Angular JS SPA using LDAP authentication

I'm writing Angular JS SPA application which calls Rest full web service. Back-end is being written on JAX-RS, deployed on Tomcat 7. I'm using HTTPS, SSL for transferring data from SPA to JAX-RS

requirements

  1. I have to make LDAP authentication. (I will send username & password to web service and it should make authentication)
  2. I have to do user's session management (because, when authenticated user sends request to web service, user doesn't have to authenticate again)

problems

  1. I think there are two options for doing LDAP authentication:

    • Make LDAP authentication using core java http://docs.oracle.com/javase/jndi/tutorial/ldap/security/ldap.html
    • Use Spring security (I'm not familiar with it and not sure if it's possible. I think I should send username & password to rest service. Rest service will have spring security library injected and it'll be possible to use authentication functionality. Am I right?)

  2. Manage user sessions. Once user is authenticated, it should be saved somewhere, so that user can do operations until its logon is not expired. How can I do it?


Which way should I choose? How should I make LDAP authenticating and session management?


Can anyone give any suggestion or example links?

so

  1. LDAP Authentication using JNDI works just fine, you could also use the neat UnboundID LDAP Java API. A simple LDAP Bind example can be found here: https://code.google.com/p/ldap-sample-code/source/browse/trunk/src/main/java/samplecode/bind/SimpleBindExample.java .

Note also that you could use a Node.JS module as you backend, the Passport.JS Authentication framework for example, provides lots of features/capabilities relative to authentication and Federation (i.e., do things like 'Login with Google', etc...). See: passportjs.org.

  1. On the Angular/frontend side,your best bet is to use a JWT token. It's all explained in detail with examples here: http://code.tutsplus.com/tutorials/token-based-authentication-with-angularjs-nodejs--cms-22543.

In essence:

  • your backend Authentication REST should return a JWT Token in the response, once the user successfully binds to LDAP. This Token would contain some user data, and should be encrypted (see link above).
  • Your Angular App should set that token as a cookie on the client Browser ("set-cookie" response header) upon successful login (so in the Controller of your Login view).
  • The Client will then present that cookie/JWT Token on every request it makes to your app.
  • Your app will then need to validate the token presented on every request (in the controller of your SPA). You may also want to add the user authentication data to your $scope so you can use it in your view.

Hope it helps...