I currently try to setup an ApacheDS instance to test SASL mechanisms.
Anyone out there that managed to get SASL in ApacheDS to work?
I am looking for a working setup instruction for ApacheDS 1.5.7 and a confirmation of that this works in practice...
1.5.7 has support for SASL but I would suggest you try the latest release of version 2.0 M2.
(1.5.7 is very old and we may not support you in case of some issues)
Well I made a test Spring App in order to do authentication of users.. I am not sure if this is what you want, but I will post the solution anyway. (this post is a little bit late.. but)
Like I said I used spring, spring security and apacheDS.
spring-security.xml
<!-- This is where we configure Spring-Security -->
<security:http auto-config="true" use-expressions="true" access-denied-page="/app/denied" >
<security:intercept-url pattern="/app/login" access="permitAll"/>
<security:intercept-url pattern="/app/admin" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/app/common" access="hasRole('ROLE_USER')"/>
<security:form-login
login-page="/app/login"
authentication-failure-url="/app/login?error=true"
default-target-url="/app/common"/>
<security:logout
invalidate-session="true"
logout-success-url="/app/login"
logout-url="/app/logout"/>
</security:http>
<security:authentication-manager>
<security:ldap-authentication-provider
user-search-filter="(uid={0})"
user-search-base="ou=users"
group-search-filter="(uniqueMember={0})"
group-search-base="ou=groups"
group-role-attribute="cn"
role-prefix="ROLE_">
</security:ldap-authentication-provider>
</security:authentication-manager>
<security:ldap-server url="ldap://localhost:10389/o=test" manager-dn="uid=admin,ou=system" manager-password="secret" />
</beans>
And this is the wep.xml
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>Getting Started with Spring</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
/WEB-INF/applicationContext.xml
<!-- /WEB-INF/spring-ldap.xml-->
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-mvc-context.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>Spring MVC Servlet</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
And In apache DS I made a simple structure of users and group of users (admin/user).
That is it! If you dont understand something in the code just let me know and I will try to help..
Related
I have 2 apps deployed to a tomcat server. One of them (app2) I want to be protected by tomcat.
Example of the resulting URLs:
localhost:8080/app1
localhost:8080/app2
i do not develop the apps itself, so i have no access to the application specific web.xml of the apps themselves.
So I'm using the "global" one in the /conf folder of tomcat. This is what I added:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" version="4.0">
<security-constraint>
<display-name>app2 Users</display-name>
<web-resource-collection>
<web-resource-name>app2 Content</web-resource-name>
<url-pattern>/app2/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>*</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>jsp</servlet-name>
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
<init-param>
<param-name>fork</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>xpoweredBy</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.jspx</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<!-- mime type mappings -->
</web-app>
IMHO this is all whats nessecary to protect app2, but i do not get a password promt, and app2 is accessible without basic auth. Here is the log:
15-Jul-2020 14:58:35.663 FINE [http-nio-8080-exec-1] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request GET /blabla2/
15-Jul-2020 14:58:35.664 FINE [http-nio-8080-exec-1] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[blabla Content]' against GET /index.jsp --> false
15-Jul-2020 14:58:35.664 FINE [http-nio-8080-exec-1] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[blabla Content]' against GET /index.jsp --> false
15-Jul-2020 14:58:35.664 FINE [http-nio-8080-exec-1] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[blabla Content]' against GET /index.jsp --> false
15-Jul-2020 14:58:35.664 FINE [http-nio-8080-exec-1] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[blabla Content]' against GET /index.jsp --> false
15-Jul-2020 14:58:35.665 FINE [http-nio-8080-exec-1] org.apache.catalina.realm.RealmBase.findSecurityConstraints No applicable constraint located
when setting the url-pattern to /* everything works, but (as expected) app1 is protected to.
Whats wrong with my url-pattern?
The web.xml is only for server-wide configuration. You couldn't define settings that are related to just one deployment/context.
Since security-constraint work on deployment level, settings like url-pattern are related to the deployment web root.
Example:
<security-constraint>
<display-name>Authorized Only</display-name>
<web-resource-collection>
<web-resource-name>Authorized Only</web-resource-name>
<url-pattern>/hello</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
Would block /app1/hello and /app2/hello.
If you would like to add authorization to just one deployment, you have to set this setting inside the configuration of the deployment.
See https://stackoverflow.com/a/17948661/8087167 for an other example.
I have a hard time trying to configure the context-root for my web application consisting of two artifacts, a Web Archive and an EJB.jar (XYZ_war.war and XYZ_ejb.jar)
I can reach the application without any problems using
localhost/XYZ
(or on the remote server using www.domain.xy/XYZ)
but
with localhost
(or www.domain.xy)
the Glassfish default website from the docroot directory is displayed ('Your server is now runnning ...')
I do the deployment using the GlassFish Web Admin console.
All my searching here or elsewhere didn't help so far.
What am I missing?
Any help would be much appreciated.
Thanks!
glassfish-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish
Application Server 3.1 Servlet 3.0//EN"
"http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app>
<context-root>/XYZ</context-root>
</glassfish-web-app>
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="WebApp_ID" version="3.1">
<display-name>XYZ</display-name>
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>15</session-timeout>
</session-config>
</web-app>
domain.xml:
<network-listeners>
...
<network-listener protocol="http-listener-1" port="80" name="http-listener-1" thread-pool="http-thread-pool" transport="tcp">
...
</networklistener>
...
<applications>
<application context-root="/XYZ" object-type="user" name="XYZ_war" location="${com.sun.aas.instanceRootURI}/applications/XYZ_war/">
...
</application>
<application object-type="user" name="XYZ_ejb" location="${com.sun.aas.instanceRootURI}/applications/XYZ_ejb/">
...
</application>
</applications>
So if I understand correctly you are setting your context-root to /XYZ and you expect it to be /? How about setting it to /?
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish
Application Server 3.1 Servlet 3.0//EN"
"http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app>
<context-root>/</context-root>
</glassfish-web-app>
Have fun :)
How the Mule application can be directly convert into a war file, to deploy in Jboss application server, i tried and failed with creating the war file manually as mentioned here and gone through this too, but still didn't get a clear view on this part.Provide a assistance with example. Note: there is no Mule-config.xml file in my sample mule application program
In the pom.xml, ensure you have <packaging>war</packaging>
Create src/main/webapp/WEB-INF/web.xml using the template below, replacing YOUR_CONFIGS with a comma-separated list of Mule configurations and YOUR_PATH with the path you want for the Mule servlet,
Replace all your inbound HTTP endpoints with Servlet endpoints, like <servlet:inbound-endpoint path="/YOUR_ENDPOINT_PATH" />
And you should be good to go!
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<context-param>
<param-name>org.mule.config</param-name>
<param-value>YOUR_CONFIGS</param-value>
</context-param>
<listener>
<listener-class>org.mule.config.builders.MuleXmlBuilderContextListener</listener-class>
</listener>
<servlet>
<servlet-name>muleServlet</servlet-name>
<servlet-class>org.mule.transport.servlet.MuleReceiverServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>muleServlet</servlet-name>
<url-pattern>/YOUR_PATH/*</url-pattern>
</servlet-mapping>
</web-app>
EDIT I've open-sourced a running demo: https://github.com/ddossot/mule-webapp-example
Here you have the required steps:
http://www.mulesoft.org/documentation/display/current/Deploying+Mule+to+JBoss
This is my first attempt at using j_security check form authentication in a java web app. I am using Eclipse 3.6 and Apache Tomcat 6.0.28.
Problem description:
When I submit the login form with valid credentials, j_security check redirects me to the error page defined in error.html. When I submit with invalid credentials it also takes me to the error.html page. That is fine but for valid users, i expect to be taken to the protected resource after login.
login.html
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1">
<title>Login</title>
</head>
<body>
<form method=post action="j_security_check">
Username <input type="text" name="j_username"><br />
Password <input type="password" name= "j_password"><br />
<input type="submit" value="submit">
</form>
</body>
</html>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<welcome-file-list>
<welcome-file>/ui/index.xhtml</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/security/login.html</form-login-page>
<form-error-page>/security/error.html</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<display-name>URLsConstraintMechanism</display-name>
<web-resource-collection>
<web-resource-name>clientURL</web-resource-name>
<url-pattern>/ui/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>The Only Secure Role</description>
<role-name>tomcat</role-name>
</security-role>
</web-app>
tomcat-users.xml
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
I also do not see any errors in my IDE's console or in $CATALINA_HOME/logs folder
Please pardon any omissions as I am a newbie to this forum. I have searched through existing threads but none of suggestions has worked for me so far.
One thing to check is the tomcat-users.xml file, If you are running tomcat from eclipse, eclipse create a separate pair of server.xml and tomcat-users.xml, that differs from the default one in the tomcat installation directory. Try to find the right configuration parameters by checking the Server configuration path double-clicking on your tomcat server under the Servers Tab.
Also check the Realm in the server.xml, if you are using the tomcat-users.xml file for store users and passwords use the Memory Realm
<Realm className="org.apache.catalina.realm.MemoryRealm" />
I know this question is over a year old but have you tried restarting Tomcat after altering the tomcat-users.xml file? I ran into a similar issue and after I restarted Tomcat, it worked fine.
The file tomcat-users.xml is not automatically re-read by Tomcat and requires a Tomcat restart to re-read it.
I'm fighting with a Glassfish v3 and a very simple JAX-RS service (taken athttp://www.vogella.de/articles/REST/article.html
What I want to achieve is setup basic http authentication for all the resources. If wish when a user request http://localhost:8080/de.vogella.jersey.first/rest/hello, the browser popups an alert prompting for username+password.
I've decided to go for a JDBCRealm authentication. I use PostgreSQL 8.4 and the correct JDBC driver.
My problem is that the authentication doesn't seem to be active (the HTTP headers are very simple ones :
Request URL:http://localhost:8080/de.vogella.jersey.first/rest/hello
Request Method:GET
Status Code:200 OK
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:max-age=0
Connection:keep-alive
Cookie:JSESSIONID=ec48541dc7654806fcf022d79e66; treeForm:tree-hi=treeForm:tree:configuration:loggerSetting
Host:localhost:8080
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Response Headers
Content-Type:text/html
Date:Fri, 07 Oct 2011 14:26:26 GMT
Server:GlassFish Server Open Source Edition 3.0.1
Transfer-Encoding:chunked
X-Powered-By:Servlet/3.0
The authentication is setup but seems inactive. At that point, I need your skills for analyzing what I've done wrong.
What I've done so far :
1/ Deployed the JAX-RS service (this works ok, see previous URL)
2/ Created a database, created two tables :
CREATE TABLE groups
(
username character varying(16) NOT NULL,
id character varying(20) NOT NULL,
CONSTRAINT groups_pkey PRIMARY KEY (username, id),
CONSTRAINT fk_username FOREIGN KEY (username)
REFERENCES users (username) MATCH SIMPLE
ON UPDATE NO ACTION ON DELETE NO ACTION
);
CREATE TABLE users
(
username character varying(16) NOT NULL,
"password" character varying(32) NOT NULL,
CONSTRAINT users_pkey PRIMARY KEY (username)
);
and populated them as follow :
table "groups" -> "webuser";"employees"
table "users" -> "webuser";"webuser"
3/ In the Glassfish admin GUI,I added a Connect Pool called "postgres" as follow :
The additional properties are shown here :
4/ I then created a JDVC Resource called "postgres" as shown below :
5/ In the Glassfish admin GUI, I added a Security Realm, called "postgres", as shown below :
6/ I also set to "FINEST" the log level for javax.enterprise.system.core.security in the "Logger Settings".
After requesting the webservice from a browser, I get the following in the server.log file :
[#|2011-10-07T16:26:26.410+0200|FINE|glassfish3.0.1|javax.enterprise.system.core.security|_ThreadID=67;_ThreadName=Thread-1;ClassName=com.sun.enterprise.security.web.integration.WebSecurityManager;MethodName=setPolicyContext;|[Web-Security] Policy Context ID was: de.vogella.jersey.first/de_vogella_jersey_first|#]
[#|2011-10-07T16:26:26.412+0200|FINE|glassfish3.0.1|javax.enterprise.system.core.security.com.sun.enterprise.security|_ThreadID=67;_ThreadName=Thread-1;ClassName=com.sun.enterprise.security.SecurityContext;MethodName=setCurrentSecurityContext;|SecurityContext: setCurrentSecurityContext method called|#]
7/ Regarding the code, I didn't add any annotation, but I updated my web.xml as follow :
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>de.vogella.jersey.first</display-name>
<servlet>
<description>JAX-RS Tools Generated - Do not modify</description>
<servlet-name>JAX-RS Servlet</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>de.vogella.jersey.first</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>JAX-RS Servlet</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>customer creation</web-resource-name>
<url-pattern>/rest/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>webusers</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>postgres</realm-name>
</login-config>
<security-role>
<role-name>webusers</role-name>
</security-role>
</web-app>
And the sun-web.xml as follow :
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
<context-root>/de.vogella.jersey.first</context-root>
<security-role-mapping>
<role-name>webusers</role-name>
<group-name>webusers</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class java code.</description>
</property>
</jsp-config>
</sun-web-app>
What is wrong with this ? Did I forgot anything ?
Thank you for your time !
I found out that I had to disable the "Keep session between deployments". This option can be found in the server, by double-clicking on the deployment server and unchecking the box.