I am trying to make Spring Security 3.05 to work with a modified UserDetailsContextMapper so that i can get a few more info out of LDAP they way i need to, a task that seems fairly straightforward, but had no success.
I have configured Spring Security to use LDAP authentication with the following beans:
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldaps://192.168.1.102:636" />
<property name="userDn" value="manager" />
<property name="password" value="password" />
</bean>
<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userSearch">
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="" />
<constructor-arg index="1" value="(mail={0})" />
<constructor-arg index="2" ref="contextSource" />
</bean>
</property>
</bean>
</constructor-arg>
<property name="userDetailsContextMapper" ref="myContextMapper" />
</bean>
However even though i have defined myContextMapper as:
<bean id="myContextMapper" class="com.mypackage.MyLDAPUserDetailsMapper">
<property name="rolePrefix" value="TEST_PREFIX" />
</bean>
it does not work. meaning that the custom mapper is ignored (i get no debug output whatsoever).
p.s. applicationContext-security.xml can be seen below and apart from the custom UserDetailsMapper that's been ignored, authentication and role assignment is working fine.
<authentication-manager>
<ldap-authentication-provider server-ref="contextSource"/>
</authentication-manager>
You don't need to configure the in-built UserDetailsContextMapper classes. Spring Security automatically picks up the correct UserDetailsContextMapper based on the type of LdapUserDetails class requested, which is configured by user-details-class attribute of ldap-authentication-provider. If you are using your own context mapper then configure it using the attribute user-context-mapper-ref.
Related
I'm trying to use ActiveDirectory to authenticate to JasperServer , that still not working for some reason :
here is my configuration :
1. STEP 1 : access params to the AD Server :
<bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
<constructor-arg value="ldap://192.10.0.190:389/dc=sifast,dc=infra"/>
<!-- manager user name and password (may not be needed) -->
<property name="userDn" value="CN=recherche,CN=Users,DC=sifast,DC=infra"/>
<property name="password" value="*******"/>
<property name="referral">
<value>follow</value>
</property>
</bean>
2.STEP 2: configuration of the access within "userDnPatterns" :
here i wanna access with the login already entered
<bean id="ldapAuthenticationProvider" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider">
<constructor-arg>
<bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSBindAuthenticator">
<constructor-arg><ref local="ldapContextSource"/></constructor-arg>
<property name="userDnPatterns">
<list>
<value>CN={0},CN=Users,DC=sifast,DC=infra</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSDefaultLdapAuthoritiesPopulator">
<constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg>
</bean>
so here i'm setting it within that : CN={0},CN=Users,DC=sifast,DC=infra
3. STEP 3 : configuring the userSearch method:
<bean id="userSearch"
class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSFilterBasedLdapUserSearch">
<constructor-arg index="0">
<value></value>
</constructor-arg>
<constructor-arg index="1">
<value>(sAMAccountName={0})</value>
</constructor-arg>
<constructor-arg index="2">
<ref local="ldapContextSource" />
</constructor-arg>
<property name="searchSubtree">
<value>true</value>
</property>
</bean>
here i'm using the login "({0})" entered to look for the similar sAMAccountName of the right user.
that still not working.
my AD Schema looks like this:
so i wanna let simple users inside CN=USERS acquire access
Actually my authentication is still failing. Any ideas?
In your step 2 spring configuration file JSBindAuthenticator missing the following property reference:
<property name="userSearch" ref="userSearch"/>
I'm trying to create a read only user in activeMQ console, I found this and this too. the second post from stackoverflow is not helpful because it deployed the web console to an external server. The second page from pivotal looks promising and I tried with activeMQ version 5.14.1 but it didn't work too. activeMQ didn't even start whenever I try accessing the console with the user/password specified for read only user I get !role error.
Any ideas?
Thanks in advance!
found the answer in here I had to change class="org.eclipse.jetty.http.security.Constraint" to class="org.eclipse.jetty.util.security.Constraint" in step number 1
Links to Pivotal are dead. For those who want a simple solution you can change these lines from jetty.xml :
<bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="securityConstraint" />
<property name="pathSpec" value="/api/*,/admin/*,*.jsp" />
</bean>
<bean id="adminSecurityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="adminSecurityConstraint" />
<property name="pathSpec" value="*.action" />
</bean>
to
<bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="securityConstraint" />
<property name="pathSpec" value="/api/*,*.jsp,*.html,*.png,*.css,/admin/js/*" />
</bean>
<bean id="adminSecurityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="adminSecurityConstraint" />
<property name="pathSpec" value="*.action" />
</bean>
I am using fuse 6.0 and activemq 5.8. Instead of defining activemq poolable connection factory in each bundle, it makes sense to define in a common bundle and expose it as osgi service. I created blue print file in FUSE_HOME/etc and opened an osgi service like this.
<osgix:cm-properties id="prop" persistent-id="xxx.xxx.xxx.properties" />
<bean id="jmsConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory">
<property name="brokerURL" value="${xxx.url}" />
<property name="userName" value="${xxx.username}" />
<property name="password" value="${xxx.password}" />
</bean>
<bean id="pooledConnectionFactory" class="org.apache.activemq.pool.PooledConnectionFactory" init-method="start" destroy-method="stop">
<property name="maxConnections" value="${maxconnections}" />
<property name="connectionFactory" ref="jmsConnectionFactory" />
</bean>
<service ref="pooledConnectionFactory" interface="javax.jms.ConnectionFactory">
<service-properties>
<entry key="name" value="localhost"/>
</service-properties>
</service>
and when i try to access this service in both blueprint files and spring text files like this
<reference id="pooledConnectionFactory" interface="javax.jms.ConnectionFactory"/>
bean id="jmsConfig" class="org.apache.camel.component.jms.JmsConfiguration">
<property name="connectionFactory" ref="pooledConnectionFactory"/>
<property name="concurrentConsumers" value="${xxx.concurrentConsumers}"/>
</bean>
<bean id="activemq" class="org.apache.activemq.camel.component.ActiveMQComponent">
<property name="configuration" ref="jmsConfig"/>
</bean>
but I am getting following expection during bundles startup.
Failed to add Connection ID:PLNL6237-55293-1401929434025-11:1201, reason: java.lang.SecurityException: User name [null] or password is invalid.
I even defined compendium definition in my bundles.
How can i solve this problem? any help is appreciated.
I found this online https://issues.apache.org/jira/i#browse/SM-2183
Do i need to upgrade?
It looks to me like you're using the property placeholders incorrectly. First of all, you should know what osgix:cm-properties only exposes the properties at the persistent id that you specify. You can treat it like a java.util.Properties object, and even inject it into a bean as one. This does however mean that it makes no attempt to resolve the properties.
To resolve properties, use spring's property placeholder configurer.
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="properties" ref="prop"/>
</bean>
P.S. The persistent id of cm-properties is the name of the file, not including the file type. You don't need the .properties at the end.
I deployed my CAS server with OAuth protocol support
I've added this code to my deployerConfigContext.xml
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="1"/>
<property name="name" value="the_key"/>
<property name="description" value="the_secret"/>
<property name="theme" value="my great webapp for OAuth"/>
<property name="serviceId" value="http://localhost:8080/cas/login"/>
<property name="evaluationOrder" value="10000001"/>
<property name="allowedAttributes">
<list>
<!-- facebook -->
<value>the_key</value>
<value>the_secret</value>
</list>
</property>
</bean>
and
<bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.DefaultTicketRegistry">
<constructor-arg index="0" value="1000"/>
<constructor-arg index="1" value="1"/>
<constructor-arg index="2" value="16"/>
</bean>
to define my ticketRegistry
So my OAuth client secret code key is the_secret and the_key
but when I load this URL http://localhost:8080/cas/oauth2.0/accessToken?client_secret=the_secret&grant_type=refresh_token&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcas%2Flogin&code=0&client_id=the_key to test my OAuth protocol, I've got this exception
<Code Expired 0>
Why and how could I fix it?
You need to define two CAS services :
one for internal mechanism of OAuth server support (with CASservice.serviceId = http://localhost:8080/cas/oauth2.0/callbackAuthorize)
one for the each client OAuth application you want to authorize (with oauthclient.key = CASservice.name, oauthclient.secret = CASservice.description, oauthclient.redirect_uri should start with CASservice.serviceId).
The documentation : https://wiki.jasig.org/display/CASUM/OAuth+server+support, part 3...
I want to add SSL security in the Database layer. I am using Struts2.1.6, Spring 2.5, JBOSS 5.0 and Informix 11.5. Any idea how to do this?
I have researched through a lot on the internet but could not find any solution.
Please suggest!
Here is my datasource and entity manager beans which is working perfect without SSL:
<bean id="entityManagerFactory"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="jpaVendorAdapter">
<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
<property name="database" value="INFORMIX" />
<property name="showSql" value="true" />
</bean>
</property>
</bean>
<bean id="dataSource"
class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="com.informix.jdbc.IfxDriver" />
<property name="url"
value="jdbc:informix-sqli://SERVER_NAME:9088/DB_NAME:INFORMIXSERVER=SERVER_NAME;DELIMIDENT=y;" />
<property name="username" value="username" />
<property name="password" value="password" />
<property name="minIdle" value="2" />
</bean>
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean" lazy-init="false">
<property name="targetObject" ref="dataSource" />
<property name="targetMethod" value="addConnectionProperty" />
<property name="arguments">
<list>
<value>characterEncoding</value>
<value>UTF-8</value>
</list>
</property>
</bean>
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate" scope="prototype">
<property name="dataSource" ref="dataSource" />
</bean>
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory" />
</bean>
<tx:annotation-driven transaction-manager="transactionManager" />
Thankyou very much for your suggestion. So basically I need to set something like this in my applicationContext.xml, Please correct me if I am wrong:
<property name="username" value="username" />
<property name="password" value="password" />
**<property name="sslConnection" value="true" />**
<property name="minIdle" value="2" />
But how do I set the SSL certificate in java runtime. The link which you have provided is good but for some reason I am not able to follow. Please put your suggestion.
Using SSL for the communication between an application and a database is something that has to be supported by the database server (and the JDBC driver).
According to the documentation, this is supported by Informix Dynamic Server (IDS) since version 11.50.
You can use SSL support in your Java applications if you use IBM Data Server Driver for JDBC and SQLJ type 4 connectivity to DB2® for z/OS® Version 9 or later, to DB2 Database for Linux®, UNIX®, and Windows® Version 9.1, Fix Pack 2 or later, or to IBM Informix® Dynamic Server (IDS) Version 11.50 or later.
(...)
To use SSL connections, you need to:
Configure connections to the data source to use SSL. (link)
Configure your Java Runtime Environment to use SSL. (link)
The documentation should help.
If you're using a version of IDS prior to 11.50, then I'm afraid you'll have to use SSH tunneling.