Following is my jedis pool configuration:
Excess of connections are created as the existing ones are not used. What is the purpose of pool if every function creates new connection.
Please let me know if anybody can provide solution to this.
`<bean id="jedisConfig" class="redis.clients.jedis.JedisPoolConfig">
<property name="testOnBorrow" value="true" />
<property name="testOnReturn" value="true" />
<property name="whenExhaustedAction" value="2" />
<property name="maxIdle" value="40" />
<property name="minIdle" value="30" />
<property name="softMinEvictableIdleTimeMillis" value="60000" />
<property name="timeBetweenEvictionRunsMillis" value="600000" />
</bean>
<bean id="jedisFactoryPrimary"
class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory">
<property name="poolConfig"><ref bean="jedisConfig"/></property>
<property name="hostName" value="${redis-db.hostname}"></property>
<property name="password" value="${redis-db.password}"></property>
<property name="port" value="${redis-db.port}"></property>
</bean>`
Related
Struggling to get ActiveMQ web console to use LDAP and authenticated against Active Directory.
No errors when starting MQ, username/password login box prompt appears but doesn't progress when inserting the correct credentials.
Version
5.15.6
login.config
amqLdapLoginModule {
org.eclipse.jetty.jaas.spi.LdapLoginModule required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
hostname="ad-server1.domain.com"
port="389"
bindDn="CN=readonly-user,OU=Accounts,DC=domain,DC=com"
bindPassword="readonly-user-password"
authenticationMethod="simple"
forceBindingLogin="false"
userBaseDn="CN=users,DC=domain,DC=com"
userRdnAttribute="uid"
userIdAttribute="uid"
userPasswordAttribute="userPassword"
userObjectClass="inetOrgPerson"
roleBaseDn="CN=groups,DC=domain,dc=com"
roleNameAttribute="cn"
roleMemberAttribute="uniqueMember"
roleObjectClass="groupOfUniqueNames";
};
jetty.xml
<bean id="ldapLoginService" class="org.eclipse.jetty.jaas.JAASLoginService">
<property name="name" value="LdapRealm" />
<property name="loginModuleName" value="amqLdapLoginModule" />
<property name="roleClassNames" value="org.eclipse.jetty.jaas.JAASRole" />
<property name="identityService" ref="identityService" />
</bean>
<bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>
<bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins-group" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="adminSecurityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins-group" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="securityHandlerLdap" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="loginService" ref="ldapLoginService" />
<property name="identityService" ref="identityService" />
<property name="realmName" value="LdapRealm" />
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
</property>
<property name="constraintMappings">
<list>
<ref bean="adminSecurityConstraintMapping" />
<ref bean="securityConstraintMapping" />
</list>
</property>
<property name="handler" ref="secHandlerCollection" />
</bean>
<bean id="contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection">
</bean>
Following the guide from http://bacedifo.blogspot.com/2013/06/securing-activemq-580-web-console-using.html and using the ldaptive ldap java library with some tweaks to the configs I managed to get this working for our AD environment.
Copied the ldaptive-{version number}.jar and jetty-jass-{version number}.jar to /activemq/lib directory.
login.conf
activemq {
org.ldaptive.jaas.LdapLoginModule required
debug=true
storePass="true"
ldapUrl="ldap://ldap-server1.domainname.com:389 ldap://ldap-server2.domainname.com:389"
connectionStrategy="ACTIVE_PASSIVE"
bindDn="CN=ldap-readaccount,OU=Read Accounts,DC=domainname,DC=com"
baseDn="OU=accounts,DC=domainname,DC=com"
bindCredential="ldapuser-password"
useStartTLS="false"
userFilter="(sAMAccountName={user})";
org.ldaptive.jaas.LdapRoleAuthorizationModule required
useFirstPass="true"
ldapUrl="ldap://ldap-server1.domainname.com:389 ldap://ldap-server2.domainname.com:389"
connectionStrategy="ACTIVE_PASSIVE"
bindDn="CN=ldap-readaccount,OU=Read Accounts,DC=domainname,DC=com"
baseDn="OU=groups,DC=domainname,DC=com"
bindCredential="ldapuser-password"
roleFilter="(&(cn=webconsoleadmins)(member={user}))"
useStartTLS="false"
defaultRole="admins"
roleAttribute="cn";
};
jetty.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="securityLoginService" class="org.eclipse.jetty.jaas.JAASLoginService">
<property name="name" value="LdapRealm" />
<property name="loginModuleName" value="activemq" />
<property name="roleClassNames" value="org.ldaptive.jaas.LdapRole" />
<property name="identityService" ref="identityService" />
</bean>
<bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>
<bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins,webconsoleadmins" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="adminSecurityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins,webconsoleadmins" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
...
<bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="loginService" ref="securityLoginService" />
<property name="identityService" ref="identityService" />
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
</property>
<property name="constraintMappings">
<list>
<ref bean="adminSecurityConstraintMapping" />
<ref bean="securityConstraintMapping" />
</list>
</property>
<property name="handler" ref="secHandlerCollection" />
</bean>
I am currently devloping a java web application based on activiti and i want to use ldap as an authentification system.
I Configured ldap as it its 's shown,but when i write this command in java System.out.println(processEngine.getIdentityService().createGroupQuery().list().size()); i got an error "This query is not supported by the LDAPGroupManager".So what can i do ?
Thank you in advance.
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">
<bean id="dataSource" class="org.springframework.jdbc.datasource.SimpleDriverDataSource">
<property name="driverClass" value="org.h2.Driver" />
<property name="url" value="jdbc:h2:mem:activiti;DB_CLOSE_DELAY=1000" />
<property name="username" value="sa" />
<property name="password" value="" />
</bean>
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<bean id="processEngineConfiguration" class="org.activiti.spring.SpringProcessEngineConfiguration">
<property name="dataSource" ref="dataSource" />
<property name="transactionManager" ref="transactionManager" />
<property name="databaseSchemaUpdate" value="true" />
<property name="jobExecutorActivate" value="false" />
<property name="configurators">
<list>
<bean class="org.activiti.ldap.LDAPConfigurator">
<!-- Server connection params -->
<property name="server" value="ldap://localhost" />
<property name="port" value="10389" />
<property name="user" value="uid=admin,ou=system" />
<property name="password" value="secret" />
<!-- Query params -->
<property name="baseDn" value="o=mojo" />
<property name="queryUserByUserId" value="(&(objectClass=inetOrgPerson)(uid={0}))" />
<property name="queryUserByFullNameLike" value="(&(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))" />
<property name="queryGroupsForUser" value="(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />
<!-- Attribute config -->
<property name="userIdAttribute" value="uid" />
<property name="userFirstNameAttribute" value="cn" />
<property name="userLastNameAttribute" value="sn" />
<property name="groupIdAttribute" value="cn" />
<property name="groupNameAttribute" value="cn" />
</bean>
</list>
</property>
</bean>
<bean id="processEngine" class="org.activiti.spring.ProcessEngineFactoryBean">
<property name="processEngineConfiguration" ref="processEngineConfiguration" />
</bean>
<bean id="repositoryService" factory-bean="processEngine" factory-method="getRepositoryService" />
<bean id="runtimeService" factory-bean="processEngine" factory-method="getRuntimeService" />
<bean id="taskService" factory-bean="processEngine" factory-method="getTaskService" />
<bean id="historyService" factory-bean="processEngine" factory-method="getHistoryService" />
<bean id="managementService" factory-bean="processEngine" factory-method="getManagementService" />
</beans>
we can't get all the ldap users with the bean this is not supported by the LDAPGroupManager
I work on integration IBM Domino with activiti.org workflow engine. I need to connect Activiti with Domino LDAP in order to retrive users and groups.
I already can log in with my Domino credentials but I'm not able to resolve user groups. My user is a member of ACTIVITI_ADMINS domino group but he doesn't see activiti-explorer administration menu (the one that default kermit user see). I've made the following modifications in Activiti xml config files. What should I add/rewrite in my config files in order to resolve user groups?
activiti-custom-context.xml
<bean id="processEngineConfiguration" class="org.activiti.spring.SpringProcessEngineConfiguration">
<!--...-->
<property name="configurators">
<list>
<bean class="org.activiti.ldap.LDAPConfigurator">
<!-- Server connection params -->
<property name="server" value="ldap://myDominoLdapServer" />
<property name="port" value="389" />
<property name="user" value="cn=User Ldap, ou=myUnit1, ou=myUnit2, o=myCompany" />
<property name="password" value="myPassword" />
<!-- Query params -->
<property name="baseDn" value="o=myCompany" />
<property name="queryUserByUserId" value="(&(objectClass=inetOrgPerson)(displayname={0}))" />
<property name="queryUserByFullNameLike" value="(&(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))" />
<property name="queryGroupsForUser" value="(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />
<!-- Attribute config -->
<property name="userIdAttribute" value="displayname" />
<property name="userFirstNameAttribute" value="GivenName" />
<property name="userLastNameAttribute" value="sn" />
<property name="userEmailAttribute" value="mail" />
<property name="groupIdAttribute" value="cn" />
<property name="groupNameAttribute" value="cn" />
</bean>
</list>
</property>
</bean>
activiti-ui-context.xml
<bean name="explorerApp" class="org.activiti.explorer.ExplorerApp" scope="session">
<property name="environment" value="${activiti.ui.environment}" />
<property name="useJavascriptDiagram" value="${activiti.ui.jsdiagram}" />
<property name="i18nManager" ref="i18nManager" />
<property name="viewManager" ref="viewManager" />
<property name="notificationManager" ref="notificationManager" />
<property name="attachmentRendererManager" ref="attachmentRendererManager" />
<property name="formPropertyRendererManager" ref="formPropertyRendererManager" />
<property name="variableRendererManager" ref="variableRendererManager" />
<property name="applicationMainWindow" ref="mainWindow" />
<property name="componentFactories" ref="componentFactories" />
<property name="workflowDefinitionConversionFactory" ref="workflowDefinitionConversionFactory" />
<property name="loginHandler" ref="activitiLoginHandler" />
<property name="simpleWorkflowJsonConverter" ref="simpleWorkflowJsonConverter" />
<property name="adminGroups">
<list>
<value>ACTIVITI_ADMINS</value>
</list>
</property>
<property name="userGroups">
<list>
<value>user</value>
</list>
</property>
</bean>
Your configuration looks right so the problem must have something to do with the LDAP query used to retrieved the groups for the user:
<property name="queryGroupsForUser" value="(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />
Is this query returning the ACTIVITI_ADMIN group?
Well, I've found that the baseDN entry was the reason of my problem. I set empty value and Activiti is resolving my group now. The activiti-custom-context.xml file contains the following code:
<bean id="processEngineConfiguration" class="org.activiti.spring.SpringProcessEngineConfiguration">
<!--...-->
<property name="configurators">
<list>
<bean class="org.activiti.ldap.LDAPConfigurator">
<!-- Server connection params -->
<property name="server" value="ldap://myDominoLdapServer" />
<property name="port" value="389" />
<property name="user" value="cn=User Ldap, ou=myUnit1, ou=myUnit2, o=myCompany" />
<property name="password" value="myPassword" />
<!-- Query params -->
<!--MY CHANGE START-->
<property name="baseDn" value="" />
<!--MY CHANGE END-->
<property name="queryUserByUserId" value="(&(objectClass=inetOrgPerson)(displayname={0}))" />
<property name="queryUserByFullNameLike" value="(&(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))" />
<property name="queryGroupsForUser" value="(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />
<!-- Attribute config -->
<property name="userIdAttribute" value="displayname" />
<property name="userFirstNameAttribute" value="GivenName" />
<property name="userLastNameAttribute" value="sn" />
<property name="userEmailAttribute" value="mail" />
<property name="groupIdAttribute" value="cn" />
<property name="groupNameAttribute" value="cn" />
</bean>
</list>
</property>
</bean>
I've managed to configure connection to LDAP under activiti-standalone-context.xml
<property name="configurators">
<list>
<bean class="org.activiti.ldap.LDAPConfigurator">
<!-- Server connection params -->
<property name="server" value="ldap://10.0.1.35" />
<property name="port" value="389" />
<property name="user" value="CN=Activiti,CN=Users,DC=DOMAIN,DC=COM" />
<property name="password" value="pass" />
<!-- Query params -->
<property name="baseDn" value="DC=DOMAIN,DC=COM" />
<property name="queryUserByUserId" value="(&(objectclass=user)( sAMAccountName ={0})" />
<property name="queryUserByFullNameLike" value="(&(objectclass=user) (|({0}=*{1}*)({2}=*{3}*)))" />
<property name="queryGroupsForUser" value="(&(objectclass=group) (uniqueMember={0}))" />
<!-- Attribute config -->
<property name="userIdAttribute" value="sAMAccountName" />
<property name="userFirstNameAttribute" value="cn" />
<property name="userLastNameAttribute" value="sn" />
<property name="groupIdAttribute" value="cn" />
<property name="groupNameAttribute" value="cn" />
</bean>
</list>
</property>
Under ui-context
<list>
<value>admin</value>
</list>
</property>
<property name="userGroups">
<list>
<value>user</value>
</list>
However when trying to login using domain user: invalid user or password
In logs there are no errors,
Thanks
Check log
if it relevant to this property.
< property name="baseDn" value="DC=DOMAIN,DC=COM" / >
if true - check the value of baseDn by add more information such as:
< property name="baseDn" value="ou=your_own_ou,dc=domain,dc=com" / >
remember that CAP Chars are used here.
We have several services auntentican with an LDAP server, we put JASIG as the main entrance, we deploy JASIG on Jboss7 and works well over SSL, however our LDAP server over TLS works. My problem is that over TLS for any authenticated user runs any user password, right or wrong.
I do not know why the login username is sensitive and not sensitive to the password, pass any password.
Thank you.
Show parts interesting parts of my DeployConfigContex.xml file.
This is our AuthenticationManager:
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<property name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
</property>
<property name="filter" value="(cn=%u)" />
<property name="principalAttributeName" value="cn" />
<property name="searchBase" value="ou=ServiciosCentrales,ou=Usuarios,dc=educacion,dc=es" />
<property name="contextSource" ref="contextSource" />
<property name="attributeRepository">
<ref bean="attributeRepository" />
</property>
</bean>
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="cn=%u" />
<property name="searchBase" value="ou=ServiciosCentrales,ou=Usuarios,dc=educacion,dc=es" />
<property name="contextSource" ref="contextSource" />
<property name="ignorePartialResultException" value="yes" />
</bean>
</list>
</property>
</bean>
this es our contexsource:
<property name="pooled" value="false" />
<property name="userDn" value="cn=secret,dc=educacion,dc=es"/>
<property name="password" value="secret"/>
<property name="url" value="ldap://192.168.0.100:389"/>
<qualifier value="secured"/>
<property name="authenticationStrategy">
<bean class="org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy">
<property name="sslSocketFactory">
<bean class="com.cein.educa.ldap.LDAPSocketFactory" />
</property>
<property name="hostnameVerifier">
<bean class="com.cein.educa.ldap.LDAPHostNameVerifier" />
</property>
<property name="shutdownTlsGracefully" value="true" />
</bean>
</property>
<property name="baseEnvironmentProperties">
<map>
<entry key="java.naming.security.authentication" value="simple" />
</map>
</property>
</bean>