springboot - basic ActiveDirectory auth then JWT token

Question

Has anyone got a working example of this in a springboot app?

1. /auth controller where user provides ActiveDirectory credentials (either via basic auth or a POST json) and receives a JWT token if they provided valid AD credentials. No LDIF file should be involved, the Springboot app will verify the credentials against an ldaps://ActiveDirectoryhost:636 endpoint
2. /myapi controller which only works if valid JWT token from step1 (above) sent in 'Authorization Bearer' heading

I have not found any example blogs/guides with this setup but I believe this would be a common security setup unless I am mistaken? No jpa/hibernate/persistence/mysql/postgres/H2db connections should be involved All examples I found online either are just JWT, or just LDAP, or use LDIF or use some H2/postgres to store credentials.

Answer 1

This worked:

JWT from https://github.com/merugu/springsecurity/tree/master/ldapauthenticationjwttoken

AD from https://medium.com/@dmarko484/spring-boot-active-directory-authentication-5ea04969f220

Had to upgrade the github jwt repo to springboot 2.0.5 and add setSearchFilter {1} (https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.html) to AD

This 2nd option also worked on Springboot 1.5: Spring security switch to Ldap authentication and database authorities (https://stackoverflow.com/a/34658755) on top of https://github.com/cnapagoda/spring-boot-basic-auth