I have a Spring Boot app with Spring Security and a "hardcoded" user account as a temporary solution. Now I need to introduce real accounts with user details stored in a database (PG). User details should include usernames, bcrypt-ed passwords, app-specific roles and preferences. So, currently I need to authenticate users against these data. This is the first option.
On the other hand, later there may be a possibility of using an external authentication service (LDAP) provided by the company. In that case, external authentication must be combined with details still stored in the database (app-specific roles and preferences). This is the second option.
The main question is how to implement the authentication procedure in such a way that switching between these two options would require minimum efforts. In fact, the app may be used in different environments, so both options must be accessible by changing the configuration (not the code).
It seems that I could implement LDAP-based authentication (UnboundID) right now and to use the details from my database. Having this done, I could switch to external authentication by changing the ldap-server URL and by informing clients that they should use company credentials instead of in-app credentials.
Numerous examples and tutorials about Spring Boot + LDAP demonstrate usage of credentials stored in LDIF-files. Can I use credentials stored in my database instead?
Any reference to an example of a suitable Spring Boot configuration is appreciated.
