What is a proper way to add roles to the authentication Spring Boot with LDAP

Multi tool use
Multi tool use












0














I'd like to add a role-system to my spring-boot application. For the moment I use the default spring-boot-security-starter-login page and simply added an LDAP-Authentication for authenticating the login. Now the roles should come from my database. I would like to use the following setup:



CREATE TABLE IF NOT EXISTS MY_SYSTEMROLE (
ID int PRIMARY KEY AUTO_INCREMENT,
NAME varchar(255) NOT NULL,
CONSTRAINT UC_SYSTEMROLENAME UNIQUE (NAME)
);
CREATE TABLE IF NOT EXISTS MY_USER (
SAP_PERSONAL_ID int(32) PRIMARY KEY AUTO_INCREMENT,
LASTNAME varchar(255),
FIRSTNAME varchar(255),
SHORTHAND varchar(128) NOT NULL,
SYSTEMROLE_ID int,
FOREIGN KEY (SYSTEMROLE_ID) REFERENCES MY_SYSTEMROLE(ID)
);


Now the user is authenticating via AD with the MY_USER.SHORTHAND-attribute.



INSERT INTO MY_SYSTEMROLE (NAME) VALUES ('ADMIN'); #ID 1
INSERT INTO MY_SYSTEMROLE (NAME) VALUES ('USER'); #ID 2

INSERT INTO MY_USER (LASTNAME, FIRSTNAME, SHORTHAND) VALUES ('Boo', 'Hoo', 'FOO', '2'); #Role: USER


So I tried to set up a dashboard that has this List:



<ul>
<li><a routerLinkActivate="active" routerLink="/adminView">AdminView</a></li>
<li><a (click)="logout()">Logout</a></li>
</ul>


And only users with the role ADMIN should have access to the AdminView. Now I found out, that I could use the authentication.getAuthorities() to receive Authorities (obviously). That means I could set up a controller that returns the role for the logged in user to the frontend.



Yet, what is a proper way to add the ROLE to the authorities? I could - when the user is successfully authenticated (so redirected to the dashboard) make an API call from the frontend to the backend and ask for the roles from database and assign them, but that does not really sound like a 'clean' idea or good practice.



My LDAP-Authentication:



@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Value("${ad.domain}")
private String AD_DOMAIN;

@Value("${ad.url}")
private String AD_URL;

private final Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);

@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin().and().httpBasic();
http.formLogin().defaultSuccessUrl("/", true);
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
}

@Bean
public AuthenticationManager authenticationManager() {
return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
}

@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(AD_DOMAIN,
AD_URL);
provider.setConvertSubErrorCodesToExceptions(true);
provider.setUseAuthenticationRequestCredentials(true);
return provider;
}
}









share|improve this question



























    0














    I'd like to add a role-system to my spring-boot application. For the moment I use the default spring-boot-security-starter-login page and simply added an LDAP-Authentication for authenticating the login. Now the roles should come from my database. I would like to use the following setup:



    CREATE TABLE IF NOT EXISTS MY_SYSTEMROLE (
    ID int PRIMARY KEY AUTO_INCREMENT,
    NAME varchar(255) NOT NULL,
    CONSTRAINT UC_SYSTEMROLENAME UNIQUE (NAME)
    );
    CREATE TABLE IF NOT EXISTS MY_USER (
    SAP_PERSONAL_ID int(32) PRIMARY KEY AUTO_INCREMENT,
    LASTNAME varchar(255),
    FIRSTNAME varchar(255),
    SHORTHAND varchar(128) NOT NULL,
    SYSTEMROLE_ID int,
    FOREIGN KEY (SYSTEMROLE_ID) REFERENCES MY_SYSTEMROLE(ID)
    );


    Now the user is authenticating via AD with the MY_USER.SHORTHAND-attribute.



    INSERT INTO MY_SYSTEMROLE (NAME) VALUES ('ADMIN'); #ID 1
    INSERT INTO MY_SYSTEMROLE (NAME) VALUES ('USER'); #ID 2

    INSERT INTO MY_USER (LASTNAME, FIRSTNAME, SHORTHAND) VALUES ('Boo', 'Hoo', 'FOO', '2'); #Role: USER


    So I tried to set up a dashboard that has this List:



    <ul>
    <li><a routerLinkActivate="active" routerLink="/adminView">AdminView</a></li>
    <li><a (click)="logout()">Logout</a></li>
    </ul>


    And only users with the role ADMIN should have access to the AdminView. Now I found out, that I could use the authentication.getAuthorities() to receive Authorities (obviously). That means I could set up a controller that returns the role for the logged in user to the frontend.



    Yet, what is a proper way to add the ROLE to the authorities? I could - when the user is successfully authenticated (so redirected to the dashboard) make an API call from the frontend to the backend and ask for the roles from database and assign them, but that does not really sound like a 'clean' idea or good practice.



    My LDAP-Authentication:



    @Configuration
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${ad.domain}")
    private String AD_DOMAIN;

    @Value("${ad.url}")
    private String AD_URL;

    private final Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);

    @Override
    protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin().and().httpBasic();
    http.formLogin().defaultSuccessUrl("/", true);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
    }

    @Bean
    public AuthenticationManager authenticationManager() {
    return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
    }

    @Bean
    public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
    ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(AD_DOMAIN,
    AD_URL);
    provider.setConvertSubErrorCodesToExceptions(true);
    provider.setUseAuthenticationRequestCredentials(true);
    return provider;
    }
    }









    share|improve this question

























      0












      0








      0







      I'd like to add a role-system to my spring-boot application. For the moment I use the default spring-boot-security-starter-login page and simply added an LDAP-Authentication for authenticating the login. Now the roles should come from my database. I would like to use the following setup:



      CREATE TABLE IF NOT EXISTS MY_SYSTEMROLE (
      ID int PRIMARY KEY AUTO_INCREMENT,
      NAME varchar(255) NOT NULL,
      CONSTRAINT UC_SYSTEMROLENAME UNIQUE (NAME)
      );
      CREATE TABLE IF NOT EXISTS MY_USER (
      SAP_PERSONAL_ID int(32) PRIMARY KEY AUTO_INCREMENT,
      LASTNAME varchar(255),
      FIRSTNAME varchar(255),
      SHORTHAND varchar(128) NOT NULL,
      SYSTEMROLE_ID int,
      FOREIGN KEY (SYSTEMROLE_ID) REFERENCES MY_SYSTEMROLE(ID)
      );


      Now the user is authenticating via AD with the MY_USER.SHORTHAND-attribute.



      INSERT INTO MY_SYSTEMROLE (NAME) VALUES ('ADMIN'); #ID 1
      INSERT INTO MY_SYSTEMROLE (NAME) VALUES ('USER'); #ID 2

      INSERT INTO MY_USER (LASTNAME, FIRSTNAME, SHORTHAND) VALUES ('Boo', 'Hoo', 'FOO', '2'); #Role: USER


      So I tried to set up a dashboard that has this List:



      <ul>
      <li><a routerLinkActivate="active" routerLink="/adminView">AdminView</a></li>
      <li><a (click)="logout()">Logout</a></li>
      </ul>


      And only users with the role ADMIN should have access to the AdminView. Now I found out, that I could use the authentication.getAuthorities() to receive Authorities (obviously). That means I could set up a controller that returns the role for the logged in user to the frontend.



      Yet, what is a proper way to add the ROLE to the authorities? I could - when the user is successfully authenticated (so redirected to the dashboard) make an API call from the frontend to the backend and ask for the roles from database and assign them, but that does not really sound like a 'clean' idea or good practice.



      My LDAP-Authentication:



      @Configuration
      @EnableWebSecurity
      public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

      @Value("${ad.domain}")
      private String AD_DOMAIN;

      @Value("${ad.url}")
      private String AD_URL;

      private final Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);

      @Override
      protected void configure(HttpSecurity http) throws Exception {
      http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin().and().httpBasic();
      http.formLogin().defaultSuccessUrl("/", true);
      }

      @Override
      protected void configure(AuthenticationManagerBuilder auth) throws Exception {
      auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
      }

      @Bean
      public AuthenticationManager authenticationManager() {
      return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
      }

      @Bean
      public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
      ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(AD_DOMAIN,
      AD_URL);
      provider.setConvertSubErrorCodesToExceptions(true);
      provider.setUseAuthenticationRequestCredentials(true);
      return provider;
      }
      }









      share|improve this question













      I'd like to add a role-system to my spring-boot application. For the moment I use the default spring-boot-security-starter-login page and simply added an LDAP-Authentication for authenticating the login. Now the roles should come from my database. I would like to use the following setup:



      CREATE TABLE IF NOT EXISTS MY_SYSTEMROLE (
      ID int PRIMARY KEY AUTO_INCREMENT,
      NAME varchar(255) NOT NULL,
      CONSTRAINT UC_SYSTEMROLENAME UNIQUE (NAME)
      );
      CREATE TABLE IF NOT EXISTS MY_USER (
      SAP_PERSONAL_ID int(32) PRIMARY KEY AUTO_INCREMENT,
      LASTNAME varchar(255),
      FIRSTNAME varchar(255),
      SHORTHAND varchar(128) NOT NULL,
      SYSTEMROLE_ID int,
      FOREIGN KEY (SYSTEMROLE_ID) REFERENCES MY_SYSTEMROLE(ID)
      );


      Now the user is authenticating via AD with the MY_USER.SHORTHAND-attribute.



      INSERT INTO MY_SYSTEMROLE (NAME) VALUES ('ADMIN'); #ID 1
      INSERT INTO MY_SYSTEMROLE (NAME) VALUES ('USER'); #ID 2

      INSERT INTO MY_USER (LASTNAME, FIRSTNAME, SHORTHAND) VALUES ('Boo', 'Hoo', 'FOO', '2'); #Role: USER


      So I tried to set up a dashboard that has this List:



      <ul>
      <li><a routerLinkActivate="active" routerLink="/adminView">AdminView</a></li>
      <li><a (click)="logout()">Logout</a></li>
      </ul>


      And only users with the role ADMIN should have access to the AdminView. Now I found out, that I could use the authentication.getAuthorities() to receive Authorities (obviously). That means I could set up a controller that returns the role for the logged in user to the frontend.



      Yet, what is a proper way to add the ROLE to the authorities? I could - when the user is successfully authenticated (so redirected to the dashboard) make an API call from the frontend to the backend and ask for the roles from database and assign them, but that does not really sound like a 'clean' idea or good practice.



      My LDAP-Authentication:



      @Configuration
      @EnableWebSecurity
      public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

      @Value("${ad.domain}")
      private String AD_DOMAIN;

      @Value("${ad.url}")
      private String AD_URL;

      private final Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);

      @Override
      protected void configure(HttpSecurity http) throws Exception {
      http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin().and().httpBasic();
      http.formLogin().defaultSuccessUrl("/", true);
      }

      @Override
      protected void configure(AuthenticationManagerBuilder auth) throws Exception {
      auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
      }

      @Bean
      public AuthenticationManager authenticationManager() {
      return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
      }

      @Bean
      public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
      ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(AD_DOMAIN,
      AD_URL);
      provider.setConvertSubErrorCodesToExceptions(true);
      provider.setUseAuthenticationRequestCredentials(true);
      return provider;
      }
      }






      spring spring-boot authorization






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked yesterday









      Rüdiger

      291219




      291219





























          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53944454%2fwhat-is-a-proper-way-to-add-roles-to-the-authentication-spring-boot-with-ldap%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown






























          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53944454%2fwhat-is-a-proper-way-to-add-roles-to-the-authentication-spring-boot-with-ldap%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          bHcfOjA
          il2R4AkZVFb9vX tz,HN,RhEOvF0l6,G

          Popular posts from this blog

          Monofisismo

          Angular Downloading a file using contenturl with Basic Authentication

          Olmecas