Following is a typical example of what I've found on the Internet for Authenticating to Active Directory using LDAP.
package com.test;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider("domain.org",
"ldap://activedirectory-url:389");
adProvider.setConvertSubErrorCodesToExceptions(true);
adProvider.setUseAuthenticationRequestCredentials(true);
auth.authenticationProvider(adProvider);
}
}
Let's say I have a user XYZ with password 123 which I enter into the login form. How would this security configuration pickup my credentials and verify them against the Active Directory server?
Why does Active Directory not require a ManagerDn, ManagerPassword, or Username or Userpassword. I fail to understand how it would Authenticate without the aforementioned information.
Normally with ldapAuthentication I would provide such details in the ContextSource, like so:
but I can't seem to find how do this with ActiveDirectoryLdapAuthenticationProvider .
I checked the class's documentation and was unable to understand how it receives and processes the userCredentials