spring-boot-ldap-auth-one-time-token-login

The goal of this project is to create a Spring Boot application called movies-app that allows users to log in using their LDAP pre-defined account LDAP Authentication and One-Time Token Login.

Proof-of-Concepts & Articles

On ivangfr.github.io, I have compiled my Proof-of-Concepts (PoCs) and articles. You can easily search for the technology you are interested in by using the filter. Who knows, perhaps I have already implemented a PoC or written an article about what you are looking for.

Additional Readings

• [Medium] Spring Boot App with LDAP Authentication and One-Time Token Login

Applications

• movies-app

  A Spring Boot Java web application that provides a user interface for accessing movie information.

  The application is connected to an OpenLDAP server running in a Docker container.

  Users can log in either with their username and password or by requesting a one-time token sent to their email.

• MailPit

  We are using MailPit. It's a lightweight email testing tool that captures and displays emails from your application in a web interface. It helps developers test email functionality without sending real emails.

Prerequisites

• Java 21 or higher;
• A containerization tool (e.g., Docker, Podman, etc.)

Start Environment

• In a terminal, navigate to spring-boot-ldap-auth-one-time-token-login root folder;

• Run the following command to start Docker Compose containers:

  docker compose up -d

Import OpenLDAP Users

The LDIF file we will use, ldap/ldap-mycompany-com.ldif, contains a pre-defined structure for mycompany.com. Basically, it has 2 groups (admin and user) and 3 users (Ivan Franchin, Bill Gates and Steve Jobs). Besides, it's defined that Ivan Franchin belongs to admin group, and Bill Gates and Steve Jobs belong to user group.

Ivan Franchin > username: ifranchin, password: 123
Bill Gates > username: bgates, password: 123
Steve Jobs > username: sjobs, password: 123

There are two ways to import those users: by running a script or by using phpLDAPadmin.

Import users running a script

• In a terminal, make sure you are in the spring-boot-ldap-auth-one-time-token-login root folder;

• Run the following script:

  ./import-openldap-users.sh

• Check users imported using ldapsearch:

  ldapsearch -x -D "cn=admin,dc=mycompany,dc=com" \
    -w admin -H ldap://localhost:389 \
    -b "ou=users,dc=mycompany,dc=com" \
    -s sub "(uid=*)"

Import users using phpLDAPadmin

• Access https://localhost:6443

• Login with the following credentials:

  Login DN: cn=admin,dc=mycompany,dc=com
  Password: admin
  

• Import the file ldap/ldap-mycompany-com.ldif

• You should see something like

Running movies-app using Maven

• In a terminal, make sure you are in spring-boot-ldap-auth-one-time-token-login folder;

• Run the following Maven command to start the application:

  ./mvnw clean spring-boot:run --projects movies-app

Application URLs

Application	URL
movies-app	http://localhost:8080
MailPit	http://localhost:8025
phpLDAPadmin	https://localhost:6443

Demonstration

• LDAP Authentication

  

• One-Time Token Login

  

  Note: If the admin or user logs out and tries to log in again using the same token, it will not work!

Shutdown

• To stop movies-app, go to the terminal where it's running and press Ctrl+C;
• To stop and remove Docker Compose containers, network and volumes, go to a terminal and, inside spring-boot-ldap-auth-one-time-token-login root folder, run the command below:

  docker compose down -v