Jboss application-policy ignored in mutual/client-cert auth with PBESecurityDomain - ssl

With the following, mutual client cert, SSL (TLS) handshake works for a rest endpoint (yay!) - validated via testing and debugging: javax.net logging & wireshark. But...
1st observation: HTTPServletRequest and JAX-RS annotated SecurityContext has null Principal info
2nd observation: Tampering with the login-config.xml, containing application-policy elements, has no effect
In short, TLS works but the transfer of the cert DN to the HTTPServletRequest object in the request thread does not preventing the application from picking up on the caller's ID. Does anyone have any advice?
On JBoss 6:
deploy/jbossweb.sar/server.xml:
<Connector protocol="HTTP/1.1" debug="10"
SSLEnabled="true"
...
secure="true"
clientAuth="true"
sslProtocol = "TLS"
securityDomain="java:/jaas/mydomain"
SSLImplementation="org.jboss.net.ssl.JBossImplementation" />
deploy/jbossweb.sar/META-INF/jboss-beans.xml:
<depends>jboss.security:service=PBESecurityDomain</depends>
deploy/security-service.xml:
<?xml version="1.0" encoding="UTF-8"?>
<server>
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
name="jboss.security:service=PBESecurityDomain">
<constructor> <arg type="java.lang.String" value="mydomain"/>
</constructor>
<attribute name="KeyStoreURL">${jboss.server.home.dir}/mykeystore.jks</attribute>
<attribute name="KeyStorePass">{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/mykeystorepass.pbe</attribute>
<attribute name="TrustStoreURL">${jboss.server.home.dir}/mytruststore.jks</attribute>
<attribute name="TrustStorePass">password</attribute>
<attribute name="Salt">abunchofrandomchars</attribute>
<attribute name="IterationCount">13</attribute>
<depends>jboss.security:service=JaasSecurityManager</depends>
</mbean>
</server>
deploy/security/security-jboss-beans.xml:
<bean name="XMLLoginConfig" class="org.jboss.security.auth.login.XMLLoginConfig">
<property name="configResource">login-config.xml</property>
</bean>
<bean name="SecurityConfig" class="org.jboss.security.plugins.SecurityConfig">
<property name="mbeanServer"><inject bean="JMXKernel" property="mbeanServer"/></property>
<property name="defaultLoginConfig"><inject bean="XMLLoginConfig"/></property>
</bean>
conf/login-config.xml:
<application-policy name="mydomain">
<authentication>
<login-module code="org.jboss.security.auth.spi.BaseCertLoginModule"
flag = "required">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="securityDomain">java:/jaas/mydomain</module-option>
<module-option name="verifier">org.jboss.security.auth.certs.AnyCertVerifier</module-option>
<module-option name="principalClass">org.jboss.security.auth.certs.SubjectDNMapping</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.UserRolesLoginModu"
flag = "required">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="usersProperties">users.properties</module-option>
<module-option name="rolesProperties">roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
war/WEB-INF/jboss-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC
"-//JBoss//DTD Web Application 2.4//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
<jboss-web>
<security-domain>java:/jaas/mydomain</security-domain>
<context-root>/myapp</context-root>
</jboss-web>

Add the special ClientLoginModule to login-context.xml to fix the null principal issue.
<login-module code="org.jboss.security.ClientLoginModule" flag="required"></login-module>

Related

IHS not redirecting the request to WAS

So, I have installed WAS, and IHS.
I'm able to access the application directly from WAS. But IHS is trying to reply the request and its not using the plugin to reply the request.
I'm able to access the default IHS page, but not to the test application.
To create the IHS, I have done the standard stuff:
1- Install IHS and Plugin
2- Configure the plugin within the IHS
3- Create an unmanaged node on the DMGR
4- Create the webserver instance on the DMGR
I'm just trying to call a sample application called hello (for helloworld)
I see the request on the webservers logs, but they are not being redirected to the WAS.
This is the mention of the plugin on the httpd.conf:
LoadModule was_ap22_module /opt/ibm/plugin-ihs-85/test_webserver_instance1/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig /opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-cfg.xml
This is the plugin-cfg.xml:
<?xml version="1.0" encoding="ISO-8859-1"?><!--HTTP server plugin config file for the webserver test_Cell.test_webserver_01_unmanagedNode_1.test_webserver_instance1 generated on 20
17.06.25 at 07:37:51 PM CDT-->
<Config ASDisableNagle="false" AcceptAllContent="true" AppServerPortPreference="HostHeader" ChunkedResponse="false" FIPSEnable="false" FailoverToNext="false" HTTPMaxHeaders="
300" IISDisableFlushFlag="false" IISDisableNagle="false" IISPluginPriority="High" IgnoreDNSFailures="false" KillWebServerStartUpOnParseErr="false" MarkBusyDown="false" OS400C
onvertQueryStringToJobCCSID="false" RefreshInterval="60" ResponseChunkSize="64" SSLConsolidate="true" StrictSecurity="false" TrustedProxyEnable="false" VHostMatchingCompat="f
alse">
<Log LogLevel="Error" Name="/opt/ibm/plugin-ihs-85/test_webserver_instance1/logs/test_webserver_instance1/http_plugin.log"/>
<Property Name="ESIEnable" Value="true"/>
<Property Name="ESIMaxCacheSize" Value="1024"/>
<Property Name="ESIInvalidationMonitor" Value="false"/>
<Property Name="ESIEnableToPassCookies" Value="false"/>
<Property Name="ESICacheidFull" Value="false"/>
<Property Name="PostSizeLimit" Value="-1"/>
<Property Name="PostBufferSize" Value="0"/>
<Property Name="PluginInstallRoot" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/"/>
<Property Name="Keyfile" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.kdb"/>
<Property Name="Stashfile" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.sth"/>
<VirtualHostGroup Name="default_host">
<VirtualHost Name="*:9080"/>
<VirtualHost Name="*:80"/>
<VirtualHost Name="*:9443"/>
<VirtualHost Name="*:5060"/>
<VirtualHost Name="*:5061"/>
<VirtualHost Name="*:443"/>
<VirtualHost Name="*:9061"/>
<VirtualHost Name="*:9044"/>
<VirtualHost Name="*:9062"/>
<VirtualHost Name="*:9081"/>
<VirtualHost Name="*:9444"/>
<VirtualHost Name="*:9045"/>
</VirtualHostGroup>
<ServerCluster CloneSeparatorChange="false" GetDWLMTable="false" IgnoreAffinityRequests="false" LoadBalance="Round Robin" Name="test" PostBufferSize="0" PostSizeLimit="-1"
RemoveSpecialHeaders="true" RetryInterval="60" ServerIOTimeoutRetry="-1">
<Server CloneID="1bjgscrk8" ConnectTimeout="5" ExtendedHandshake="false" LoadBalanceWeight="2" MaxConnections="-1" Name="test_app_01_node_1_test1" ServerIOTimeout="900" W
aitForContinue="false">
<Transport Hostname="test_app_01" Port="9080" Protocol="http"/>
<Transport Hostname="test_app_01" Port="9443" Protocol="https">
<Property Name="keyring" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.kdb"/>
<Property Name="stashfile" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.sth"/>
</Transport>
</Server>
<Server CloneID="1bjgscsei" ConnectTimeout="5" ExtendedHandshake="false" LoadBalanceWeight="2" MaxConnections="-1" Name="test_app_01_node_1_test2" ServerIOTimeout="900" W
aitForContinue="false">
<Transport Hostname="test_app_01" Port="9081" Protocol="http"/>
<Transport Hostname="test_app_01" Port="9444" Protocol="https">
<Property Name="keyring" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.kdb"/>
<Property Name="stashfile" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.sth"/>
</Transport>
</Server>
<Server CloneID="1bjgscstv" ConnectTimeout="5" ExtendedHandshake="false" LoadBalanceWeight="2" MaxConnections="-1" Name="test_app_02_node_1_test3" ServerIOTimeout="900" W
aitForContinue="false">
<Transport Hostname="test_app_02" Port="9080" Protocol="http"/>
<Transport Hostname="test_app_02" Port="9443" Protocol="https">
<Property Name="keyring" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.kdb"/>
<Property Name="stashfile" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.sth"/>
</Transport>
</Server>
<Server CloneID="1bjgsctbv" ConnectTimeout="5" ExtendedHandshake="false" LoadBalanceWeight="2" MaxConnections="-1" Name="test_app_02_node_1_test4" ServerIOTimeout="900" W
aitForContinue="false">
<Transport Hostname="test_app_02" Port="9081" Protocol="http"/>
<Transport Hostname="test_app_02" Port="9444" Protocol="https">
<Property Name="keyring" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.kdb"/>
<Property Name="stashfile" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.sth"/>
</Transport>
</Server>
<PrimaryServers>
<Server Name="test_app_01_node_1_test1"/>
<Server Name="test_app_01_node_1_test2"/>
<Server Name="test_app_02_node_1_test3"/>
<Server Name="test_app_02_node_1_test4"/>
</PrimaryServers>
</ServerCluster>
<UriGroup Name="default_host_test_URIs">
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/hello/*"/>
</UriGroup>
<Route ServerCluster="test" UriGroup="default_host_test_URIs" VirtualHostGroup="default_host"/>
<RequestMetrics armEnabled="false" loggingEnabled="false" rmEnabled="false" traceLevel="HOPS">
<filters enable="false" type="URI">
<filterValues enable="false" value="/snoop"/>
<filterValues enable="false" value="/hitcount"/>
</filters>
<filters enable="false" type="SOURCE_IP">
<filterValues enable="false" value="255.255.255.255"/>
<filterValues enable="false" value="254.254.254.254"/>
</filters>
<filters enable="false" type="JMS">
<filterValues enable="false" value="destination=aaa"/>
</filters>
<filters enable="false" type="WEB_SERVICES">
<filterValues enable="false" value="wsdlPort=aaa:op=bbb:nameSpace=ccc"/>
</filters>
</RequestMetrics>
</Config>
Normally IHS is going to use port 80 to receive communication and rely to the application server.
The port 80 is in the default virtual host. So I added the listening port I'm using (1080) to the default virtual host.

Simple WSOESB Proxy doen't response

Very simple example. Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header/>
<soapenv:Body>
<T>
<m1>bysy</m1>
<m1>momo</m1>
<m1>gigi</m1>
</T>
</soapenv:Body>
</soapenv:Envelope>
I want to iterate and log every element in tag m1.
Proxy code:
<proxy xmlns="http://ws.apache.org/ns/synapse" name="Loopback" transports="https,http"
<target>
<inSequence>
<property name="OUT_ONLY" value="true" scope="axis2"/>
<iterate expression="//T/m1">
<target>
<sequence>
<property name="OUT_ONLY" value="true" scope="axis2"/>
<log level="custom">
<property name="M1" expression="//text()"/>
</log>
<drop/>
</sequence>
</target>
</iterate>
</inSequence>
</target>
</proxy>
It work as expected and logs all values. But WSO2ESB server doesn't close connection, until it falls with timeout. (I use SOAPUI for testing)
I tried to put properties OUT_ONLY RESPOND NO_KEEPALIVE in different part of proxy but it didn't help, as well I tried to use , with same result.
It looks like problem in iterate mediator which doesn't let to inSequence to terminate and send response to client. Once i remove it, proxy disconnect immediately with status code '202' message accepted.
This is because, by default, attribute "continueParent" is set to false with iterate mediator : change to <iterate continueParent="true" expression="//T/m1">
And you should explicitly send a 202 inside your inSequence, set this property : <property name="FORCE_SC_ACCEPTED" value="true" scope="axis2"/>

ActiveMQ as local JNDI tomcat ressource

i'm trying to set up ActiveMQ as Tomcat ressource with local JNDI. But when i add the config-file to the
Broker URI "brokerConfig=xbean:activemq.xml" the broker isn't starting up without any error message.
it just keeps telling me:
Mrz 30, 2012 10:23:19 AM org.springframework.jms.listener.DefaultMessageListenerContainer refreshConnectionUntilSuccessful
Warnung: Could not refresh JMS Connection for destination 'FOO.QUEUE' - retrying in 5000 ms. Cause: Could not create Transport. Reason: java.io.IOException: Could not load xbean factory:java.lang.NoClassDefFoundError: Could not initialize class org.apache.activemq.xbean.XBeanBrokerFactory
I used the default config from http://svn.apache.org/repos/asf/activemq/trunk/assembly/src/release/conf/activemq.xml and is placed in the root of my src folder.
i'm using "activemq-all_5.4.3.jar"
My web.xml in "WebContent\META-INF"
<resource-ref>
<description>JMS Connection</description>
<res-ref-name>jms/ConnectionFactory</res-ref-name>
<res-type>org.apache.activemq.ActiveMQConnectionFactory</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
<resource-ref>
<res-ref-name>jms/FooQueue</res-ref-name>
<res-type>javax.jms.Queue</res-type>
<res-auth>Container</res-auth>
</resource-ref>
My applicationContext.xml in "WebContent\WEB-INF"
<jee:jndi-lookup id="fooQueue"
jndi-name="java:comp/env/jms/FooQueue"
cache="true"
resource-ref="true"
lookup-on-startup="true"
expected-type="org.apache.activemq.command.ActiveMQQueue"
proxy-interface="javax.jms.Queue" />
<bean id="singleConnectionFactory"
class="org.springframework.jms.connection.SingleConnectionFactory"
p:targetConnectionFactory-ref="connectionFactory"/>
<bean id="jmsTemplate"
class="org.springframework.jms.core.JmsTemplate"
p:connectionFactory-ref="singleConnectionFactory"
p:defaultDestination-ref="fooQueue"/>
<bean id="messageSenderService"
class="by2.server.JmsMessageSenderService"
p:jmsTemplate-ref="jmsTemplate" />
<bean id="jmsMessageDelegate"
class="by2.server.JmsMessageDelegate" />
<bean id="myMessageListener"
class="org.springframework.jms.listener.adapter.MessageListenerAdapter"
p:delegate-ref="jmsMessageDelegate"
p:defaultListenerMethod="handleMessage">
</bean>
<jms:listener-container
container-type="default"
connection-factory="singleConnectionFactory"
acknowledge="auto">
<jms:listener destination="FOO.QUEUE" ref="myMessageListener" />
</jms:listener-container>
My context.xml in "WebContent\META-INF"
<Context reloadable="true">
<Resource auth="Container" name="jms/ConnectionFactory"
type="org.apache.activemq.ActiveMQConnectionFactory" description="JMS Connection Factory"
factory="org.apache.activemq.jndi.JNDIReferenceFactory" brokerURL="vm://localhost?brokerConfig=xbean:activemq.xml"
brokerName="FooBroker" />
<Resource auth="Container" name="jms/FooQueue"
type="org.apache.activemq.command.ActiveMQQueue" description="JMS queue"
factory="org.apache.activemq.jndi.JNDIReferenceFactory" physicalName="FOO.QUEUE" />
</Context>
For me it looks like a classpath error.
Did you have the xbean-spring-x.x.jar in your class path?
If not copy this file also from activemq distribution and put it in your app server classpath.

How to populate LDAP authorities from Active Directory LDAP using Spring security?

We are using spring security to authenticate users from LDAP in our application. The authentication part is working properly but the authorization part is not working.
We are not able to retrieve the roles of the user from the LDAP.
From the book "Spring Security 3" by Peter Mularien
"This is because Active Directory stores group membership as attributes on
the LDAP entries of users themselves. Out of the box (as of the time of publishing),
Spring Security does not offer an LdapAuthoritiesPopulator that can be
configured to support the structure of a typical Active Directory LDAP tree."
Below is my spring-security configuration file.
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http use-expressions="true" >
<intercept-url pattern="/resources/**" filters="none" />
<intercept-url pattern="/login" access="permitAll"/>
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/login"
default-target-url="/home"
always-use-default-target="true"
authentication-failure-url="/login?login_error=1" />
<logout invalidate-session="true"
logout-success-url="/"
logout-url="/logout"/>
</http>
<authentication-manager alias="ldapAuthenticationManager">
<authentication-provider ref="ldapAuthenticationProvider"/>
</authentication-manager>
<beans:bean id="ldapAuthenticationProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg ref="ldapBindAuthenticator"/>
<beans:constructor-arg ref="ldapAuthoritiesPopulator"/>
<beans:property name="userDetailsContextMapper" ref="ldapUserDetailsContextMapper"/>
</beans:bean>
<beans:bean id="ldapServer" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<!-- MS Active Directory -->
<beans:constructor-arg value="ldap://localhost:389/dc=myOrg,dc=net"/>
<beans:property name="userDn" value="admin"/>
<beans:property name="password" value="admin"/>
<beans:property name="baseEnvironmentProperties">
<beans:map>
<beans:entry key="java.naming.referral" value="follow" />
</beans:map>
</beans:property>
</beans:bean>
<beans:bean id="ldapBindAuthenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="ldapServer"/>
<beans:property name="userSearch" ref="ldapSearchBean"/>
</beans:bean>
<beans:bean id="ldapSearchBean" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<!-- MS Active Directory -->
<!-- user-search-base; relative to base of configured context source -->
<beans:constructor-arg value="ou=Software OU"/>
<!-- user-search-filter -->
<beans:constructor-arg value="(sAMAccountName={0})"/>
<beans:constructor-arg ref="ldapServer"/>
</beans:bean>
<beans:bean id="ldapAuthoritiesPopulator" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="ldapServer" />
<beans:constructor-arg value="" />
<beans:property name="groupSearchFilter" value="(sAMAccountName={0})"/>
<beans:property name="groupRoleAttribute" value="memberOf" />
<beans:property name="rolePrefix" value=""/>
<beans:property name="searchSubtree" value="true"/>
<beans:property name="convertToUpperCase" value="false"/>
<beans:property name="ignorePartialResultException" value="true"/>
</beans:bean>
<beans:bean class="org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper" id="ldapUserDetailsContextMapper"/>
</beans:beans>
Please help.
You might want to take a look here: https://jira.springsource.org/browse/SEC-876. Although this code contribution was declined, with a reasonable answer, it might give you hints.
We use the following config:
Spring XML
<bean id="ldapUserService" class="MyUserDetailService">
<constructor-arg ref="ldapUserSearch"/>
<constructor-arg ref="ldapAuthoritiesPopulator"/>
</bean>
<bean id="ldapUserSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg value="OU=FOO-Accounts,OU=FOO,OU=OU-GLOBAL"/> <!-- user search base, RELATIVE TO SERVER CONTEXT (URL & base of configured LDAP server)! -->
<constructor-arg value="(sAMAccountName={0})"/> <!-- user search filter -->
<constructor-arg ref="ldapServer"/>
</bean>
<bean id="ldapAuthoritiesPopulator" class="MyLdapAuthoritiesPopulator">
<constructor-arg ref="ldapServer" />
<constructor-arg value="=OU=SomeFooBar,OU=FOO-Global-Security,OU=FOO-Groups,OU=FOO,OU=OU-GLOBAL" /> <!-- group search base, RELATIVE TO SERVER CONTEXT (URL & base of configured LDAP server)! -->
<constructor-arg ref="roleMappings"/>
<property name="groupRoleAttribute" value="cn" />
<property name="groupSearchFilter" value="(member={0})" />
</bean>
Populator
There's a lot of proprietary code I cannot share because our customer has extra information in the AD we need to extract. I removed that as its of no concern for the question. Hence, this code won't compile.
public class MyLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator {
/**
* Prefix assigned by Spring Security to each group/role from LDAP.
*/
public static final String AUTHORITY_ROLE_PREFIX = "ROLE_";
private Properties roleMappings;
private Properties invertedRoleMappings;
/**
*
* #param contextSource supplies the contexts used to search for user roles.
* #param groupSearchBase if this is an empty string the search will be performed from the root DN
* of the context factory. If null, no search will be performed.
* #param roleMappings maps logical (internal) role names to names as delivered by LDAP
*/
#SuppressWarnings("deprecation")
public MyLdapAuthoritiesPopulator(final ContextSource contextSource,
final String groupSearchBase,
final Properties roleMappings) {
super(contextSource, groupSearchBase);
setConvertToUpperCase(false);
setRolePrefix("");
this.roleMappings = roleMappings;
this.invertedRoleMappings = invertRoleMappings();
logger.info("Processing LDAP roles based on the following mapping: {}.", roleMappings);
}
.....
#Override
public Set<GrantedAuthority> getGroupMembershipRoles(final String userDn, final String username) {
final Set<GrantedAuthority> effectiveGroupMembershipRoles = super.getGroupMembershipRoles(
userDn, username);
return mapEffectiveRolesToApplicationRoles(effectiveGroupMembershipRoles);
}
/**
* Maps effective LDAP roles such as 'foo_boston_dispatcher' or 'foo_boston_readonly' to
* FOO internal roles. The internal role (i.e. the {#link GrantedAuthority}) is a combination
* of the 'ROLE_' prefix and a {#link Role} enum value. .........
*/
Set<GrantedAuthority> mapEffectiveRolesToApplicationRoles(final Set<GrantedAuthority> effectiveGroupMembershipRoles) {
logger.info("Processing effective roles from LDAP: {}.", effectiveGroupMembershipRoles);
final Set<GrantedAuthority> internalRoles = new HashSet<GrantedAuthority>();
final List<String> effectiveRoleNames = extractRoleNamesFrom(effectiveGroupMembershipRoles);
final List<String> unmappedGroupMembershipRoles = new ArrayList<String>();
......
// in a method invoked here we do something like internalRoles.add(new GrantedAuthority(AUTHORITY_ROLE_PREFIX + role));
......
logger.info("Created internal roles {}.", internalRoles);
logger.trace(
"The following group membership roles were not mapped to an internal equivalent: {}",
unmappedGroupMembershipRoles);
return internalRoles;
}
......
private List<String> extractRoleNamesFrom(final Collection<GrantedAuthority> authorities) {
final List<String> authorityNames = new ArrayList<String>(authorities.size());
for (GrantedAuthority authority : authorities) {
authorityNames.add(authority.getAuthority());
}
return authorityNames;
}
}

How I can set address of WCF service from client's command line when using spring.net

My WCF service can work on any servers. My client - is console application. In command line parameters I want set address of my WCF service.
Current in config client I have:
...
<spring>
<context>
<resource uri="assembly://MyAssembly.Console/MyAssembly.Console/ServerWeb.xml"/>
</context>
</spring>
...
<system.serviceModel>
<client>
<endpoint behaviorConfiguration="Default" name="serverWebDataServiceEndpoint" address="http://localhost/mydata/DataService.svc"
binding="basicHttpBinding" bindingConfiguration="basicHttpBinding1" contract="MyData.Contracts.IDataService"/>
</client>
...
File ServerWeb.xml is:
<?xml version="1.0" encoding="utf-8" ?>
<objects xmlns="http://www.springframework.net"
xmlns:wcf="http://www.springframework.net/wcf">
<wcf:channelFactory id="serverWebDataService"
channelType="VimpelCom.Fmrad.Theseus.WcfDataLayer.CommonTypes.Contracts.IDataService, VimpelCom.Fmrad.Theseus.WcfDataLayer.CommonTypes"
endpointConfigurationName="serverWebDataServiceEndpoint" />
</objects>
In application, I use next code, for call service's methods:
IApplicationContext _ctx = ContextRegistry.GetContext();
IDataService _dataService = _ctx["serverWebDataService"] as IDataService;
var rule = _dataService.GetRuleById(ruleId);
How I can use another address of WCF service from command line?
Try something like that :
<wcf:channelFactory id="serverWebDataService"
channelType="VimpelCom.Fmrad.Theseus.WcfDataLayer.CommonTypes.Contracts.IDataService, VimpelCom.Fmrad.Theseus.WcfDataLayer.CommonTypes"
endpointConfigurationName="serverWebDataServiceEndpoint">
<!-- You can use classic DI to configure the ChannelFactory<T> instance -->
<wcf:property name="Endpoint.Address">
<object type="System.ServiceModel.EndpointAddress, System.ServiceModel">
<constructor-arg name="uri" value"${serviceUrl}"/>
</object>
</wcf:property>
</wcf:channelFactory>
You can use IVariableSource abstraction to get a property value from commandline. See :
http://www.springframework.net/doc-latest/reference/html/objects.html#objects-variablesource
<object type="Spring.Objects.Factory.Config.VariablePlaceholderConfigurer, Spring.Core">
<property name="VariableSources">
<list>
<object type="Spring.Objects.Factory.Config.CommandLineArgsVariableSource, Spring.Core">
<property name="ArgumentPrefix" value="--" />
<property name="ValueSeparator" value="="/>
</object>
</list>
</property>
</object>
Set the variable in command line like this :
program.exe --serviceUrl=http://localhost/Service.svc