I'm trying to use ActiveDirectory to authenticate to JasperServer , that still not working for some reason :
here is my configuration :
1. STEP 1 : access params to the AD Server :
<bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
<constructor-arg value="ldap://192.10.0.190:389/dc=sifast,dc=infra"/>
<!-- manager user name and password (may not be needed) -->
<property name="userDn" value="CN=recherche,CN=Users,DC=sifast,DC=infra"/>
<property name="password" value="*******"/>
<property name="referral">
<value>follow</value>
</property>
</bean>
2.STEP 2: configuration of the access within "userDnPatterns" :
here i wanna access with the login already entered
<bean id="ldapAuthenticationProvider" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider">
<constructor-arg>
<bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSBindAuthenticator">
<constructor-arg><ref local="ldapContextSource"/></constructor-arg>
<property name="userDnPatterns">
<list>
<value>CN={0},CN=Users,DC=sifast,DC=infra</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSDefaultLdapAuthoritiesPopulator">
<constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg>
</bean>
so here i'm setting it within that : CN={0},CN=Users,DC=sifast,DC=infra
3. STEP 3 : configuring the userSearch method:
<bean id="userSearch"
class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSFilterBasedLdapUserSearch">
<constructor-arg index="0">
<value></value>
</constructor-arg>
<constructor-arg index="1">
<value>(sAMAccountName={0})</value>
</constructor-arg>
<constructor-arg index="2">
<ref local="ldapContextSource" />
</constructor-arg>
<property name="searchSubtree">
<value>true</value>
</property>
</bean>
here i'm using the login "({0})" entered to look for the similar sAMAccountName of the right user.
that still not working.
my AD Schema looks like this:
so i wanna let simple users inside CN=USERS acquire access
Actually my authentication is still failing. Any ideas?
In your step 2 spring configuration file JSBindAuthenticator missing the following property reference:
<property name="userSearch" ref="userSearch"/>
Related
I have a query re. the setup of the GridGain near cache, we have a single server node with the config as listed below and have a single thick client connecting successfully to it ~
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean class="org.apache.ignite.configuration.IgniteConfiguration">
<!-- PEER CLASS LOADING -->
<property name="peerClassLoadingEnabled" value="true"/>
<!-- CACHE CONFIG-->
<property name="cacheConfiguration">
<list>
<!-- ENTER CACHE TEMPLATE-->
<bean class="org.apache.ignite.configuration.CacheConfiguration">
<property name="name" value="cache1"/>
<property name="cacheMode" value="PARTITIONED"/>
<property name="rebalanceMode" value="SYNC"/>
<property name="nearConfiguration">
<bean class="org.apache.ignite.configuration.NearCacheConfiguration">
<property name="nearEvictionPolicyFactory">
<bean class="org.apache.ignite.cache.eviction.lru.LruEvictionPolicyFactory">
<property name="maxSize" value="100000"/>
</bean>
</property>
</bean>
</property>
</bean>
<bean class="org.apache.ignite.configuration.CacheConfiguration">
<property name="name" value="cache2"/>
<property name="cacheMode" value="PARTITIONED"/>
<property name="rebalanceMode" value="SYNC"/>
<property name="nearConfiguration">
<bean class="org.apache.ignite.configuration.NearCacheConfiguration">
<property name="nearEvictionPolicyFactory">
<bean class="org.apache.ignite.cache.eviction.lru.LruEvictionPolicyFactory">
<property name="maxSize" value="100000"/>
</bean>
</property>
</bean>
</property>
</bean>
<bean class="org.apache.ignite.configuration.CacheConfiguration">
<property name="name" value="cache3"/>
<property name="cacheMode" value="PARTITIONED"/>
<property name="rebalanceMode" value="SYNC"/>
<property name="nearConfiguration">
<bean class="org.apache.ignite.configuration.NearCacheConfiguration">
<property name="nearEvictionPolicyFactory">
<bean class="org.apache.ignite.cache.eviction.lru.LruEvictionPolicyFactory">
<property name="maxSize" value="100000"/>
</bean>
</property>
</bean>
</property>
</bean>
</list>
</property>
<!-- DISCOVERY-->
<property name="discoverySpi">
<bean class="org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi">
<property name="ipFinder">
<bean class="org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder">
<property name="namespace" value="gridgain"/>
<property name="serviceName" value="gridgain-service"/>
</bean>
</property>
</bean>
</property>
</bean>
</beans>
In setting the server up like this it was my understanding that as per the documentation here , that "Once configured in this way, the near cache is created on any node that requests data from the underlying cache, including both server nodes and client nodes. When you get an instance of the cache, as shown in the following example, the data requests go through the near cache.
IgniteCache<Integer, Integer> cache = ignite.cache("myCache");
int value = cache.get(1);
Based on this I do not believe that I have any need to create the near cache config on our client? and have just implemented code as ~
IgniteCache<Object, Object> cache = ignite.cache(ourCacheName);
The issue I see is that when I peek at the local cache to try and find values in there, after searching for them ~
cache_.localPeek(key, CachePeekMode.NEAR)
The objects are not found, despite being searched for several times, and it looks like they are not added to our near cache setup, everything just refers to the underlying cache. Previously we had programmatically created the Near cache on the client and it had worked, but we would like to config the solution on the server if possible. Our client node is just using default config, if this makes a difference.
Any thoughts why we are not seeing a near cache?
Thanks,
LS
In order to use the cache I suggest you create the near cache explicitly using the following syntax:
IgniteCache<Integer, Integer> clientCache = client.getOrCreateNearCache(cacheCfg.getName(), nearCfg);
...
clientCache.get(1);
System.out.println(clientCache.localPeek(1, CachePeekMode.NEAR));
There are some tickets like IGNITE-15960 or IGNITE-1163 with discussions about the API improvements. I suppose the cache has to be declared on the servers first and then you would be able to create it explicitly on the clients. Agree, the docs and API are super confusing and have to be reworked.
Also, the near cache is local to a node, i.e. you might have them for some clients/servers and do not want to create it for other ones.
I hope to use ignite to sync up records to multiple mysql db. For example, when some records goes into cacheA, the records can be persistent to db1 and db2 both.
Can it be possible?
What I did is:
write a PersonStore class and build it as a jar and place it in libs\
first sample1.xml configure as
Blockquote
<bean class="org.springframework.jdbc.datasource.DriverManagerDataSource" id="dataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
<property name="url" value="jdbc:mysql://111.xxx.xxx:3306/test"></property>
<property name="username" value="root"></property>
<property name="password" value="xxxx"></property>
</bean>
<bean id="ignite.cfg" class="org.apache.ignite.configuration.IgniteConfiguration">
<property name="peerClassLoadingEnabled" value="true"/>
<property name="cacheConfiguration">
<list>
<bean class="org.apache.ignite.configuration.CacheConfiguration">
<property name="name" value="personCache"></property>
<!-- Enable readThrough-->
<property name="readThrough" value="true"></property>
<property name="writeThrough" value="true"></property>
<!-- Set cacheStoreFactory-->
<property name="cacheStoreFactory">
<bean class="javax.cache.configuration.FactoryBuilder" factory-method="factoryOf">
<constructor-arg value="com.jguo.ignitepersistentstoredemo.PersonStore"></constructor-arg>
</bean>
</property>
<property name="queryEntities">
<list>
<bean class="org.apache.ignite.cache.QueryEntity">
<property name="keyType" value="java.lang.Long"></property>
<property name="valueType" value="com.jguo.ignitepersistentstoredemo.model.Person"></property>
<property name="fields">
<map>
<entry key="id" value="java.lang.Long"></entry>
<entry key="name" value="java.lang.String"></entry>
<entry key="orgId" value="java.lang.Long"></entry>
<entry key="salary" value="java.lang.Integer"></entry>
</map>
</property>
</bean>
</list>
</property>
</bean>
</list>
</property>
</bean>
Start one Ignite node bin/ignite.sh config/sample1.xml
Create another xml file sample2.xml and only modify the datasource part
Blockquote
<bean class="org.springframework.jdbc.datasource.DriverManagerDataSource" id="dataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
<property name="url" value="jdbc:mysql://222.xxx.xxx:3306/test"></property>
<property name="username" value="root"></property>
<property name="password" value="xxxx"></property>
</bean>
Start second Ignite node bin/ignite.sh config/sample2.xml
Start a client and put some record in cache personCache
But only one db got the data.
CacheConfiguration should be unified across all the nodes. That's why only one config is in effect.
If you need a CacheStore to operate against multiple DBs, you need to create a custom CacheStore which will have multiple data sources referring to different DBs and implement methods in an appropriate way.
I deployed my CAS server with OAuth protocol support
I've added this code to my deployerConfigContext.xml
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="1"/>
<property name="name" value="the_key"/>
<property name="description" value="the_secret"/>
<property name="theme" value="my great webapp for OAuth"/>
<property name="serviceId" value="http://localhost:8080/cas/login"/>
<property name="evaluationOrder" value="10000001"/>
<property name="allowedAttributes">
<list>
<!-- facebook -->
<value>the_key</value>
<value>the_secret</value>
</list>
</property>
</bean>
and
<bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.DefaultTicketRegistry">
<constructor-arg index="0" value="1000"/>
<constructor-arg index="1" value="1"/>
<constructor-arg index="2" value="16"/>
</bean>
to define my ticketRegistry
So my OAuth client secret code key is the_secret and the_key
but when I load this URL http://localhost:8080/cas/oauth2.0/accessToken?client_secret=the_secret&grant_type=refresh_token&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcas%2Flogin&code=0&client_id=the_key to test my OAuth protocol, I've got this exception
<Code Expired 0>
Why and how could I fix it?
You need to define two CAS services :
one for internal mechanism of OAuth server support (with CASservice.serviceId = http://localhost:8080/cas/oauth2.0/callbackAuthorize)
one for the each client OAuth application you want to authorize (with oauthclient.key = CASservice.name, oauthclient.secret = CASservice.description, oauthclient.redirect_uri should start with CASservice.serviceId).
The documentation : https://wiki.jasig.org/display/CASUM/OAuth+server+support, part 3...
I am trying to make Spring Security 3.05 to work with a modified UserDetailsContextMapper so that i can get a few more info out of LDAP they way i need to, a task that seems fairly straightforward, but had no success.
I have configured Spring Security to use LDAP authentication with the following beans:
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldaps://192.168.1.102:636" />
<property name="userDn" value="manager" />
<property name="password" value="password" />
</bean>
<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userSearch">
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="" />
<constructor-arg index="1" value="(mail={0})" />
<constructor-arg index="2" ref="contextSource" />
</bean>
</property>
</bean>
</constructor-arg>
<property name="userDetailsContextMapper" ref="myContextMapper" />
</bean>
However even though i have defined myContextMapper as:
<bean id="myContextMapper" class="com.mypackage.MyLDAPUserDetailsMapper">
<property name="rolePrefix" value="TEST_PREFIX" />
</bean>
it does not work. meaning that the custom mapper is ignored (i get no debug output whatsoever).
p.s. applicationContext-security.xml can be seen below and apart from the custom UserDetailsMapper that's been ignored, authentication and role assignment is working fine.
<authentication-manager>
<ldap-authentication-provider server-ref="contextSource"/>
</authentication-manager>
You don't need to configure the in-built UserDetailsContextMapper classes. Spring Security automatically picks up the correct UserDetailsContextMapper based on the type of LdapUserDetails class requested, which is configured by user-details-class attribute of ldap-authentication-provider. If you are using your own context mapper then configure it using the attribute user-context-mapper-ref.
I have an application that use Spring-Security framework with Jboss Server. Everything works fine. I can get account locked, bad credentials messages based on the authentication.
Now, I'm trying to move to configure the same thing with Tomcat. But, I don't get account locked, bad credentials messages. I just get "Unauthorized" for every wrong authentication. Can some body point me to What I am missing ? Here is the securitycontext.xml file content:
<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint"/>
</bean>
<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager">
</property>
</bean>
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="jaasAuthenticationProvider"/>
<ref local="casAuthenticationProvider"/>
</list>
</property>
</bean>