3

According to thymeleaf security page I can get the logged username and roles as below:

Logged user: <span sec:authentication="name">Bob</span>
Roles: <span sec:authentication="principal.authorities">[ROLE_USER, ROLE_ADMIN]</span>

I have a web application where authentication is done through active directory using ActiveDirectoryLdapAuthenticationProvider as below:

@Bean
@Override
public AuthenticationManager authenticationManager() {
    return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
}

@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
    ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(adDomain,
            adUrl);
    provider.setConvertSubErrorCodesToExceptions(true);
    provider.setUseAuthenticationRequestCredentials(true);  

    return provider;
}

Then after the user logged in I have a header page that I use in all my pages with the above sec:authentication="name" thymeleaf tag to show the username, but I wanted to see if there's a way to show the full name instead.

Solution suggested here is not working for me:

I'm using: thymeleaf-extras-springsecurity5

and using: <span th:text ="${#authentication.getPrincipal().getUser().getFirstName()}"></span>

Is giving me: Method getUser() cannot be found on type org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

It seems this information comes from: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl and there just a few options are, like the username, but not the rest of the information an AD can have.

Somebody
  • 2,667
  • 14
  • 60
  • 100

1 Answers1

2

This is how I solved my issue:

First

I added to the provider an UserDetailsContextMapper with org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper as below:

@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
  ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(adDomain, adUrl);
  provider.setConvertSubErrorCodesToExceptions(true);
  provider.setUseAuthenticationRequestCredentials(true);          
  provider.setUserDetailsContextMapper(userDetailsContextMapper());  <---

  return provider;
}

@Bean
public UserDetailsContextMapper userDetailsContextMapper() {
  return new LdapUserDetailsMapper() {
      @Override
      public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
          InetOrgPersonContextMapper personContextMapper = new InetOrgPersonContextMapper();
          return personContextMapper.mapUserFromContext(ctx, username, authorities);                  
      }           
  };
}

Second

Then in my header page I added:

<span th:text ="${#authentication.getPrincipal().getDisplayName()}"></span>

To display the full name.

With this approach you also have access to show all other AD related fields such as:

<span th:text ="${#authentication.getPrincipal().getMail()}"></span>
<span th:text ="${#authentication.getPrincipal().getTelephoneNumber()}"></span>
<span th:text ="${#authentication.getPrincipal().getRoomNumber()}"></span>
Somebody
  • 2,667
  • 14
  • 60
  • 100
  • Hi I tried the same approach that you mentioned. for me UI is broken and the values are not getting displayed. Which version of Springboot, Spring security and thymeleaf are you using? – vrh Feb 04 '21 at 13:57