Hack the Problem

Creating a simple endpoint in Java and Spring Boot to authenticate using Active Directory

Written by

imoliveira88

in

Well, guys, how are you doing? Yes, I’ll be quite straightforward: I’ll show you a working code in Java using the framework Spring Boot and Windows Server Active Directory.

Let me contextualize: you have Active Directory running in a Windows Server machine (not necessarily on the same machine as the current code) and, in order to harness the users’ authentication data from the company domain as the authentication method of a third-party software, you have to create an endpoint and make it available to the other software. You don’t need a VIEW in the MVC Architecture.

Model class: AuthenticationRequest

public class AuthenticationRequest {
    private String username;
    private String password;

    // Getters and setters
    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }
}

RestController: AuthenticationController

import model.AuthenticationRequest;
import java.util.Hashtable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.http.ResponseEntity;
import org.springframework.http.HttpStatus;
import javax.naming.*;
import javax.naming.directory.*;

@RestController
public class AuthenticationController {

    @PostMapping("/authenticate")
    public ResponseEntity<String> authenticateUser(@RequestBody AuthenticationRequest request) {
        try {
            String username = request.getUsername();
            String password = request.getPassword();

            boolean isAuthenticated = authenticateWithActiveDirectory(username, password);

            if (isAuthenticated) {
                return new ResponseEntity<>("User authenticated successfully", HttpStatus.OK);
            } else {
                return new ResponseEntity<>("Authentication failed", HttpStatus.UNAUTHORIZED);
            }
        } catch (Exception e) {
            // Log the exception or handle it appropriately
            e.printStackTrace();
            return new ResponseEntity<>("Authentication failed. Erro", HttpStatus.UNAUTHORIZED);
            // return new ResponseEntity<>("An error occurred during authentication", HttpStatus.INTERNAL_SERVER_ERROR);
        }
    }

    private boolean authenticateWithActiveDirectory(String username, String password) {
        String ldapURL = "ldap://192.168.0.2:389";

        Hashtable<String, String> env = new Hashtable<>();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, ldapURL);
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, username + "@intranet.company.com.br");
        env.put(Context.SECURITY_CREDENTIALS, password);

        try {
            DirContext context = new InitialDirContext(env);
            System.out.println("Conexão bem sucedida!");
            context.close();
            return true;
        } catch (AuthenticationException authEx) {
            System.out.println("Autenticação falhou: " + authEx.getMessage());
            return false;
        } catch (NamingException nex) {
            System.out.println("Falha ao tentar conectar com o servidor LDAP: " + nex.getMessage());
            return false;
        }
    }
}

Main Class

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class MainApplication {

    public static void main(String[] args) {
        SpringApplication.run(MainApplication.class, args);
    }
}

application.properties file

logging.level.org.springframework=INFO
logging.level.com.example=DEBUG

server.port=8444
server.ssl.keystore=file:/C:/xampp/ssl/certificates/keystore.p12
server.ssl.key-store-type=PKCS12
server.ssl.key-store-password=pass
server.ssl.key-alias=endpoint

An important information is that we call this endpoint through an HTTPS POST request, so we need to generate the keystore.p12 file from the certificate provided by the certification authority. In case you don’t need to use SSL, you won’t need to worry about the last part of the previous file.

Well… I have nothing else to say about it. It’s done! But… ah, yes! Before I go, let me remind you: please execute the Main Class and it will start your application server (like Tomcat), and your endpoint will be ready to receive and handle HTTPS requests.

By Igor Magalhães Oliveira

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts