How to configure authentication/authorization on JBoss

In standalone.xml:

<subsystem xmlns="urn:jboss:domain:security:1.2">
 <security-domain name="esbtools-cert">
    <authentication>
        <login-module name="CertLdapLoginModule" code="org.esbtools.auth.jboss.CertLdapLoginModule" flag="required">
            <module-option name="password-stacking" value="useFirstPass"/>
            <module-option name="securityDomain" value="esbtools-cert"/>
            <module-option name="verifier" value="org.jboss.security.auth.certs.AnyCertVerifier"/>
            <module-option name="authRoleName" value="authenticated"/>
            <module-option name="ldapServer" value="<ldap hostname>"/>
            <module-option name="port" value="636"/>
            <module-option name="searchBase" value="ou=example,dc=esbtools,dc=org"/>
            <module-option name="bindDn" value="uid=esbtools-app,ou=example,dc=esbtools,dc=org"/>
            <module-option name="bindPassword" value="<password>"/>
            <module-option name="useSSL" value="true"/>
            <module-option name="poolSize" value="5"/>
            <module-option name="trustStore" value="${jboss.server.config.dir}/truststore.jks"/>
            <module-option name="trustStorePassword" value="<password>"/>
        </login-module>
    </authentication>
    <jsse keystore-password="<password>" keystore-url="file://${jboss.server.config.dir}/keystore.jks" truststore-password="<password>" truststore-url="file://${jboss.server.config.dir}/truststore.jks" client-auth="true"/>
  </security-domain>
</subsystem>

How to configure authentication/authorization in Spring Security

Using annotation driven configuration:

import org.esbtools.auth.ldap.LdapConfiguration;
import org.esbtools.auth.spring.LdapUserDetailsService;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;

@Configuration
@PropertySource(value = {"classpath:/ldapconfig.properties"})
public class ApplicationConfiguration {

  @Bean
  public LdapConfiguration ldapConfiguration(
      @Value("${ldapconfig.server}") String server,
      @Value("${ldapconfig.port}") Integer port,
      @Value("${ldapconfig.username}") String bindDn,
      @Value("${ldapconfig.password}") String bindDNPwd,
      @Value("${ldapconfig.pool_size}") Integer poolSize,
      @Value("${ldapconfig.use_tls}") Boolean useSSL,
      @Value("${ldapconfig.truststore}") String trustStore,
      @Value("${ldapconfig.truststore_password}") String trustStorePassword,
      @Value("${ldapconfig.connectionTimeoutMS}") Integer connectionTimeoutMS,
      @Value("${ldapconfig.responseTimeoutMS}") Integer responseTimeoutMS,
      @Value("${ldapconfig.debug}") Boolean debug,
      @Value("${ldapconfig.keepAlive}") Boolean keepAlive,
      @Value("${ldapconfig.poolMaxConnectionAgeMS}") Integer poolMaxConnectionAgeMS) {

    LdapConfiguration config = new LdapConfiguration();
    config.server(server);
    config.port(port);
    config.bindDn(bindDn);
    config.bindDNPwd(bindDNPwd);
    config.poolSize(poolSize);
    config.useSSL(useSSL);
    config.trustStore(trustStore);
    config.trustStorePassword(trustStorePassword);
    config.connectionTimeoutMS(connectionTimeoutMS);
    config.responseTimeoutMS(responseTimeoutMS);
    config.debug(debug);
    config.keepAlive(keepAlive);
    config.poolMaxConnectionAgeMS(poolMaxConnectionAgeMS);

    return config;
  }

  @Bean
  public LdapUserDetailsService ldapUserDetailsService(
      LdapConfiguration ldapConfiguration,
      @Value("${ldapconfig.search_base:dc=redhat,dc=com}") String searchBaseDn,
      @Value("${ldapconfig.rolesCacheExpiryMS:300000}") int rolesCacheExpiryMS) throws Exception {
    return new LdapUserDetailsService(
        searchBaseDn,
        ldapConfiguration,
        rolesCacheExpiryMS);
  }

}

import org.esbtools.auth.spring.EsbToolsExceptionTraslatingFilter;
import org.esbtools.auth.spring.EsbToolsExceptionTraslatingFilter.ErrorResponseWriter;
import org.esbtools.auth.spring.SpringCertEnvironmentVerificationFilter;
import org.esbtools.auth.spring.LdapUserDetailsService;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.context.annotation.Configuration;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private LdapUserDetailsService ldapUserDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        //...

        http.x509()
                .authenticationUserDetailsService(ldapUserDetailsService)
                .and()
                .addFilterAfter(
                        new CertEnvironmentVerificationFilter(environment), X509AuthenticationFilter.class);

        //...
    }

    //...
}

derek63 / jboss-cert-ldap-login-module Goto Github PK

jboss-cert-ldap-login-module's Introduction

How to configure authentication/authorization on JBoss

How to configure authentication/authorization in Spring Security

jboss-cert-ldap-login-module's People

Contributors

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent