Spring Security: Can I use LDAP and Digest Authentication together?

Question

Is there a way to use LDAP as an authentication backend with HTTP Digest as authentication method to the client with Spring? I could not find anything about this in the documentation.

Answer 1

You can use LDAP as a UserDetailsSService for DIGEST, but only when you have access to user's password in clear text. Excerpt from Spring Security documentation:

The configured UserDetailsService is needed because DigestAuthenticationFilter must have direct access to the clear text password of a user. Digest Authentication will NOT work if you are using encoded passwords in your DAO. The DAO collaborator, along with the UserCache, are typically shared directly with a DaoAuthenticationProvider. The authenticationEntryPoint property must be DigestAuthenticationEntryPoint, so that DigestAuthenticationFilter can obtain the correct realmName and key for digest calculations.