I have a password protected internal maven repository I'd like to use to resolve dependencies in grails.
Does anyone know how to configure grails to use authentication when accessing a repository?
I'm running grails 1.2.1.
You can look in the docs: 3.7.2) Dependency Repositories -> Authentication
From the Docs:
If your repository requires some form of authentication you can specify as such using a credentials block:
credentials {
realm = ".."
host = "localhost"
username = "myuser"
password = "mypass"
}
Just making Brandon answer a bit more specific for the Nexus and Artifactory Maven repositories, as the realm attribute is key for this to work.
If you are using Nexus the credentials block look like this:
credentials {
realm = "Sonatype Nexus Repository Manager"
host = "hostname"
username = "username"
password = "password"
}
, but if you are using Artifactory, it should look like this:
credentials {
realm = "Artifactory Realm"
host = "hostname"
username = "username"
password = "password"
}
You need to add this block to your BuildConfig.groovy file, but if your code is going to be open sourced or you want this setting for all your projects, you can add the block inside your ~/.grails/settings.groovylike this:
grails.project.ivy.authentication = {
credentials {
realm = "your realm"
host = "hostname"
username = "username"
password = "password"
}
}
Cheers,
Angel.
Related
I am using spring vault to access Vault from Spring boot app running in Kubernetes.
Version
<dependency>
<groupId>org.springframework.vault</groupId>
<artifactId>spring-vault-core</artifactId>
<version>2.1.3.RELEASE</version>
</dependency>
Config
vault:
uri: https://xxx.xxx.com:8200
authentication: KUBERNETES
kubernetes:
role: abc
kubernetes-path: path/to/k8s
service_account_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
Error
o.s.v.a.VaultLoginException: Cannot login using Kubernetes: invalid role name \"abc\";
When I try to login using curl with the same role and token, its success:
VAULT_LOGIN="{\"role\":\"$SA_ROLE\", \"jwt\":\"$SA_JWT_TOKEN\"}"
curl --request POST --data "$VAULT_LOGIN" https://xxx.xxx.com:8200/v1/auth/path/to/k8s/login
It is a bug in spring vault. It does not support custom auth backend path. Pleae find the issue here: https://github.com/spring-projects/spring-vault/issues/462
As a workaround we can fix this by overriding kubeAuthentication method.
#Override
protected ClientAuthentication kubeAuthentication() {
String role = getEnvironment().getProperty("vault.kubernetes.role");
Assert.hasText(role, "Vault Kubernetes authentication: role must not be empty");
String tokenFile = getEnvironment().getProperty("vault.kubernetes.service-account-token-file");
if (!StringUtils.hasText(tokenFile)) {
tokenFile = KubernetesServiceAccountTokenFile.DEFAULT_KUBERNETES_SERVICE_ACCOUNT_TOKEN_FILE;
}
KubernetesJwtSupplier jwtSupplier = new KubernetesServiceAccountTokenFile(
tokenFile);
String path = getEnvironment().getProperty("vault.kubernetes.kubernetes-path");
KubernetesAuthenticationOptions authenticationOptions = KubernetesAuthenticationOptions
.builder() //
.role(role) //
.path(path)
.jwtSupplier(jwtSupplier) //
.build();
return new KubernetesAuthentication(authenticationOptions, restOperations());
}
I'm trying to publish my android library to my private repo but i'm getting this error from the Terminal in android studio :
Could not publish build-info: Error occurred while requesting version
information: Unauthorized
and this is the command :
gradlew.bat build artifactoryPublish
I used this link to help me set it up https://www.youtube.com/watch?v=mztbo8WwqRc
It's an official JFrog video
This is what i added to my project gradle :
artifactory {
contextUrl = "${artifactory_contextUrl}" //The base Artifactory URL if not overridden by the publisher/resolver
publish {
repository {
repoKey = 'libs-release-local'
username = "${artifactory_user}"
password = "${artifactory_password}"
maven = true
}
}
resolve {
repository {
repoKey = 'libs-release'
username = "${artifactory_user}"
password = "${artifactory_password}"
maven = true
}
}
}
and this is my gradle.properties where i put the user and pass (got it from artifactory):
org.gradle.jvmargs=-Xmx1024m
artifactory_user=${security.getCurrentUsername()}
artifactory_password=${security.getEncryptedPassword()!"*****what_lookes_like_my_encrypted_password****"}
artifactory_contextUrl=http://10.0.1.4:8081/artifactory
org.gradle.java.home=C:\\Program Files\\Java\\jdk1.8.0_162
android.enableAapt2=false
I'm rather new to the Gradle and Artifactory worlds so any help will do ,
anyone knows what's wrong here ?
Tnx!
This seems to be a permissions issue. The user you are using for publishing should have at least deployment permissions to the target repository.
You can check the user permissions in the Admin > Security > Users > Edit User page (requires admin permissions)
Or by looking at the effective permissions tab when selecting a repository in the Artifact Repository Browser
I can't connect to a SSH host using the Gradle SSH Plugin with my private key.
Specifying the password in the build.gradle works fine:
remotes {
webServer {
host = '<IP>'
user = '<USER>'
password = '<PASSWORD>'
}
}
But to avoid writing my password in the build file, I've set my environment to connect using my private key without entering the password from shell:
ssh <user>#<ip>
This command works from the shell but I can't achieve this with the Gradle plugin. This is my configuration:
remotes {
webServer {
host = '<IP>'
user = '<USER>'
identity = file("${System.getProperty('user.home')}/.ssh/id_rsa")
}
}
The error is:
Caused by: com.jcraft.jsch.JSchException: USERAUTH fail at com.jcraft.jsch.UserAuthPublicKey.start(UserAuthPublicKey.java:119)
Since I'm able to connect from the shell, what's wrong with my configuration?
I fixed this by adding the agent = true property:
remotes {
webServer {
host = '54.233.77.171'
user = 'denis'
agent = true
identity = file("${System.getProperty('user.home')}/.ssh/id_rsa")
}
}
agent - If this is set, Putty Agent or ssh-agent will be used on
authentication
For more information: Connections settings
I tried this property after analyzing the class UserAuthPublicKey:
if(userinfo==null) throw new JSchException("USERAUTH fail");
I think JCraft only supports PEM keys - when generating the keys, you need to specify the format:
ssh-keygen -t rsa -m PEM
I am doing a simple website with Razor. Currently, I have database-based authentication that works, as follows:
In _AppStart.chtml:
WebSecurity.InitializeDatabaseConnection("db_connection",
"users", "id", "username", true);
In login.cshtml page:
username = Request["username"];
password = Request["password"];
if (WebSecurity.Login(username, password, true))
{
Response.Redirect("/admin");
}
else
{
errorMessage = "Login was not successful.";
}
In protected CSHTML pages, I have the following at the top of a page:
if (!WebSecurity.IsAuthenticated)
{
Response.Redirect("/login.cshtml");
}
Everything is pretty simple and works well. Now I would like to add authentication with AD. I don't know how to do it.
I came from the Java world with many years of experience. For this simple website, I do not need MVC architecture. I need simple things similar to the above (if possible). I need to do authentication just within the login.cshtml file. I googled a lot and am unable to find a tutorial (so that I can copy and paste) for what I need.
Any pointers or help is really appreciated!
Thanks and Regards
Update: This application sits on the internal network.
Update 2: Here is the code I have after successfully implemented X3074861X's code
if (IsPost)
{
username = Request["username"];
password = Request["password"];
var domain = "domain";
var host = "host";
var port = "389";
LdapConnection ldapConnection = new LdapConnection(host + ":" + port);
try
{
// authenticate the username and password
using (ldapConnection)
{
// pass in the network creds, and the domain.
var networkCredential = new NetworkCredential(username, password, domain);
// if we're using unsecured port 389, set to false. If using port 636, set this to true.
ldapConnection.SessionOptions.SecureSocketLayer = false;
// since this is an internal application, just accept the certificate either way
ldapConnection.SessionOptions.VerifyServerCertificate += delegate { return true; };
// to force NTLM\Kerberos use AuthType.Negotiate, for non-TLS and unsecured, just use AuthType.Basic
ldapConnection.AuthType = AuthType.Basic;
// this is where the authentication occurs
ldapConnection.Bind(networkCredential);
//check local database to make sure the user is one of we allowed
if (WebSecurity.Login(username, "fixed-password, just to check whether someone is on the list of allowed people", true))
{
Response.Redirect("/admin");
}
else
{
errorMessage = "Login was not successful.";
}
}
}
catch (LdapException exception)
{
//Authentication failed, exception will dictate why
errorMessage = "Login was not successful.";
}
Some explanation. I dont have control over the AD and so I can only authenticate users against it. I still have a little local database that indicates who can access the app. Everyone with access to the app has the same rights.
Thanks and credit goes to X3074861X.
Since this is an internal application, and you're looking for something simple, I would consider writing a single class to do the Active Directory authentication. You're going to need a couple things though, in order for this to work :
A reference to System.DirectoryServices.Protocols in your project.
The IP or DNS name of your Active Directory server. We'll call it host in the code below.
The port it's running on (LDAPS will be port 636, basic LDAP will be port 389). We'll call it port in the code below.
The Domain to which your users belong. We'll call it domain in the code below.
Now that you have that, you can wire this up to check the credentials from the request against your AD instance. I would try something like this :
// the username and password to authenticate
username = Request["username"];
password = Request["password"];
// define your connection
LdapConnection ldapConnection = new LdapConnection("host:port");
try
{
// authenticate the username and password
using (ldapConnection)
{
// pass in the network creds, and the domain.
var networkCredential = new NetworkCredential(username, password, domain);
// if we're using unsecured port 389, set to false. If using port 636, set this to true.
ldapConnection.SessionOptions.SecureSocketLayer = false;
// since this is an internal application, just accept the certificate either way
ldapConnection.SessionOptions.VerifyServerCertificate += delegate { return true; };
// to force NTLM\Kerberos use AuthType.Negotiate, for non-TLS and unsecured, just use AuthType.Basic
ldapConnection.AuthType = AuthType.Basic;
// authenticate the user
ldapConnection.Bind(networkCredential);
}
catch (LdapException ldapException)
{
//Authentication failed, exception will dictate why
}
}
Also, in the same way you'd communicate an authorization issue before, the ldapException can tell you why the call failed. If you want to display custom messaging, I would check the LdapException.ErrorCode property, and maybe create a case statement of return messages based on the error codes.
Or, you could just output LdapException.Message directly to the page - either way, that will at least dictate to the user why their login didn't work.
I am new to LDAP authentication. I want to authenticate the users with their LDAP credentials.
For that I got the application credential from server so that I can authenticate other users.
My credential as application user are as:
Test LDAP Server IP: xx.xx.xx.xx
Port: 389
Bind DN:uid=uidxx,ou=applications,dc=dcxx
password: passxx
For authenticating the this user, I have written the code as
public String ldap()
{
String value=null;
SearchControls constraints= new SearchControls();
Hashtable<String, String> env= new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,"ldap://xx.xx.xx.xx:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,"uid=uidxx, ou=applications, dc=dcxx");
env.put(Context.SECURITY_CREDENTIALS,"passxx");
try {
DirContext ctx = new InitialDirContext(env);
value = "Done with it";
}
catch(AuthenticationException e)
{
value = "Invalid User name or password";
}
catch (NamingException e) {
e.printStackTrace();
value = "Exception occurred";
}
return value;
}
I got return value as "Done with it"
Now i want to authenticate other user whose mail id and password is known to me.
Its like i want authenticate other users using their mailid, password, and for that i got uidxx and passxx to authenticate them.
How should i do that?
Not getting much help from the other sources.
Thank you
When authenticating against LDAP common work flow is
Bind to LDAP using credentials you have. This user have to have at least read-only access to subtree with users. Often it is ou=People, ou=Domain, dc=com or similar.
Query LDAP server for user's DN (here is where ANR might be useful)
Try to bind to LDAP using user's DN and password supplied to your application
This works because it is very common to give every user RW rights to his object in database. Very useful if you want user to be able to change their own password.