Contact Free trial Login

Setting Up an LDAP Provider for Spring Security

Mule Runtime Engine versions 3.5, 3.6, and 3.7 reached End of Life on or before January 25, 2020. For more information, contact your Customer Success Manager to determine how you can migrate to the latest Mule version.

This page describes how you can configure a Spring Security LDAP provider:

For information on configuring an in-memory provider, see Configuring Security.


Before proceeding, ensure that you have the following .jar files in your project classpath:

  • spring-security-ldap-3.1.2.RELEASE.jar

  • spring-security-core-3.1.2.RELEASE.jar

  • spring-ldap-core-1.3.1.RELEASE.jar

Declaring the Beans

You must set up two beans in Spring, a DefaultSpringSecurityContextSource and an LdapAuthenticationProvider. The DefaultSpringSecurityContextSource is the access point for obtaining an LDAP context where the LdapAuthenticationProvider provides integration with the LDAP server. For example:

You need to set up an LDAP context source that will be used by the spring security authentication provider to search and authenticate your users. Also, you need to define an authentication manager with an embedded LDAP authentication provider as shown:



    <spring:bean id="contextSource" class="">
             <spring:constructor-arg value="${ldap.url}"/>
             <spring:property name="userDn" value="${ldap.adminDn}"/>
             <spring:property name="password" value="${ldap.adminPassword}"/>

        <ss:authentication-manager alias="authenticationManager">
            <ss:ldap-authentication-provider user-search-filter="(uid={0})" user-search-base="ou=People" group-search-base="ou=Group"/>



More information about the LDAP authentication provider and the different mechanisms to authenticate users against your LDAP server can be found here:

Configuring the Mule Security Provider

The SpringSecurityProviderAdapter delegates to an AuthenticationProvider such as the LdapAuthenticationProvider.

    <mule-ss:delegate-security-provider name="spring-security-ldap" delegate-ref="authenticationManager"/>

With the above configuration, you can achieve connector-level security and other security features in Mule that require one or more security providers.

Configuring the MethodSecurityInterceptor

The configuration for component authorization is similar to the one described in Component Authorization Using Spring Security. A key point of configuration is securityMetadataSource:

<property name="securityMetadataSource" value="org.mule.api.lifecycle.Callable.onCall=ROLE_MANAGERS"/>

The roles are looked up by the DefaultLdapAuthoritiesPopulator, which you configured in the previous section. By default, a role is prefixed with ROLE_, and its value is extracted and converted to uppercase from the LDAP attribute defined by the groupRoleAttribute.

See Also

For information on configuring an in-memory provider, see Configuring Security.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub