU9yzRfNoNkQF7Eg==
spring.security.user.roles = USER
MyController.java
package com.ivoronline.springbott_security_passwordencoders_ldap.controllers;
import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class MyController {
@ResponseBody
@RequestMapping("/EncodePassword")
public String encodePassword(@RequestParam String password) {
//GET PASSWORD ENCODER
PasswordEncoder passwordEncoder = new LdapShaPasswordEncoder();
//ENCODE PASSWORD
String encodedPassword = passwordEncoder.encode(password);
//RETURN ENCODED PASSWORD
return encodedPassword;
}
@ResponseBody
@RequestMapping("/Hello")
public String hello() {
return "Hello from Controller";
}
}
WebSecurityConfig.java
package com.ivoronline.springbott_security_passwordencoders_ldap.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//====================================================================
// PASSWORD ENCODER
//====================================================================
@Bean
PasswordEncoder passwordEncoder() {
return new LdapShaPasswordEncoder();
}
//====================================================================
// CONFIGURE
//====================================================================
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests().antMatchers("/EncodePassword").permitAll(); //Anonymouse Access
httpSecurity.authorizeRequests().anyRequest().authenticated(); //Authenticated Access
httpSecurity.formLogin(); //Default Logn Form
}
}