-1

We have developed a SSO application in spring boot using OAuth [LDAP/ Social Login]. Application has some public pages and some protected pages. The requirement is we want some contents on public pages based on authenticated users. The issue is once we login in one application and visit the public page of other application, the user principal is not available on public pages, unless we visit one of the protected pages of same application. Any suggestion/ sample to achieve this, would be helpful here. Below is my code for resource server.

public class SocialApplication extends WebSecurityConfigurerAdapter {
@Autowired
CustomLdapAuthoritiesPopulator ldapAuthoritiesPopulator;

@Autowired
CustomLogoutSuccessHandler customLogoutSuccessHandler;

@RequestMapping({ "/user", "/me" })
public Map<String, String> user(Principal principal) {
    Map<String, String> map = new LinkedHashMap<>();
    map.put("name", principal.getName());
    return map;
}

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/page1Prv");
}

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.antMatcher("/**").authorizeRequests().antMatchers("/login", "/index**", "/webjars/**").permitAll()
            .anyRequest().authenticated().and().authorizeRequests().anyRequest().fullyAuthenticated().and()
            .formLogin().loginPage("/login").defaultSuccessUrl("/").and().logout()
            .logoutSuccessHandler(customLogoutSuccessHandler).permitAll().and().csrf()
            .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
            .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
            //.userDetailsService(userDetailsService);

    http.httpBasic().and().authorizeRequests().anyRequest().authenticated().and().csrf().disable();
}

@Override
protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
    authenticationManagerBuilder.ldapAuthentication()
    .contextSource()
            .url("ldap://localhost:10389/dc=example,dc=com").managerDn("uid=admin,ou=system")
            .managerPassword("secret").and()
            .ldapAuthoritiesPopulator(ldapAuthoritiesPopulator)
            .userSearchBase("ou=users").userSearchFilter("(cn={0})");
}


@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.antMatcher("/me").authorizeRequests().anyRequest().authenticated();
    }
}

public static void main(String[] args) {
    SpringApplication.run(SocialApplication.class, args);
}

}

Hassan Khan
  • 1
  • 1

1 Answers1

0

I returned the Principal object from user(). see below code, and it solved my problem. @RequestMapping({ "/user", "/me" }) public Principal user(Principal principal) { return principal; }

Hassan Khan
  • 1
  • 1