Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ivangfr/springboot-ldap-testcontainers

The goal of this project is to create a simple Spring Boot REST API, named 'simple-service,' and secure it using the Spring Security LDAP module. Additionally, Testcontainers will be utilized for integration testing.
https://github.com/ivangfr/springboot-ldap-testcontainers

docker graalvm java ldap native openldap phpldapadmin spring-boot spring-security spring-security-ldap spring-web-mvc springdoc-openapi testcontainers

Last synced: 8 days ago
JSON representation

The goal of this project is to create a simple Spring Boot REST API, named 'simple-service,' and secure it using the Spring Security LDAP module. Additionally, Testcontainers will be utilized for integration testing.

Awesome Lists containing this project

README

        

# springboot-ldap-testcontainers

The goal of this project is to create a simple [`Spring Boot`](https://docs.spring.io/spring-boot/index.html) REST API, named `simple-service`, and secure it using the `Spring Security LDAP` module. Additionally, [`Testcontainers`](https://testcontainers.com/) will be utilized for integration testing.

## Proof-of-Concepts & Articles

On [ivangfr.github.io](https://ivangfr.github.io), I have compiled my Proof-of-Concepts (PoCs) and articles. You can easily search for the technology you are interested in by using the filter. Who knows, perhaps I have already implemented a PoC or written an article about what you are looking for.

## Additional Readings

- \[**Medium**\] [**Implementing and Securing a Simple Spring Boot REST API with LDAP**](https://medium.com/@ivangfr/implementing-and-securing-a-simple-spring-boot-rest-api-with-ldap-7279528ef746)
- \[**Medium**\] [**Implementing and Securing a Spring Boot GraphQL API with LDAP**](https://medium.com/@ivangfr/implementing-and-securing-a-spring-boot-graphql-api-with-ldap-14fe574225e1)

## Project Diagram

![project-diagram](documentation/project-diagram.jpeg)

## Application

- ### simple-service

`Spring Boot` Java Web application that exposes two endpoints:
- `GET /api/public`: that can be access by anyone, it is not secured;
- `GET /api/private`: that can just be accessed by users authenticated with valid LDAP credentials.

## Prerequisites

- [`Java 21+`]( https://www.oracle.com/java/technologies/downloads/#java21)
- Some containerization tool [`Docker`](https://www.docker.com), [`Podman`](https://podman.io), etc.

## Start Environment

Open a terminal and inside the `springboot-ldap-testcontainers` root folder run:
```
docker compose up -d
```

## Import OpenLDAP Users

The `LDIF` file we will use, `simple-service/src/main/resources/ldap-mycompany-com.ldif`, contains a pre-defined structure for `mycompany.com`. Basically, it has 2 groups (`employees` and `clients`) and 3 users (`Bill Gates`, `Steve Jobs` and `Mark Cuban`). Besides, it's defined that `Bill Gates` and `Mark Cuban` belong to `employees` group, and `Steve Jobs` belongs to `clients` group.
```
Bill Gates > username: bgates, password: 123
Steve Jobs > username: sjobs, password: 123
Mark Cuban > username: mcuban, password: 123
```

There are two ways to import those users: by running a script or by using [`phpLDAPadmin`](https://github.com/leenooks/phpLDAPadmin).

### Import users running a script

- In a terminal, make use you are in the `springboot-ldap-testcontainers` root folder

- Run the following script
```
./import-openldap-users.sh
```

- Check users imported using [`ldapsearch`](https://linux.die.net/man/1/ldapsearch)
```
ldapsearch -x -D "cn=admin,dc=mycompany,dc=com" \
-w admin -H ldap://localhost:389 \
-b "ou=users,dc=mycompany,dc=com" \
-s sub "(uid=*)"
```

### Import users using phpLDAPadmin

- Access https://localhost:6443

- Login with the following credentials
```
Login DN: cn=admin,dc=mycompany,dc=com
Password: admin
```

- Import the file `simple-service/src/main/resources/ldap-mycompany-com.ldif`

- You should see something like

![phpldapadmin](documentation/phpldapadmin.jpeg)

## Run application with Maven

- In a terminal, make use you are in the `springboot-ldap-testcontainers` root folder

- Run the following command to start `simple-service`
```
./mvnw clean spring-boot:run --projects simple-service
```

## Run application as Docker container

- In a terminal, make sure you are in the `springboot-ldap-testcontainers` root folder

- Build Docker Image
- JVM
```
./build-docker-images.sh
```
- Native
```
./build-docker-images.sh native
```

- Environment Variables

| Environment Variable | Description |
|----------------------|---------------------------------------------------------|
| `LDAP_HOST` | Specify host of the `LDAP` to use (default `localhost`) |
| `LDAP_PORT` | Specify port of the `LDAP` to use (default `389`) |

- Run Docker Container
```
docker run --rm --name simple-service -p 8080:8080 \
-e LDAP_HOST=openldap \
--network springboot-ldap-testcontainers_default \
ivanfranchin/simple-service:1.0.0
```

## Testing using curl

1. Open a terminal

2. Call the endpoint `/api/public`
```
curl -i localhost:8080/api/public
```

It should return
```
HTTP/1.1 200
It is public.
```

3. Try to call the endpoint `/api/private` without credentials
```
curl -i localhost:8080/api/private
```

It should return
```
HTTP/1.1 401
```

4. Call the endpoint `/api/private` again. This time informing `username` and `password`
```
curl -i -u bgates:123 localhost:8080/api/private
```

It should return
```
HTTP/1.1 200
bgates, it is private.
```

5. Call the endpoint `/api/private` informing an invalid password
```
curl -i -u bgates:124 localhost:8080/api/private
```

It should return
```
HTTP/1.1 401
```

6. Call the endpoint `/api/private` informing a non-existing user
```
curl -i -u cslim:123 localhost:8080/api/private
```

It should return
```
HTTP/1.1 401
```

## Testing using Swagger

1. Access http://localhost:8080/swagger-ui.html

![swagger](documentation/simple-service-swagger.jpeg)

2. Click `GET /api/public` to open it; then, click `Try it out` button and, finally, `Execute` button.

It should return
```
Code: 200
Response Body: It is public.
```

3. Click `Authorize` button (green-white one, located at top-right of the page)

4. In the form that opens, provide the `Bill Gates` credentials, i.e, username `bgates` and password `123`. Then, click `Authorize` button, and to finalize, click `Close` button

5. Click `GET /api/private` to open it; then click `Try it out` button and, finally, `Execute` button.

It should return
```
Code: 200
Response Body: bgates, it is private.
```

## Shutdown

- To stop `simple-service` application, go to the terminal where it is running and press `Ctrl+C`
- To stop and remove docker compose containers, network and volumes, in a terminal and inside the `springboot-ldap-testcontainers` root folder, run the following command
```
docker compose down -v
```

## Running Test Cases

- In a terminal, make sure you are inside the `springboot-ldap-testcontainers` root folder

- Run the command below to start the **Unit Tests**
```
./mvnw clean test --projects simple-service
```

- Run the command below to start the **Unit** and **Integration Tests**
> **Note**: `Testcontainers` will start automatically `OpenLDAP` Docker container before some tests begin and will shut it down when the tests finish.
```
./mvnw clean verify --projects simple-service
```

## Cleanup

To remove the Docker image created by this project, go to a terminal and, inside the `springboot-ldap-testcontainers` root folder, run the following script
```
./remove-docker-images.sh
```