Name: cert-ldap-login-module
Owner: esbtools
Description: null
Created: 2017-03-09 13:54:39.0
Updated: 2018-01-02 10:54:57.0
Pushed: 2018-01-10 15:45:38.0
Homepage: null
Size: 108
Language: Java
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
In standalone.xml:
system xmlns="urn:jboss:domain:security:1.2">
curity-domain name="esbtools-cert">
<authentication>
<login-module name="CertLdapLoginModule" code="org.esbtools.auth.jboss.CertLdapLoginModule" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="securityDomain" value="esbtools-cert"/>
<module-option name="verifier" value="org.jboss.security.auth.certs.AnyCertVerifier"/>
<module-option name="authRoleName" value="authenticated"/>
<module-option name="ldapServer" value="<ldap hostname>"/>
<module-option name="port" value="636"/>
<module-option name="searchBase" value="ou=example,dc=esbtools,dc=org"/>
<module-option name="bindDn" value="uid=esbtools-app,ou=example,dc=esbtools,dc=org"/>
<module-option name="bindPassword" value="<password>"/>
<module-option name="useSSL" value="true"/>
<module-option name="poolSize" value="5"/>
<module-option name="trustStore" value="${jboss.server.config.dir}/truststore.jks"/>
<module-option name="trustStorePassword" value="<password>"/>
</login-module>
</authentication>
<jsse keystore-password="<password>" keystore-url="file://${jboss.server.config.dir}/keystore.jks" truststore-password="<password>" truststore-url="file://${jboss.server.config.dir}/truststore.jks" client-auth="true"/>
security-domain>
bsystem>
Using annotation driven configuration:
rt org.esbtools.auth.ldap.LdapConfiguration;
rt org.esbtools.auth.spring.LdapUserDetailsService;
rt org.springframework.beans.factory.annotation.Value;
rt org.springframework.context.annotation.Bean;
rt org.springframework.context.annotation.Configuration;
rt org.springframework.context.annotation.PropertySource;
figuration
pertySource(value = {"classpath:/ldapconfig.properties"})
ic class ApplicationConfiguration {
ean
blic LdapConfiguration ldapConfiguration(
@Value("${ldapconfig.server}") String server,
@Value("${ldapconfig.port}") Integer port,
@Value("${ldapconfig.username}") String bindDn,
@Value("${ldapconfig.password}") String bindDNPwd,
@Value("${ldapconfig.pool_size}") Integer poolSize,
@Value("${ldapconfig.use_tls}") Boolean useSSL,
@Value("${ldapconfig.truststore}") String trustStore,
@Value("${ldapconfig.truststore_password}") String trustStorePassword,
@Value("${ldapconfig.connectionTimeoutMS}") Integer connectionTimeoutMS,
@Value("${ldapconfig.responseTimeoutMS}") Integer responseTimeoutMS,
@Value("${ldapconfig.debug}") Boolean debug,
@Value("${ldapconfig.keepAlive}") Boolean keepAlive,
@Value("${ldapconfig.poolMaxConnectionAgeMS}") Integer poolMaxConnectionAgeMS) {
LdapConfiguration config = new LdapConfiguration();
config.server(server);
config.port(port);
config.bindDn(bindDn);
config.bindDNPwd(bindDNPwd);
config.poolSize(poolSize);
config.useSSL(useSSL);
config.trustStore(trustStore);
config.trustStorePassword(trustStorePassword);
config.connectionTimeoutMS(connectionTimeoutMS);
config.responseTimeoutMS(responseTimeoutMS);
config.debug(debug);
config.keepAlive(keepAlive);
config.poolMaxConnectionAgeMS(poolMaxConnectionAgeMS);
return config;
ean
blic LdapUserDetailsService ldapUserDetailsService(
LdapConfiguration ldapConfiguration,
@Value("${ldapconfig.search_base:dc=redhat,dc=com}") String searchBaseDn,
@Value("${ldapconfig.rolesCacheExpiryMS:300000}") int rolesCacheExpiryMS) throws Exception {
return new LdapUserDetailsService(
searchBaseDn,
ldapConfiguration,
rolesCacheExpiryMS);
java
rt org.esbtools.auth.spring.EsbToolsExceptionTraslatingFilter;
rt org.esbtools.auth.spring.EsbToolsExceptionTraslatingFilter.ErrorResponseWriter;
rt org.esbtools.auth.spring.SpringCertEnvironmentVerificationFilter;
rt org.esbtools.auth.spring.LdapUserDetailsService;
rt org.springframework.security.config.annotation.web.builders.HttpSecurity;
rt org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
rt org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
rt org.springframework.context.annotation.Configuration;
figuration
bleWebSecurity
ic class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private LdapUserDetailsService ldapUserDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception
{
//...
http.x509()
.authenticationUserDetailsService(ldapUserDetailsService)
.and()
.addFilterAfter(
new CertEnvironmentVerificationFilter(environment), X509AuthenticationFilter.class);
//...
}
//...