When I entered the wrong pass, I received error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1
and Whitelabel Error Page instead standard loggin pade.
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private LdapUserDetailsService userDetailsService;
@Autowired
private LdapUserDetailsMapperCustomer mapperCustomer;
private static final String LOGIN_URL = "/login";
private static final String LOGGED_OUT_URL = "/login?logged-out";
private static final String MAIN_URL = "/operations";
@Value("${activedirectory.url}")
private String ldapUrl;
@Value("${activedirectory.domain}")
private String ldapDomain;
@Value("${activedirectory.f1}")
private String groupSearchFilter;
@Value("${activedirectory.f2}")
private String groupSearchFilter2;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.requestCache().requestCache(new CustomRequestCache())
.and().authorizeRequests()
.requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll()
.antMatchers("/VAADIN/**", "/HEARTBEAT/**", "/UIDL/**", "/resources/**"
, "/login", "/login**", "/login/**", "/manifest.json", "/icons/**", "/images/**",
// (development mode) static resources
"/frontend/**",
// (development mode) webjars
"/webjars/**",
// (production mode) static resources
"/frontend-es5/**", "/frontend-es6/**").permitAll()
.antMatchers("/** ").authenticated()
.and()
.formLogin()
.loginPage(LOGIN_URL).permitAll()
.successForwardUrl(MAIN_URL)
.and()
.logout()
.logoutSuccessUrl(LOGGED_OUT_URL)
.and()
.sessionManagement().sessionFixation().newSession();
}
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers(
"/VAADIN/**",
"/favicon.ico",
"/robots.txt",
"/manifest.webmanifest",
"/sw.js",
"/offline-page.html",
"/icons/**",
"/images/**",
"/frontend/**",
"/webjars/**",
"/frontend-es5/**",
"/frontend-es6/**");
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(provider());
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
super.configure(auth);
}
@Bean
public ActiveDirectoryLdapAuthenticationProvider provider() {
ActiveDirectoryLdapAuthenticationProvider adProvider
= new ActiveDirectoryLdapAuthenticationProvider(ldapDomain, ldapUrl);
adProvider.setConvertSubErrorCodesToExceptions(true);
adProvider.setUseAuthenticationRequestCredentials(true);
adProvider.setSearchFilter(groupSearchFilter);
adProvider.setSearchFilter(groupSearchFilter2);
adProvider.setAuthoritiesMapper(ldapAuthoritiesMapper());
adProvider.setUserDetailsContextMapper(mapperCustomer);
adProvider.setUseAuthenticationRequestCredentials(true);
return adProvider;
}
@Bean
public LDAPGrantedAuthoritiesMapper ldapAuthoritiesMapper() {
return new LDAPGrantedAuthoritiesMapper();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public LoggerListener loggerListener() {
return new LoggerListener();
}
public SimpleAuthenticationFilter authenticationFilter() throws Exception {
SimpleAuthenticationFilter filter = new SimpleAuthenticationFilter();
filter.setAuthenticationManager(new ProviderManager(Collections.singletonList(provider())));
filter.setAuthenticationFailureHandler(failureHandler());
return filter;
}
public SimpleUrlAuthenticationFailureHandler failureHandler() {
return new SimpleUrlAuthenticationFailureHandler("/login?error=true");
}
@Bean
public StringHttpMessageConverter stringHttpMessageConverter() {
return new StringHttpMessageConverter(StandardCharsets.UTF_8);
}
}