I would like to do ldap authentication in spring boot security but take roles and other information ( like user region ) from a db.
I came up to a UserDetaisContextMapper impl like:
@Component
public class UserDetailsContextMapperImpl implements UserDetailsContextMapper {
@Autowired
private UserService userService;
@Override
public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
UserDetails userWithRoles = userService.enhanceWithRoles(username, new String((byte[]) ctx.getObjectAttribute("userPassword")));
return userWithRoles;
}
@Override
public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
}
}
This component is being used like this:
@Configuration
@EnableMethodSecurity
public class LdapSecurityConfig {
private final UserDetailsContextMapperImpl userDetailsContextMapperImpl;
public LdapSecurityConfig(UserDetailsContextMapperImpl userDetailsContextMapperImpl) {
this.userDetailsContextMapperImpl = userDetailsContextMapperImpl;
}
@Bean
public UserDetailsService userDetailsService() {
var cs = new DefaultSpringSecurityContextSource(
"ldap://127.0.0.1:33389/dc=springframework,dc=org");
cs.afterPropertiesSet();
var manager = new LdapUserDetailsManager(cs);
manager.setUsernameMapper(new DefaultLdapUsernameToDnMapper("ou=groups",
"uid"));
manager.setUserDetailsMapper(userDetailsContextMapperImpl);
manager.setGroupSearchBase("ou=groups");
return manager;
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
In the UserDetailsContextMapperImpl I am forced to pass the password to the service because you can't construct a UserDetail with an empty password.
But I find this to be a hack, because I don't need the password since I know that the authentication succeeded.
What can I do in order to use LDAP authentication but don't care about the password and retrieve the roles from a user repository ?