how to create read only user in activeMQ web console - activemq

I'm trying to create a read only user in activeMQ console, I found this and this too. the second post from stackoverflow is not helpful because it deployed the web console to an external server. The second page from pivotal looks promising and I tried with activeMQ version 5.14.1 but it didn't work too. activeMQ didn't even start whenever I try accessing the console with the user/password specified for read only user I get !role error.
Any ideas?
Thanks in advance!

found the answer in here I had to change class="org.eclipse.jetty.http.security.Constraint" to class="org.eclipse.jetty.util.security.Constraint" in step number 1

Links to Pivotal are dead. For those who want a simple solution you can change these lines from jetty.xml :
<bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="securityConstraint" />
<property name="pathSpec" value="/api/*,/admin/*,*.jsp" />
</bean>
<bean id="adminSecurityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="adminSecurityConstraint" />
<property name="pathSpec" value="*.action" />
</bean>
to
<bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="securityConstraint" />
<property name="pathSpec" value="/api/*,*.jsp,*.html,*.png,*.css,/admin/js/*" />
</bean>
<bean id="adminSecurityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="adminSecurityConstraint" />
<property name="pathSpec" value="*.action" />
</bean>

Related

Apache Ignite data loss when one node goes down

I'm new with Ignite and I'm trying to test data quality and availability of Ignite cluster.
I use the below xml configuration for setting cluster,
<property name="discoverySpi">
<bean class="org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi">
<property name="socketTimeout" value="50000" />
<property name="networkTimeout" value="50000" />
<property name="reconnectCount" value="5" />
<property name="ipFinder">
<bean class="org.apache.ignite.spi.discovery.tcp.ipfinder.vm.TcpDiscoveryVmIpFinder">
<property name="addresses">
<list>
<value>x.x.x.1:47500..47509</value>
<value>x.x.x.2:47500..47509</value>
</list>
</property>
</bean>
</property>
</bean>
</property>
</bean>
Also and jthe CacheConfiguration is,
<bean id="cache-template-bean" class="org.apache.ignite.configuration.CacheConfiguration">
<property name="name" value="CACHE_TEMPLATE*"/>
<property name="cacheMode" value="PARTITIONED" />
<property name="backups" value="1" />
<!-- <property name="backups" value="2" />
<property name="backups" value="3" /> -->
<property name="atomicityMode" value="TRANSACTIONAL" />
<property name="writeSynchronizationMode" value="PRIMARY_SYNC" />
<property name="rebalanceBatchSize" value="#{4 * 1024 * 1024}" />
<property name="rebalanceMode" value="ASYNC" />
<property name="statisticsEnabled" value="true" />
<property name="rebalanceBatchesPrefetchCount" value="4" />
<property name="defaultLockTimeout" value="5000" />
<property name="readFromBackup" value="true" />
<property name="queryParallelism" value="6" />
<property name="nodeFilter">
<bean class="org.apache.ignite.util.AttributeNodeFilter">
<constructor-arg>
<map>
<entry key="ROLE" value="data.compute"/>
</map>
</constructor-arg>
</bean>
</property>
</bean>
My scenarios are,
Loaded the 5 million data when all the 3 nodes
Bring one node down
The count shows 3.75 million. (Data loss)
Bringing the node up counts 5 million again.
I tried backup 1,2,3 all resulted in the same data loss. As per Ignite documents, appears the data loss should not happen. If this fixed, I can try adding data when the node is down and check how it behaves.
Any suggestions, please?
Ash
The main idea of the baseline topology and persistence is to prevent unnecessary rebalance and store data only in specified server nodes. When a baseline node stopped, it is expected that one will back soon and the rebalance process is not triggered. You could exclude the node from the baseline using api or control.sh utility.
IgniteCache.size() returns the number of primary entries. So when a baseline node is stopped, size() shows a smaller number indicating that a number of primary entries is not accessible.
In your case the data is not lost by two reasons:
1. The data is persisted in backup entries on alive baseline nodes.
2. The primary and backup entries located on the stopped node will back to the cluster after the node started.
[1] https://apacheignite.readme.io/docs/baseline-topology

Authenticating JasperServer 6.3 with active directory not WORKING

I'm trying to use ActiveDirectory to authenticate to JasperServer , that still not working for some reason :
here is my configuration :
1. STEP 1 : access params to the AD Server :
<bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
<constructor-arg value="ldap://192.10.0.190:389/dc=sifast,dc=infra"/>
<!-- manager user name and password (may not be needed) -->
<property name="userDn" value="CN=recherche,CN=Users,DC=sifast,DC=infra"/>
<property name="password" value="*******"/>
<property name="referral">
<value>follow</value>
</property>
</bean>
2.STEP 2: configuration of the access within "userDnPatterns" :
here i wanna access with the login already entered
<bean id="ldapAuthenticationProvider" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider">
<constructor-arg>
<bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSBindAuthenticator">
<constructor-arg><ref local="ldapContextSource"/></constructor-arg>
<property name="userDnPatterns">
<list>
<value>CN={0},CN=Users,DC=sifast,DC=infra</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSDefaultLdapAuthoritiesPopulator">
<constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg>
</bean>
so here i'm setting it within that : CN={0},CN=Users,DC=sifast,DC=infra
3. STEP 3 : configuring the userSearch method:
<bean id="userSearch"
class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSFilterBasedLdapUserSearch">
<constructor-arg index="0">
<value></value>
</constructor-arg>
<constructor-arg index="1">
<value>(sAMAccountName={0})</value>
</constructor-arg>
<constructor-arg index="2">
<ref local="ldapContextSource" />
</constructor-arg>
<property name="searchSubtree">
<value>true</value>
</property>
</bean>
here i'm using the login "({0})" entered to look for the similar sAMAccountName of the right user.
that still not working.
my AD Schema looks like this:
so i wanna let simple users inside CN=USERS acquire access
Actually my authentication is still failing. Any ideas?
In your step 2 spring configuration file JSBindAuthenticator missing the following property reference:
<property name="userSearch" ref="userSearch"/>

CAS delegate authentication

I'm using CAS server 4.x and I'm trying to delegate authentication using google. My idea is that a web application A redirects to CAS for login, there the user presses a "login using google" and then he gets redirected to log in using google.
To achieve that I created a client application (A).
I run A and it redirects me to the CAS login page, there I press the "login using google" link and it redirects me to login with google, there I login and consent.
On the CAS side the info from google is received ok and the TGT is created. However, the server fails to redirect to A cause it doesn't have the redirect info in the session:
ERROR [org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController] - oauth20_callbackUrl is missing from the session and can not be retrieved.
Any idea of what could be wrong?
This is how I configured everything:
First, I followed the steps mentioned here:
http://jasig.github.io/cas/development/integration/Delegate-Authentication.html
In the login view I added:
login using google
applicationContext:
<bean id="google" class="org.pac4j.oauth.client.Google2Client">
<property name="key" value="key" />
<property name="secret" value="secret" />
</bean>
<bean id="clients" class="org.pac4j.core.client.Clients">
<property name="callbackUrl" value="http://localhost:8080/cas/login" />
<property name="clients">
<list>
<ref bean="google" />
</list>
</property>
</bean>
cas servlet:
<bean id="clientAction" class="org.jasig.cas.support.pac4j.web.flow.ClientAction">
<constructor-arg index="0" ref="centralAuthenticationService"/>
<constructor-arg index="1" ref="clients"/>
</bean>
deployerConfigContext:
<property name="authenticationMetaDataPopulators">
<util:list>
<bean class="org.jasig.cas.support.pac4j.authentication.ClientAuthenticationMetaDataPopulator" />
</util:list>
</property>
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.support.pac4j.authentication.handler.support.ClientAuthenticationHandler">
<constructor-arg index="0" ref="clients"/>
</bean>
Then I added an OAuth client in the deployerConfigContext:
registeredServicesList:
<bean class="org.jasig.cas.support.oauth.services.OAuthRegisteredService">
<property name="id" value="1" />
<property name="name" value="serviceName" />
<property name="description" value="Service Description" />
<property name="serviceId" value="http://localhost:8080/A/" />
<property name="clientId" value="123" />
<property name="clientSecret" value="123" />
</bean>
The error you get happens only if you enable OAuth server support, but what you want is to enable OAuth client support (based on pac4j) to be able to delegate the authentication to Google. You have the right link to the documentation, but you should check you followed every steps (there is no "OAuthRegisteredService").

Spring Security with LDAP and custom UserDetailsContextMapper

I am trying to make Spring Security 3.05 to work with a modified UserDetailsContextMapper so that i can get a few more info out of LDAP they way i need to, a task that seems fairly straightforward, but had no success.
I have configured Spring Security to use LDAP authentication with the following beans:
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldaps://192.168.1.102:636" />
<property name="userDn" value="manager" />
<property name="password" value="password" />
</bean>
<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userSearch">
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="" />
<constructor-arg index="1" value="(mail={0})" />
<constructor-arg index="2" ref="contextSource" />
</bean>
</property>
</bean>
</constructor-arg>
<property name="userDetailsContextMapper" ref="myContextMapper" />
</bean>
However even though i have defined myContextMapper as:
<bean id="myContextMapper" class="com.mypackage.MyLDAPUserDetailsMapper">
<property name="rolePrefix" value="TEST_PREFIX" />
</bean>
it does not work. meaning that the custom mapper is ignored (i get no debug output whatsoever).
p.s. applicationContext-security.xml can be seen below and apart from the custom UserDetailsMapper that's been ignored, authentication and role assignment is working fine.
<authentication-manager>
<ldap-authentication-provider server-ref="contextSource"/>
</authentication-manager>
You don't need to configure the in-built UserDetailsContextMapper classes. Spring Security automatically picks up the correct UserDetailsContextMapper based on the type of LdapUserDetails class requested, which is configured by user-details-class attribute of ldap-authentication-provider. If you are using your own context mapper then configure it using the attribute user-context-mapper-ref.

How to Configure SSL over Database in Spring?

I want to add SSL security in the Database layer. I am using Struts2.1.6, Spring 2.5, JBOSS 5.0 and Informix 11.5. Any idea how to do this?
I have researched through a lot on the internet but could not find any solution.
Please suggest!
Here is my datasource and entity manager beans which is working perfect without SSL:
<bean id="entityManagerFactory"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="jpaVendorAdapter">
<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
<property name="database" value="INFORMIX" />
<property name="showSql" value="true" />
</bean>
</property>
</bean>
<bean id="dataSource"
class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="com.informix.jdbc.IfxDriver" />
<property name="url"
value="jdbc:informix-sqli://SERVER_NAME:9088/DB_NAME:INFORMIXSERVER=SERVER_NAME;DELIMIDENT=y;" />
<property name="username" value="username" />
<property name="password" value="password" />
<property name="minIdle" value="2" />
</bean>
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean" lazy-init="false">
<property name="targetObject" ref="dataSource" />
<property name="targetMethod" value="addConnectionProperty" />
<property name="arguments">
<list>
<value>characterEncoding</value>
<value>UTF-8</value>
</list>
</property>
</bean>
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate" scope="prototype">
<property name="dataSource" ref="dataSource" />
</bean>
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory" />
</bean>
<tx:annotation-driven transaction-manager="transactionManager" />
Thankyou very much for your suggestion. So basically I need to set something like this in my applicationContext.xml, Please correct me if I am wrong:
<property name="username" value="username" />
<property name="password" value="password" />
**<property name="sslConnection" value="true" />**
<property name="minIdle" value="2" />
But how do I set the SSL certificate in java runtime. The link which you have provided is good but for some reason I am not able to follow. Please put your suggestion.
Using SSL for the communication between an application and a database is something that has to be supported by the database server (and the JDBC driver).
According to the documentation, this is supported by Informix Dynamic Server (IDS) since version 11.50.
You can use SSL support in your Java applications if you use IBM Data Server Driver for JDBC and SQLJ type 4 connectivity to DB2® for z/OS® Version 9 or later, to DB2 Database for Linux®, UNIX®, and Windows® Version 9.1, Fix Pack 2 or later, or to IBM Informix® Dynamic Server (IDS) Version 11.50 or later.
(...)
To use SSL connections, you need to:
Configure connections to the data source to use SSL. (link)
Configure your Java Runtime Environment to use SSL. (link)
The documentation should help.
If you're using a version of IDS prior to 11.50, then I'm afraid you'll have to use SSH tunneling.