esbtools/cert-ldap-login-module

Name: cert-ldap-login-module

Owner: esbtools

Description: null

Created: 2017-03-09 13:54:39.0

Updated: 2018-01-02 10:54:57.0

Pushed: 2018-01-10 15:45:38.0

Homepage: null

Size: 108

Language: Java

GitHub Committers

UserMost Recent Commit# Commits

Other Committers

UserEmailMost Recent Commit# Commits

README

Build Status Coverage Status

How to configure authentication/authorization on JBoss

In standalone.xml:

system xmlns="urn:jboss:domain:security:1.2">
curity-domain name="esbtools-cert">
<authentication>
    <login-module name="CertLdapLoginModule" code="org.esbtools.auth.jboss.CertLdapLoginModule" flag="required">
        <module-option name="password-stacking" value="useFirstPass"/>
        <module-option name="securityDomain" value="esbtools-cert"/>
        <module-option name="verifier" value="org.jboss.security.auth.certs.AnyCertVerifier"/>
        <module-option name="authRoleName" value="authenticated"/>
        <module-option name="ldapServer" value="<ldap hostname>"/>
        <module-option name="port" value="636"/>
        <module-option name="searchBase" value="ou=example,dc=esbtools,dc=org"/>
        <module-option name="bindDn" value="uid=esbtools-app,ou=example,dc=esbtools,dc=org"/>
        <module-option name="bindPassword" value="<password>"/>
        <module-option name="useSSL" value="true"/>
        <module-option name="poolSize" value="5"/>
        <module-option name="trustStore" value="${jboss.server.config.dir}/truststore.jks"/>
        <module-option name="trustStorePassword" value="<password>"/>
    </login-module>
</authentication>
<jsse keystore-password="<password>" keystore-url="file://${jboss.server.config.dir}/keystore.jks" truststore-password="<password>" truststore-url="file://${jboss.server.config.dir}/truststore.jks" client-auth="true"/>
security-domain>
bsystem>

How to configure authentication/authorization in Spring Security

Using annotation driven configuration:

rt org.esbtools.auth.ldap.LdapConfiguration;
rt org.esbtools.auth.spring.LdapUserDetailsService;
rt org.springframework.beans.factory.annotation.Value;
rt org.springframework.context.annotation.Bean;
rt org.springframework.context.annotation.Configuration;
rt org.springframework.context.annotation.PropertySource;

figuration
pertySource(value = {"classpath:/ldapconfig.properties"})
ic class ApplicationConfiguration {

ean
blic LdapConfiguration ldapConfiguration(
  @Value("${ldapconfig.server}") String server,
  @Value("${ldapconfig.port}") Integer port,
  @Value("${ldapconfig.username}") String bindDn,
  @Value("${ldapconfig.password}") String bindDNPwd,
  @Value("${ldapconfig.pool_size}") Integer poolSize,
  @Value("${ldapconfig.use_tls}") Boolean useSSL,
  @Value("${ldapconfig.truststore}") String trustStore,
  @Value("${ldapconfig.truststore_password}") String trustStorePassword,
  @Value("${ldapconfig.connectionTimeoutMS}") Integer connectionTimeoutMS,
  @Value("${ldapconfig.responseTimeoutMS}") Integer responseTimeoutMS,
  @Value("${ldapconfig.debug}") Boolean debug,
  @Value("${ldapconfig.keepAlive}") Boolean keepAlive,
  @Value("${ldapconfig.poolMaxConnectionAgeMS}") Integer poolMaxConnectionAgeMS) {

LdapConfiguration config = new LdapConfiguration();
config.server(server);
config.port(port);
config.bindDn(bindDn);
config.bindDNPwd(bindDNPwd);
config.poolSize(poolSize);
config.useSSL(useSSL);
config.trustStore(trustStore);
config.trustStorePassword(trustStorePassword);
config.connectionTimeoutMS(connectionTimeoutMS);
config.responseTimeoutMS(responseTimeoutMS);
config.debug(debug);
config.keepAlive(keepAlive);
config.poolMaxConnectionAgeMS(poolMaxConnectionAgeMS);

return config;


ean
blic LdapUserDetailsService ldapUserDetailsService(
  LdapConfiguration ldapConfiguration,
  @Value("${ldapconfig.search_base:dc=redhat,dc=com}") String searchBaseDn,
  @Value("${ldapconfig.rolesCacheExpiryMS:300000}") int rolesCacheExpiryMS) throws Exception {
return new LdapUserDetailsService(
    searchBaseDn,
    ldapConfiguration,
    rolesCacheExpiryMS);




java
rt org.esbtools.auth.spring.EsbToolsExceptionTraslatingFilter;
rt org.esbtools.auth.spring.EsbToolsExceptionTraslatingFilter.ErrorResponseWriter;
rt org.esbtools.auth.spring.SpringCertEnvironmentVerificationFilter;
rt org.esbtools.auth.spring.LdapUserDetailsService;
rt org.springframework.security.config.annotation.web.builders.HttpSecurity;
rt org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
rt org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
rt org.springframework.context.annotation.Configuration;

figuration
bleWebSecurity
ic class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Autowired
private LdapUserDetailsService ldapUserDetailsService;

@Override
protected void configure(HttpSecurity http) throws Exception
{
    //...

    http.x509()
            .authenticationUserDetailsService(ldapUserDetailsService)
            .and()
            .addFilterAfter(
                    new CertEnvironmentVerificationFilter(environment), X509AuthenticationFilter.class);

    //...
}

//...
This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.