Spring Security Active Directory Integration
Authenticate a Spring web application deployed on Windows NTLM network using ActiveDirectory, manage Roles in web application (custom authorization), and simulate a single-sign-on environment. When a (windows) authenticated user accesses the app's url, he would be redirected to the home page.
- Get Kerberos + NTLM using Waffle Filter and Spring Security
- Integrates well with Spring Security
- IIS Server is not required as a pass through authentication mechanism for Active Directory
- Reference guide
- Switch between "ldap-local-security" (dev) and "waffle-security-filter" (prod) strategies
- A change of strategy will only require a new authentication strategy (few classes) as the spring authorization piece is generic.
What about Spring Security LDAP?å
- Spring LDAP Security Reference
- Spring uses ActiveDirectoryLdapAuthenticationProvider, which delegates the work to LdapAuthenticator and LdapAuthoritiesPopulator for authenticating user and retrieving GrantedAuthoritys. UserDetails can be populated using DefaultLdapAuthoritiesPopulator.
- With the correct users.ldif (sample ldap user info) app works for authentication/authorization. However single-sign on in prod env needs additional filters and customization.
What about Spring Security Kerberos/SPNEGO Extension?
- Spring's reference example extension needs server side configuration (setup kerberos etc.,) -- not be "out of the box"