Spring Security ActiveDirectoryLdapAuthenticationProvider doesn't have a spring properties for external configuration

I am currently working to integrate ActiveDirectoryLdapAuthenticationProvider with SecurityFilterChain.

To configure ActiveDirectoryLdapAuthenticationProvider I need to provide the following properties (or a combination of them).

        private final String domain;

    private final String rootDn;

    private final String url;

    private String searchFilter = "(&(objectClass=user)(userPrincipalName={0}))";

Currenty, there is no spring configuration properties that would allow me to externalize the configuration from application.properties or application.yml. I have to create a custom bean for that purpose.

Spring provides LdapProperties for ldap configuration.

My suggestion would be to take similar approach. An initial suggestion for the list of properties would be:

package org.springframework.security.ldap.authentication.ad;

import lombok.Getter;
import lombok.Setter;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;


@Getter
@Setter
@Configuration
@ConfigurationProperties(prefix = "spring.security.ldap.active-directory")
public class LdapSecurityProperties {
    String domain;
    String url;
    String rootDn;
    String searchFilter;
}

Then in application.properties we would have:

spring.security.ldap.activeDirectory.url=ldap://localhost:389
spring.security.ldap.activeDirectory.domain=
spring.security.ldap.activeDirectory.rootDn=dc=example,dc=com
spring.security.ldap.activeDirectory.searchFilter=(sAMAccountName={0})

My current approach to configuring AD authentication provider looks this:

    @Bean
    public AuthenticationProvider activeDirectoryLdapAuthenticationProvider(LdapSecurityProperties ldapProperties) {
        ActiveDirectoryLdapAuthenticationProvider provider =
                new ActiveDirectoryLdapAuthenticationProvider(
                        ldapProperties.getDomain(),
                        ldapProperties.getUrl(),
                        ldapProperties.getRootDn());

        // to parse AD failed credentials error message due to account - expiry,lock | credentials - expiry,lock
        provider.setConvertSubErrorCodesToExceptions(true);
        provider.setUseAuthenticationRequestCredentials(true);
        provider.setSearchFilter(ldapProperties.getSearchFilter());
        return provider;
    }

Comment From: jzheaux

Thanks for the suggestion, @ffroliva.

Property-based configuration would be up to the Spring Boot team, so I'm going to close this issue and invite you to consider filing an issue there. https://github.com/spring-projects/spring-boot/issues/7929 may be informative for you to read up on first.