0

Currently, I'm authenticating against a LDAP server using Spring Security. This is really an Active Directory, so users have to enter their Windows user and password to login into Windows, and then the same user and password to login into this app. This is driving my users crazy.

Is there a way to instruct Spring to use Windows' credentials if the browser provides them, and show the login form otherwise?

This is my current configuration:

<security:http auto-config="true" use-expressions="true">
    <security:intercept-url pattern="/admin/**"
        access="hasRole('ADMIN')" />
    <security:intercept-url pattern="/**"
        access="isAuthenticated()" />
</security:http>

<security:ldap-server id="ldapServer"
    url="ldap://ldapserver:389/OU=Users,OU=Prod,DC=hhh,DC=org"
    manager-dn="xxx@hhh.org" manager-password="xxx" />
<security:authentication-manager alias="ldapAuthenticationManager">
    <security:ldap-authentication-provider user-context-mapper-ref="userContextMapper"
        user-search-filter="(sAMAccountName={0})"/>
</security:authentication-manager>

Where userContextMapper is a class I implemented to load my user entity.

Terry Gardner
  • 10,957
  • 2
  • 28
  • 38
zootropo
  • 2,441
  • 3
  • 31
  • 48
  • 1
    Welcome to the realm of single-sign-on. You need to use integrated windows authentication. That requires a bit of non-trivial configuration. Check spring-security-kerberos project. – Pavel Horal Nov 11 '13 at 13:49
  • 1
    you may want to have a look at waffle http://dblock.github.io/waffle/. I believe it integrates with spring. May need to do some research though. – arajashe Nov 11 '13 at 13:52

0 Answers0