How do I alter CAS configuration to use (email,password) authentication for users in liferay rather than the default email verification used by CAS server?
**2012-02-23 07:35:22,659 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 4 services.>
2012-02-23 07:35:22,815 ERROR [org.springframework.web.context.ContextLoader] - <Context initialization failed>
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'centralAuthenticationService' defined in ServletContext resource [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot create inner bean 'org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler#f3941' of type [org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler] while setting bean property 'authenticationHandlers' with key [1]; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler] for bean with name 'org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler#f3941' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested exception is java.lang.ClassNotFoundException: org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:580)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
at org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized_aroundBody0(SafeContextLoaderListener.java:62)
at org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized_aroundBody1$advice(SafeContextLoaderListener.java:44)
at org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized(SafeContextLoaderListener.java:1)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4135)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4630)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
at org.apache.catalina.core.StandardService.start(StandardService.java:519)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot create inner bean 'org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler#f3941' of type [org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler] while setting bean property 'authenticationHandlers' with key [1]; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler] for bean with name 'org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler#f3941' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested exception is java.lang.ClassNotFoundException: org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:281)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:120)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:153)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
... 42 more
Caused by: org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler] for bean with name 'org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler#f3941' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested exception is java.lang.ClassNotFoundException: org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler
at org.springframework.beans.factory.support.AbstractBeanFactory.resolveBeanClass(AbstractBeanFactory.java:1250)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:433)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:270)
... 54 more
Caused by: java.lang.ClassNotFoundException: org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1645)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1491)
at org.springframework.util.ClassUtils.forName(ClassUtils.java:257)
at org.springframework.beans.factory.support.AbstractBeanDefinition.resolveBeanClass(AbstractBeanDefinition.java:408)
at org.springframework.beans.factory.support.AbstractBeanFactory.doResolveBeanClass(AbstractBeanFactory.java:1271)
at org.springframework.beans.factory.support.AbstractBeanFactory.resolveBeanClass(AbstractBeanFactory.java:1242)
... 56 more**
To use Liferay user table with email and password fields, you should change the following fragment of the CAS deployerConfigContext.xml:
<property name="authenticationHandlers">
<list>
<!-- | This is the authentication handler that authenticates services by
means of callback via SSL, thereby validating | a server side SSL certificate. + -->
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient"></bean>
<bean class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler">
<property name="tableUsers">
<value>User_</value>
</property>
<property name="fieldUser">
<value>emailAddress</value>
</property>
<property name="fieldPassword">
<value>password_</value>
</property>
<property name="passwordEncoder">
<bean class="com.ccm.ci.cas.authentication.handler.LiferayPasswordEncoder">
<!-- Default Liferay Password Encryption is SHA algorithm. If someone changes it in liferay it have to been changed here-->
<constructor-arg name="encodingAlgorithm" value="SHA"></constructor-arg>
</bean>
</property>
<property name="dataSource" ref="dataSource"></property>
</bean>
</list>
</property>
AND
customize CAS with the following class to decode Liferay 6 encoded password (see the password encoder property in the above fragment).
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Random;
import javax.validation.constraints.NotNull;
import org.jasig.cas.authentication.handler.PasswordEncoder;
import org.vps.crypt.Crypt;
/**
* To authenticate cas over Liferay 6.0.5 database using liferay 6.0.5 hashing
* algorithms.
*
*/
public class LiferayPasswordEncoder implements PasswordEncoder {
public static final String UTF8 = "UTF-8";
public static final String TYPE_CRYPT = "CRYPT";
public static final String TYPE_MD2 = "MD2";
public static final String TYPE_MD5 = "MD5";
public static final String TYPE_NONE = "NONE";
public static final String TYPE_SHA = "SHA";
public static final String TYPE_SHA_256 = "SHA-256";
public static final String TYPE_SHA_384 = "SHA-384";
public static final String TYPE_SSHA = "SSHA";
public static final DigesterImpl digesterImpl = new DigesterImpl();
#NotNull
private static String PASSWORDS_ENCRYPTION_ALGORITHM = TYPE_SHA;
public LiferayPasswordEncoder() {
}
public LiferayPasswordEncoder(final String encodingAlgorithm) {
PASSWORDS_ENCRYPTION_ALGORITHM = encodingAlgorithm;
}
public static final char[] saltChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"
.toCharArray();
public static String encrypt(String clearTextPassword) {
return encrypt(PASSWORDS_ENCRYPTION_ALGORITHM, clearTextPassword, null);
}
public static String encrypt(String clearTextPassword,
String currentEncryptedPassword) {
return encrypt(PASSWORDS_ENCRYPTION_ALGORITHM, clearTextPassword,
currentEncryptedPassword);
}
public static String encrypt(String algorithm, String clearTextPassword,
String currentEncryptedPassword) {
if (algorithm.equals(TYPE_CRYPT)) {
byte[] saltBytes = _getSaltFromCrypt(currentEncryptedPassword);
return encodePassword(algorithm, clearTextPassword, saltBytes);
} else if (algorithm.equals(TYPE_NONE)) {
return clearTextPassword;
} else if (algorithm.equals(TYPE_SSHA)) {
byte[] saltBytes = _getSaltFromSSHA(currentEncryptedPassword);
return encodePassword(algorithm, clearTextPassword, saltBytes);
} else {
return encodePassword(algorithm, clearTextPassword, null);
}
}
protected static String encodePassword(String algorithm,
String clearTextPassword, byte[] saltBytes) {
try {
if (algorithm.equals(TYPE_CRYPT)) {
return Crypt.crypt(saltBytes, clearTextPassword.getBytes(UTF8));
} else if (algorithm.equals(TYPE_SSHA)) {
byte[] clearTextPasswordBytes = clearTextPassword
.getBytes(UTF8);
// Create a byte array of salt bytes appeneded to password bytes
byte[] pwdPlusSalt = new byte[clearTextPasswordBytes.length
+ saltBytes.length];
System.arraycopy(clearTextPasswordBytes, 0, pwdPlusSalt, 0,
clearTextPasswordBytes.length);
System.arraycopy(saltBytes, 0, pwdPlusSalt,
clearTextPasswordBytes.length, saltBytes.length);
// Digest byte array
MessageDigest sha1Digest = MessageDigest.getInstance("SHA-1");
byte[] pwdPlusSaltHash = sha1Digest.digest(pwdPlusSalt);
// Appends salt bytes to the SHA-1 digest.
byte[] digestPlusSalt = new byte[pwdPlusSaltHash.length
+ saltBytes.length];
System.arraycopy(pwdPlusSaltHash, 0, digestPlusSalt, 0,
pwdPlusSaltHash.length);
System.arraycopy(saltBytes, 0, digestPlusSalt,
pwdPlusSaltHash.length, saltBytes.length);
// Base64 encode and format string
return Base64.encode(digestPlusSalt);
} else {
return digesterImpl.digest(algorithm, clearTextPassword);
}
} catch (NoSuchAlgorithmException nsae) {
throw new SecurityException("LiferayPasswordEncryption error:"
+ nsae.getMessage(), nsae);
} catch (UnsupportedEncodingException uee) {
throw new SecurityException("LiferayPasswordEncryption error:"
+ uee.getMessage(), uee);
}
}
private static byte[] _getSaltFromCrypt(String cryptString) {
byte[] saltBytes = null;
try {
if (Validator.isNull(cryptString)) {
// Generate random salt
Random random = new Random();
int numSaltChars = saltChars.length;
StringBuilder sb = new StringBuilder();
int x = random.nextInt(Integer.MAX_VALUE) % numSaltChars;
int y = random.nextInt(Integer.MAX_VALUE) % numSaltChars;
sb.append(saltChars[x]);
sb.append(saltChars[y]);
String salt = sb.toString();
saltBytes = salt.getBytes(Digester.ENCODING);
} else {
// Extract salt from encrypted password
String salt = cryptString.substring(0, 2);
saltBytes = salt.getBytes(Digester.ENCODING);
}
} catch (UnsupportedEncodingException uee) {
throw new SecurityException(
"Unable to extract salt from encrypted password: "
+ uee.getMessage(), uee);
}
return saltBytes;
}
private static byte[] _getSaltFromSSHA(String sshaString) {
byte[] saltBytes = new byte[8];
if (Validator.isNull(sshaString)) {
// Generate random salt
Random random = new SecureRandom();
random.nextBytes(saltBytes);
} else {
// Extract salt from encrypted password
try {
byte[] digestPlusSalt = Base64.decode(sshaString);
byte[] digestBytes = new byte[digestPlusSalt.length - 8];
System.arraycopy(digestPlusSalt, 0, digestBytes, 0,
digestBytes.length);
System.arraycopy(digestPlusSalt, digestBytes.length, saltBytes,
0, saltBytes.length);
} catch (Exception e) {
throw new SecurityException(
"Unable to extract salt from encrypted password: "
+ e.getMessage(), e);
}
}
return saltBytes;
}
public String encode(String pwd) {
return encrypt(pwd);
}
}
FINALLY add the following Liferay portal classes (you can found them in Liferay portal sources) to the customized CAS (they are used by the above LiferayPasswordEncoder):
Base64.java
CharPool.java
ClassLoaderObjectInputStream.java
Digester.java
DigesterImpl.java
StringBundler.java
StringPool.java
UnsyncByteArrayInputStream.java
UnsyncByteArrayOutputStream.java
Validator.java
EDIT: added complete deployerConfigContext.xml for the error and CAS version question:
I'm running CAS version 3.4.5, and you?
Here it is my complete deployerConfigContext.xml file. I think there is some error in your file introduced while adding the fragment above. In fact the missing bean is defined in that file. Please try to merge the following file with your (given the differences in database url, username and password, etc..):
<?xml version="1.0" encoding="UTF-8"?>
<!-- | deployerConfigContext.xml centralizes into one file some of the declarative
configuration that | all CAS deployers will need to modify. | | This file declares
some of the Spring-managed JavaBeans that make up a CAS deployment. | The beans declared
in this file are instantiated at context initialization time by the Spring | ContextLoaderListener
declared in web.xml. It finds this file because this | file is among those declared
in the context parameter "contextConfigLocation". | | By far the most common change
you will need to make in this file is to change the last bean | declaration to replace
the default SimpleTestUsernamePasswordAuthenticationHandler with | one implementing
your approach for authenticating usernames and passwords. + -->
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:sec="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<bean id="propertyPlaceholder" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="searchSystemEnvironment" value="true"></property>
</bean>
<!-- | This bean declares our AuthenticationManager. The CentralAuthenticationService
service bean | declared in applicationContext.xml picks up this AuthenticationManager
by reference to its id, | "authenticationManager". Most deployers will be able to
use the default AuthenticationManager | implementation and so do not need to change
the class of this bean. We include the whole | AuthenticationManager here in the
userConfigContext.xml so that you can see the things you will | need to change in
context. + -->
<bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<!-- | This is the List of CredentialToPrincipalResolvers that identify what
Principal is trying to authenticate. | The AuthenticationManagerImpl considers them
in order, finding a CredentialToPrincipalResolver which | supports the presented
credentials. | | AuthenticationManagerImpl uses these resolvers for two purposes.
First, it uses them to identify the Principal | attempting to authenticate to CAS
/login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver
| that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials,
you will need to replace | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver
that supports the credentials you are | using. | | Second, AuthenticationManagerImpl
uses these resolvers to identify a service requesting a proxy granting ticket. |
In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver
that serves this purpose. | You will need to change this list if you are identifying
services by something more or other than their callback URL. + -->
<property name="credentialsToPrincipalResolvers">
<list>
<!-- | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials
that we use for /login | by default and produces SimplePrincipal instances conveying
the username from the credentials. | | If you've changed your LoginFormAction to
use credentials other than UsernamePasswordCredentials then you will also | need
to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver
that supports the | Credentials you are using. + -->
<bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"></bean>
<!-- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials.
It supports the CAS 2.0 approach of | authenticating services by SSL callback, extracting
the callback URL from the Credentials and representing it as a | SimpleService identified
by that callback URL. | | If you are representing services by something more or other
than an HTTPS URL whereat they are able to | receive a proxy callback, you will need
to change this bean declaration (or add additional declarations). + -->
<bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"></bean>
</list>
</property>
<!-- | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials
might authenticate, | AuthenticationHandlers actually authenticate credentials. Here
we declare the AuthenticationHandlers that | authenticate the Principals that the
CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn |
until it finds one that both supports the Credentials presented and succeeds in authenticating.
+ -->
<property name="authenticationHandlers">
<list>
<!-- | This is the authentication handler that authenticates services by
means of callback via SSL, thereby validating | a server side SSL certificate. + -->
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient"></bean>
<bean class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler">
<property name="tableUsers">
<value>User_</value>
</property>
<property name="fieldUser">
<value>emailAddress</value>
</property>
<property name="fieldPassword">
<value>password_</value>
</property>
<property name="passwordEncoder">
<bean class="com.ccm.ci.cas.authentication.handler.LiferayPasswordEncoder">
<!-- Default Liferay Password Encryption is SHA algorithm. If someone changes it in liferay it have to been changed here-->
<constructor-arg name="encodingAlgorithm" value="SHA"></constructor-arg>
</bean>
</property>
<property name="dataSource" ref="dataSource"></property>
</bean>
</list>
</property>
</bean>
<!-- This bean defines the security roles for the Services Management application.
Simple deployments can use the in-memory version. More robust deployments will want
to use another option, such as the Jdbc version. The name of this should remain "userDetailsService"
in order for Spring Security to find it. -->
<!-- <sec:user name="##THIS SHOULD BE REPLACED##" password="notused" authorities="ROLE_ADMIN"
/> -->
<sec:user-service id="userDetailsService">
<sec:user name="##THIS SHOULD BE REPLACED##" password="notused" authorities="ROLE_ADMIN"></sec:user>
</sec:user-service>
<!-- Bean that defines the attributes that a service may return. This example uses
the Stub/Mock version. A real implementation may go against a database or LDAP server.
The id should remain "attributeRepository" though. -->
<bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao">
<property name="backingMap">
<map>
<entry key="uid" value="uid"></entry>
<entry key="eduPersonAffiliation" value="eduPersonAffiliation"></entry>
<entry key="groupMembership" value="groupMembership"></entry>
</map>
</property>
</bean>
<!-- Sample, in-memory data store for the ServiceRegistry. A real implementation
would probably want to replace this with the JPA-backed ServiceRegistry DAO The name
of this bean should remain "serviceRegistryDao". -->
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="0"></property>
<property name="name" value="HTTP"></property>
<property name="description" value="Only Allows HTTP Urls"></property>
<property name="serviceId" value="http://**"></property>
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="1"></property>
<property name="name" value="HTTPS"></property>
<property name="description" value="Only Allows HTTPS Urls"></property>
<property name="serviceId" value="https://**"></property>
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="2"></property>
<property name="name" value="IMAPS"></property>
<property name="description" value="Only Allows HTTPS Urls"></property>
<property name="serviceId" value="imaps://**"></property>
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="3"></property>
<property name="name" value="IMAP"></property>
<property name="description" value="Only Allows IMAP Urls"></property>
<property name="serviceId" value="imap://**"></property>
</bean>
</list>
</property>
</bean>
<!-- Data source definition -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName">
<value>com.mysql.jdbc.Driver</value>
</property>
<property name="url">
<value>jdbc:mysql://10.4.2.14:3306/lportal_${user.name}</value>
</property>
<property name="username">
<value>${user.name}</value>
</property>
<property name="password">
<value>${user.name}</value>
</property>
<property name="initialSize" value="1"></property>
<property name="maxIdle" value="5"></property>
<property name="maxActive" value="50"></property>
<property name="maxWait" value="10000"></property>
<property name="validationQuery" value="select 1"></property>
<property name="testOnBorrow" value="false"></property>
<property name="testWhileIdle" value="true"></property>
<property name="timeBetweenEvictionRunsMillis" value="10000"></property>
<property name="minEvictableIdleTimeMillis" value="30000"></property>
<property name="numTestsPerEvictionRun" value="-1"></property>
</bean>
</beans>
Related
Sql Connection in Spring Servicemix camel
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="com.microsoft.sqlserver.jdbc.SQLServerDriver"/>
<property name="url" value="jdbc:sqlserver://localhost:1433/orderdb"/>
<property name="username" value="abc"/>
<property name="password" value="pqr"/>
</bean>
When I try to make connection using dataSource.getConnection()
Not allowing please help
*****Connection Code **********
public class DatabaseBeanH2 {
private DataSource dataSource;
private static final Logger LOGGER = LoggerFactory.getLogger(DatabaseBeanH2.class);
public DatabaseBeanH2(){}
public void setDataSource(DataSource dataSource) {
this.dataSource = dataSource;
}
public void create() throws SQLException{
Statement sta = dataSource.getConnection().createStatement();
try {
sta.executeUpdate("CREATE TABLE orders ( id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, item VARCHAR(50), amount INT, description VARCHAR(300), processed BOOLEAN, consumed BOOLEAN);");
} catch (SQLException e) {
LOGGER.info("Table orders already exists");
}
}
public void destroy() throws SQLException {
dataSource.getConnection().close();
}
}
You have to setting up your database using following code
<!-- this is the JDBC data source which uses an in-memory only Apache Derby database -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="org.apache.derby.jdbc.EmbeddedDriver"/>
<property name="url" value="jdbc:derby:memory:orders;create=true"/>
<property name="username" value=""/>
<property name="password" value=""/>
</bean>
<!-- bean which creates/destroys the database table for this example -->
<bean id="initDatabase" class="org.apache.camel.example.sql.DatabaseBean"
init-method="create" destroy-method="destroy">
<property name="dataSource" ref="dataSource"/>
</bean>
<!-- configure the Camel SQL component to use the JDBC data source -->
<bean id="sql" class="org.apache.camel.component.sql.SqlComponent">
<property name="dataSource" ref="dataSource"/>
</bean>
Please check this link http://camel.apache.org/sql-example.html
You have to inject the dataSource bean in your DatabaseBeanH2 in the camel/spring context, something like this:
<bean id="databaseBean" class="my.package.DatabaseBeanH2">
<property name="dataSource" ref="dataSource" />
</bean>
how do i proivde authentication data for spring data solr server?
Here is what i have in configuration
<solr:solr-server id="solrServer" url="http://xxxxxxxx:8983/solr" />
<bean id="solrTemplate" class="org.springframework.data.solr.core.SolrTemplate" scope="singleton">
<constructor-arg ref="solrServer" />
</bean>
<bean id="searchRepository" class="com.bankofamerica.atmtech.repository.SolrJournalRepository">
<property name="solrOperations" ref="solrTemplate" />
</bean>
<bean id="App" class="App">
<property name="repo" ref="searchRepository" />
</bean>
I don't see any property where i can set it.
You cannot set Credentials directly but have to go through the factory.
#Bean
SolrTemplate solrTemplate() {
return new SolrTemplate(solrServerFactory());
}
#Bean
SolrServerFactory solrServerFactory() {
Credentials credentials = new UsernamePasswordCredentials("foo", "bar");
return new HttpSolrServerFactory(solrServer(), "collection1", credentials , "BASIC");
}
#Bean
SolrServer solrServer() {
return new HttpSolrServer("http://localhost:8983/solr");
}
I guess some kind of SolrAuthenticationProvider picked up and applied if present in application context would make sense in this case.
I get an error "No Entity metadata found for the class" using Kundera a similiar
question is here,
No Entity metadata found for the class
but didn't find an answer (answer put META-INF into classes dir, didn't help me.
This is the error I get
3168 [main] WARN com.impetus.kundera.metadata.KunderaMetadataManager - No Entity metadata found for the class class kundega.rules.Rule. Any CRUD operation on this entity will fail.If your entity is for RDBMS, make sure you put fully qualified entity class name under <class></class> tag in persistence.xml for RDBMS persistence unit. Returning null value.
Exception in thread "main" com.impetus.kundera.KunderaException: java.lang.IllegalArgumentException: Entity object is invalid, operation failed. Please check previous log message for details
at com.impetus.kundera.persistence.EntityManagerImpl.persist(EntityManagerImpl.java:174)
at kundega.rules.AppMain.main(AppMain.java:27)
Caused by: java.lang.IllegalArgumentException: Entity object is invalid, operation failed. Please check previous log message for details
at com.impetus.kundera.graph.ObjectGraphBuilder.getNode(ObjectGraphBuilder.java:101)
at com.impetus.kundera.graph.ObjectGraphBuilder.getObjectGraph(ObjectGraphBuilder.java:75)
at com.impetus.kundera.persistence.PersistenceDelegator.persist(PersistenceDelegator.java:135)
at com.impetus.kundera.persistence.EntityManagerImpl.persist(EntityManagerImpl.java:168)
So here is my files.
Persistence.xml
<persistence xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence
http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd"
version="2.0">
<persistence-unit name="UNIT">
<provider>com.impetus.kundera.KunderaPersistence</provider>
<class>kundega.rules.Rule</class>
<properties>
<property name="kundera.client.lookup.class" value="com.impetus.client.rdbms.RDBMSClientFactory" />
<property name="hibernate.show_sql" value="true" />
<property name="hibernate.format_sql" value="true" />
<property name="hibernate.dialect" value="org.hibernate.dialect.MySQL5Dialect" />
<property name="hibernate.connection.driver_class" value="com.mysql.jdbc.Driver" />
<property name="hibernate.connection.url" value="jdbc:mysql://130.230.141.228:3306/fastory" />
<property name="hibernate.connection.username" value="root" />
<property name="hibernate.connection.password" value="mysql" />
</properties>
</persistence-unit>
</persistence>
Start of Entity class
#Entity
#Table(name="eplrules", schema="fastory")
public class Rule {
#Id
//#GeneratedValue (strategy=GenerationType.AUTO)
#Column (name ="rule_id")
private long ruleId;
#Column (name ="rule")
private String rule;
Main class
public static void main(String[] args) {
System.out.println("start");
BasicConfigurator.configure();
EntityManagerFactory emf = Persistence.createEntityManagerFactory("UNIT");
Rule r = new Rule();
r.setRuleId(103);
r.setRuleName("SomeRuleName");
r.setRule("SomeRule");
EntityManager em = emf.createEntityManager();
em.persist(r);
Query q = em.createQuery("select p from Rule p");
List<Rule> rules = q.getResultList();
em.close();
System.out.println(rules);
System.out.println("stop");
em.close();
emf.close();
}
When I got this I checked:
<class>package.name.DaoClass</class>
was defined in persistence.xml, this resolved the error. Also check
<property name="kundera.annotations.scan.package" value="package.name"/>
matches correctly to your package name.
"kundega.rules.Rule" package name is correct? Or is it "kundera.rules.Rule" ?
I have a Java EE web application which uses an LDAP authentication. I use Spring security to connect to my LDAP with the following code:
<bean id="ldapContextSource" class="com.myapp.security.authentication.MySecurityContextSource">
<constructor-arg index="0" value="${ldap.url}" />
<constructor-arg index="1" ref="userConnexion" />
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<bean id="userConnexion" class="com.myapp.util.security.WebsphereCredentials">
<constructor-arg value="${ldap.authJndiAlias}" />
</bean>
<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="ldapContextSource" />
<property name="userSearch" ref="userSearch" />
</bean>
</constructor-arg>
<constructor-arg>
<bean class="com.myapp.security.authentication.MyAuthoritiesPopulator" >
<property name="userService" ref="userService" />
</bean>
</constructor-arg>
<property name="userDetailsContextMapper" ref="myUserDetailsContextMapper"/>
<property name="hideUserNotFoundExceptions" value="false" />
</bean>
Actually, my bean WebsphereCredentials uses a WebSphere private class WSMappingCallbackHandlerFactory as in this response : How to access authentication alias from EJB deployed to Websphere 6.1
We can see it in the official websphere documentation: http://pic.dhe.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Frsec_pluginj2c.html
But I don't want it because:
I think my application can access all JAAS logins in my WebSphere instance (not sure).
This class is defined in the HUGE IBM client library com.ibm.ws.admin.client-7.0.0.jar (42 Mo) => compilation slower, not present in my enterprise nexus
It's not portable, not standard
For information, I define the WebsphereCredentials constructor as this:
Map<String, String> map = new HashMap<String, String>();
map.put(Constants.MAPPING_ALIAS, this.jndiAlias);
Subject subject;
try {
CallbackHandler callbackHandler = WSMappingCallbackHandlerFactory.getInstance().getCallbackHandler(map, null);
LoginContext lc = new LoginContext("DefaultPrincipalMapping", callbackHandler);
lc.login();
subject = lc.getSubject();
} catch (NotImplementedException e) {
throw new EfritTechnicalException(EfritTechnicalExceptionEnum.LOGIN_CREDENTIAL_PROBLEM, e);
} catch (LoginException e) {
throw new EfritTechnicalException(EfritTechnicalExceptionEnum.LOGIN_CREDENTIAL_PROBLEM, e);
}
PasswordCredential cred = (PasswordCredential) subject.getPrivateCredentials().toArray()[0];
this.user = cred.getUserName();
this.password = String.valueOf(cred.getPassword());
Is there a way to use just Spring security and remove this dependency?
I have no idea how to combine http://static.springsource.org/spring-security/site/docs/3.1.x/reference/jaas.html and http://static.springsource.org/spring-security/site/docs/3.1.x/reference/ldap.html.
Maybe I must totally change my approach and use another way?
I assume your goal is to simply utilize the username / password that you configure in WebSphere to connect to the LDAP directory? If this is the case, you are not really trying to combine LDAP and JAAS based authentication. The JAAS support is really intended to be a way of using JAAS LoginModules to authenticate a user instead of using the LDAP based authentication.
If you are wanting to obtain the username and password without having a compile time dependency on WebSphere, you have a few options.
Eliminating Compile Time and Runtime Dependencies on WAS
One option is to configure the password in a different way. This could be as simple as using the password directly directly in the configuration file as shown in the Spring Security LDAP documentation:
<bean id="ldapContextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://monkeymachine:389/dc=springframework,dc=org"/>
<property name="userDn" value="cn=manager,dc=springframework,dc=org"/>
<property name="password" value="password"/>
</bean>
You could also configure the username password in JNDI. Another alternative is to use a .properties file with the Property. If you are wanting to ensure the password is secured, then you will probably want to encrypt the password using something like Jasypt.
Eliminating Compile Time dependencies and still configuring with WAS
If you need or want to use WebSphere's J2C support for storing the credentials, then you can do by injecting the CallbackHandler instance. For example, your WebsphereCredentials bean could be something like this:
try {
LoginContext lc = new LoginContext("DefaultPrincipalMapping", this.callbackHandler);
lc.login();
subject = lc.getSubject();
} catch (NotImplementedException e) {
throw new EfritTechnicalException(EfritTechnicalExceptionEnum.LOGIN_CREDENTIAL_PROBLEM, e);
} catch (LoginException e) {
throw new EfritTechnicalException(EfritTechnicalExceptionEnum.LOGIN_CREDENTIAL_PROBLEM, e);
}
PasswordCredential cred = (PasswordCredential) subject.getPrivateCredentials().toArray()[0];
this.user = cred.getUserName();
this.password = String.valueOf(cred.getPassword());
Your configuration would then look something like this:
<bean id="userConnexion" class="com.myapp.util.security.WebsphereCredentials">
<constructor-arg ref="wasCallbackHandler"/>
</bean>
<bean id="wasCallbackHandler"
factory-bean="wasCallbackFactory"
factory-method="getCallbackHandler">
<constructor-arg>
<map>
<entry
value="${ldap.authJndiAlias}">
<key>
<util:constant static-field="com.ibm.wsspi.security.auth.callback.Constants.MAPPING_ALIAS"/>
</key>
</entry>
</map>
</constructor-arg>
<constructor-arg>
<null />
</constructor-arg>
</bean>
<bean id="wasCallbackFactory"
class="com.ibm.wsspi.security.auth.callback.WSMappingCallbackHandlerFactory"
factory-method="getInstance" />
Disclaimer
CallbackHandler instances are not Thread safe and generally should not be used more than once. Thus it can be a bit risky injecting CallbackHandler instances as member variables. You may want to program in a check to ensure that the CallbackHandler only used one time.
Hybrid Approach
You could do a hybrid approach that always removes the compile time dependency and allows you to remove the runtime dependency in instances where you might not be running on WebSphere. This could be done by combining the two suggestions and using Spring Bean Definition Profiles to differentiate between running on WebSphere and a non-WebSphere machine.
I have a problem with setting permission for existing node("Sites" folder). I have a group and I need to give her full control permission for "Sites" folder. I'm used the next xml for this
<cm:folder view:childName="cm:Sites">
<view:acl>
<view:ace view:access="ALLOWED">
<view:authority>GROUP_NOTEBOOK_PROJECT_CREATOR_GROUP</view:authority>
<view:permission>FullControl</view:permission>
</view:ace>
</view:acl>
<view:properties>
<cm:name>Sites</cm:name>
<sys:node-uuid>1e6f0610-a018-4966-ab37-c71e809dc6ed</sys:node-uuid>
</view:properties>
</cm:folder>
and next config context
<bean id="com.agilent.datastore.notebook.server.systemBootstrap" class="org.alfresco.repo.module.ImporterModuleComponent"
parent="module.baseComponent">
<property name="moduleId" value="${artifactId}" />
<property name="name" value="${name}" />
<property name="description" value="${description}" />
<property name="sinceVersion" value="${noSnapshotVersion}.${buildNumber}" />
<property name="appliesFromVersion" value="${noSnapshotVersion}.${buildNumber}" />
<!-- Uncomment next line if you want to execute bootstrap again -->
<!-- property name="executeOnceOnly" value="false" / -->
<property name="importer" ref="spacesBootstrap" />
<property name="bootstrapViews">
<list>
<props>
<prop key="uuidBinding">UPDATE_EXISTING</prop>
<prop key="path">/${spaces.company_home.childname}</prop>
<prop key="location">alfresco/extension/agilent/sites.acp</prop>
But when I'm bootstrap this folder I got exception Cannot insert duplicate key row in object 'dbo.alf_child_assoc' with unique index 'parent_node_id'.; nested exception is java.sql.SQLException: Cannot insert duplicate key row in object 'dbo.alf_child_assoc' with unique index 'parent_node_id'.
The best way to achieve what you want is to write a patch, that is a java class that extends the alfresco AbstractPatch.java class.
In the applyInternal method you first get hold of the sites-folder preferable with an xpath-search since this uses the nodeService in the background. Solr won't be available during the execution of this code since the patch is ran during bootstrap.
Declare you patch in a spring context file like this:
<bean id="patch.setPermissionsOnSitesFolderPatch" class="org.yourdomain.alfresco.patch.SetPermissionOnSitesFolderPatch" parent="basePatch">
<property name="id">
<value>patch.patch.setPermissionsOnSitesFolderPatch</value>
</property>
<property name="description">
<value>patch.setPermissionsOnSitesFolderPatch.description</value>
</property>
<property name="fixesFromSchema">
<value>0</value>
</property>
<property name="fixesToSchema">
<value>${version.schema}</value>
</property>
<property name="targetSchema">
<value>10000</value>
</property>
<property name="force" value="true" />
<property name="repository" ref="repositoryHelper"/>
</bean>
To complete the answer by #billerby you will also need a Java class to go along with that snippet. The Alfresco docs contain a good example. Using that this is what I came up with for my use-case:
Note I'm using Lombok, but that's just for convenience
public class UpdatePermissionsPatch extends AbstractPatch {
/**
* The Alfresco Service Registry that gives access to all public content services in Alfresco.
*/
#Setter private ServiceRegistry serviceRegistry;
/* Properties */
#Setter private String path;
#Setter private String authority;
#Setter private String permission;
#Setter private boolean allowed;
/** This will clear permissions for the specified authority if set to true */
#Setter private boolean clearPermissions;
private String getSuccessId() {
return getId() + ".result";
}
private String getErrorId() {
return getId() + ".error";
}
#Override
protected String applyInternal() throws Exception {
log.info("Starting execution of patch: {}", I18NUtil.getMessage(getId()));
// Get the store reference for the Repository store that contains live content
StoreRef store = StoreRef.STORE_REF_WORKSPACE_SPACESSTORE;
// Get root node for store
NodeRef rootRef = serviceRegistry.getNodeService().getRootNode(store);
// Do the patch work
setPermissions(getWipNodeRef(rootRef));
log.info("Finished execution of patch: {}", I18NUtil.getMessage(getId()));
return I18NUtil.getMessage(getSuccessId());
}
private void setPermissions(NodeRef nodeRef) {
PermissionService permsService = serviceRegistry.getPermissionService();
if (clearPermissions) {
permsService.clearPermission(nodeRef, authority);
}
permsService.setPermission(nodeRef, authority, permission, allowed);
}
private NodeRef getWipNodeRef(NodeRef rootNodeRef) {
NamespaceService nsService = serviceRegistry.getNamespaceService();
List<NodeRef> refs = searchService.selectNodes(rootNodeRef, path, null, nsService, false);
if (refs.size() != 1) {
throw new AlfrescoRuntimeException(I18NUtil.getMessage(getErrorId(),
String.format("Node could not be found, XPATH query %s returned %i nodes.", path, refs.size())
));
}
return refs.get(0);
}
}
And your bootstrap context xml will need to include something like this:
<bean
id="org.tutorial.folderUpdateWipPermissions"
class="org.tutorial.patch.UpdatePermissionsPatch"
parent="basePatch"
>
<property name="id" value="org.tutorial.bootstrap.patch.folderUpdateWipPermissions" />
<property name="description" value="org.tutorial.bootstrap.patch.folderUpdateWipPermissions.description" />
<property name="fixesFromSchema" value="0" />
<property name="fixesToSchema" value="${version.schema}" />
<property name="targetSchema" value="100003" />
<property name="serviceRegistry">
<ref bean="ServiceRegistry"/>
</property>
<property name="path" value="/${spaces.company_home.childname}/cm:Work_x0020_In_x0020_Progress" />
<property name="authority" value="GROUP_MyGroup" />
<property name="permission" value="Consumer" />
<property name="allowed" value="true" />
<property name="clearPermissions" value="true" />
</bean>