The goal of this project is to create a simple Spring Boot
REST API, named simple-service
, and secure it using the Spring Security LDAP
module. Additionally, Testcontainers
will be utilized for integration testing.
On ivangfr.github.io, I have compiled my Proof-of-Concepts (PoCs) and articles. You can easily search for the technology you are interested in by using the filter. Who knows, perhaps I have already implemented a PoC or written an article about what you are looking for.
- [Medium] Implementing and Securing a Simple Spring Boot REST API with LDAP
- [Medium] Implementing and Securing a Spring Boot GraphQL API with LDAP
-
Spring Boot
Java Web application that exposes two endpoints:GET /api/public
: that can be access by anyone, it is not secured;GET /api/private
: that can just be accessed by users authenticated with valid LDAP credentials.
Open a terminal and inside the springboot-ldap-testcontainers
root folder run:
docker compose up -d
The LDIF
file we will use, simple-service/src/main/resources/ldap-mycompany-com.ldif
, contains a pre-defined structure for mycompany.com
. Basically, it has 2 groups (employees
and clients
) and 3 users (Bill Gates
, Steve Jobs
and Mark Cuban
). Besides, it's defined that Bill Gates
and Mark Cuban
belong to employees
group, and Steve Jobs
belongs to clients
group.
Bill Gates > username: bgates, password: 123
Steve Jobs > username: sjobs, password: 123
Mark Cuban > username: mcuban, password: 123
There are two ways to import those users: by running a script or by using phpLDAPadmin
.
-
In a terminal, make use you are in the
springboot-ldap-testcontainers
root folder -
Run the following script
./import-openldap-users.sh
-
Check users imported using
ldapsearch
ldapsearch -x -D "cn=admin,dc=mycompany,dc=com" \ -w admin -H ldap://localhost:389 \ -b "ou=users,dc=mycompany,dc=com" \ -s sub "(uid=*)"
-
Access https://localhost:6443
-
Login with the following credentials
Login DN: cn=admin,dc=mycompany,dc=com Password: admin
-
Import the file
simple-service/src/main/resources/ldap-mycompany-com.ldif
-
You should see something like
-
In a terminal, make use you are in the
springboot-ldap-testcontainers
root folder -
Run the following command to start
simple-service
./mvnw clean spring-boot:run --projects simple-service
-
In a terminal, make sure you are in the
springboot-ldap-testcontainers
root folder -
Build Docker Image
- JVM
./build-docker-images.sh
- Native
./build-docker-images.sh native
- JVM
-
Environment Variables
Environment Variable Description LDAP_HOST
Specify host of the LDAP
to use (defaultlocalhost
)LDAP_PORT
Specify port of the LDAP
to use (default389
) -
Run Docker Container
docker run --rm --name simple-service -p 8080:8080 \ -e LDAP_HOST=openldap \ --network springboot-ldap-testcontainers_default \ ivanfranchin/simple-service:1.0.0
-
Open a terminal
-
Call the endpoint
/api/public
curl -i localhost:8080/api/public
It should return
HTTP/1.1 200 It is public.
-
Try to call the endpoint
/api/private
without credentialscurl -i localhost:8080/api/private
It should return
HTTP/1.1 401
-
Call the endpoint
/api/private
again. This time informingusername
andpassword
curl -i -u bgates:123 localhost:8080/api/private
It should return
HTTP/1.1 200 bgates, it is private.
-
Call the endpoint
/api/private
informing an invalid passwordcurl -i -u bgates:124 localhost:8080/api/private
It should return
HTTP/1.1 401
-
Call the endpoint
/api/private
informing a non-existing usercurl -i -u cslim:123 localhost:8080/api/private
It should return
HTTP/1.1 401
-
Click
GET /api/public
to open it; then, clickTry it out
button and, finally,Execute
button.It should return
Code: 200 Response Body: It is public.
-
Click
Authorize
button (green-white one, located at top-right of the page) -
In the form that opens, provide the
Bill Gates
credentials, i.e, usernamebgates
and password123
. Then, clickAuthorize
button, and to finalize, clickClose
button -
Click
GET /api/private
to open it; then clickTry it out
button and, finally,Execute
button.It should return
Code: 200 Response Body: bgates, it is private.
- To stop
simple-service
application, go to the terminal where it is running and pressCtrl+C
- To stop and remove docker compose containers, network and volumes, in a terminal and inside the
springboot-ldap-testcontainers
root folder, run the following commanddocker compose down -v
-
In a terminal, make sure you are inside the
springboot-ldap-testcontainers
root folder -
Run the command below to start the Unit Tests
./mvnw clean test --projects simple-service
-
Run the command below to start the Unit and Integration Tests
Note:
Testcontainers
will start automaticallyOpenLDAP
Docker container before some tests begin and will shut it down when the tests finish../mvnw clean verify --projects simple-service
To remove the Docker image created by this project, go to a terminal and, inside the springboot-ldap-testcontainers
root folder, run the following script
./remove-docker-images.sh