- 1 year ago
How to get Windows AD Token in Spring Boot?
Comment
1 / 1
To obtain a Windows Active Directory (AD) token in a Spring Boot application, you can leverage Spring Security along with the Spring Security Kerberos extension. The Kerberos protocol allows for authentication with Active Directory. Here's a general outline of the steps involved:
- Add Dependencies: Include the necessary dependencies in your Spring Boot project's
pom.xmlfile:
xml<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.extensions</groupId>
<artifactId>spring-security-kerberos-core</artifactId>
</dependency>
- Configure Spring Security: Configure Spring Security to enable Kerberos authentication in your
application.propertiesorapplication.ymlfile:
For application.properties:
properties# Kerberos settings
spring.security.kerberos.service-principal = HTTP/{hostname}@{realm}
spring.security.kerberos.keytab = /path/to/keytab/file.keytab
spring.security.kerberos.realm = YOUR_REALM
For application.yml:
yaml# Kerberos settings
spring:
security:
kerberos:
service-principal: HTTP/{hostname}@{realm}
keytab: /path/to/keytab/file.keytab
realm: YOUR_REALM
Replace {hostname} with the hostname of your application server, and {realm} with the name of your AD realm.
- Enable Kerberos Authentication in Security Configuration: Create a security configuration class that enables Kerberos authentication and configures the necessary beans. For example:
javaimport org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider;
import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
import org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic().disable()
.csrf().disable()
.sessionManagement().disable()
.addFilterBefore(
spnegoAuthenticationProcessingFilter(authenticationManagerBean()),
SpnegoAuthenticationProcessingFilter.class
);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(kerberosAuthenticationProvider())
.authenticationProvider(kerberosServiceAuthenticationProvider());
}
// Kerberos authentication provider
public KerberosAuthenticationProvider kerberosAuthenticationProvider() {
return new KerberosAuthenticationProvider();
}
// Service authentication provider for Kerberos
public KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider() {
return new KerberosServiceAuthenticationProvider();
}
// SPNEGO authentication processing filter
public SpnegoAuthenticationProcessingFilter spnegoAuthenticationProcessingFilter(
AuthenticationManager authenticationManager) {
SpnegoAuthenticationProcessingFilter filter = new SpnegoAuthenticationProcessingFilter();
filter.setAuthenticationManager(authenticationManager);
return filter;
}
}
- Access AD Token in Controller: Once the authentication is successful, you can access the AD token in your controller by injecting the
Authenticationobject and retrieving the necessary details. For example:
javaimport org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController