This is some part of my spring-security.xml.
My requirement is - i want to use embedded LDAP server only and want to use LdapAuthoritiesPopulator with itt
<security:authentication-manager>
<security:ldap-authentication-provider
user-search-filter="(uid={0})"
user-search-base="ou=users"
group-search-filter="(uniqueMember={0})"
group-search-base="ou=groups"
group-role-attribute="cn"
role-prefix="ROLE_">
</security:ldap-authentication-provider>
</security:authentication-manager>
<!-- Use an embedded LDAP server. We need to declare the location of the LDIF file
We also need to customize the root attribute default is -->
<security:ldap-server ldif="classpath:mojo.ldif" root="dc=springframework,dc=org"/>
I want to use my custom LdapAuthoritiesPopulator.
How to use it with embedded ldap server.
I am new to spring as of now.
You can configure your authentication provider with DefaultLDAPAuthoritesPopulator and provide the details to find the groups for roles. If there is something more specific to your case, you could extend this class. Looking at the spring-security-samples. I am new to spring-security too but i found the source code to be very helpful. Good luck.
FYI
contextSource bean DefaultSpringSecurityContextSource should be configured with the url to your LDAP server.
Hope this helps.
<bean id="ldapAuthenticationProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource"/>
<property name="userSearch">
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="ou=Google,ou=People"/>
<constructor-arg index="1" value="(uid={0})"/>
<constructor-arg index="2" ref="contextSource"/>
</bean>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource"/>
<constructor-arg value="ou=Groups"/>
<property name="groupSearchFilter" value="member={0}"/>
<property name="searchSubtree" value="true"/>
</bean>
</constructor-arg>
<property name="authoritiesMapper">
<bean class="org.springframework.security.core.authority.mapping.SimpleAuthorityMapper">
<property name="convertToUpperCase" value="true"/>
</bean>
</property>
</bean>
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://127.0.0.1:389/dc=google,dc=com"/>
</bean>
Related
I have a requirement in my spring batch where I have to load few key value properties from a database table. Is this possible? The job runs in a stand alone environment and not in a container.
Please let me know if you have a solution for this. `I am in a secured environment and that is the reason I have not shared the code initially. Anyways below is what I have. Below are my properties
<bean id="properties"
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="locations">
<list>
<value>classpath:EnvConfig.properties</value>
<value>classpath:DatabaseConfig.properties</value>
<value>classpath:WebServiceConfig.properties</value>
</list>
</property>
</bean>
<bean id="propertyPlaceholderConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="properties" ref="properties" />
</bean>
<bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="properties">
<bean class="org.apache.commons.configuration.ConfigurationConverter"
factory-method="getProperties">
<constructor-arg>
<bean class="org.apache.commons.configuration.DatabaseConfiguration">
<constructor-arg>
<ref bean="sam-datasource" />
</constructor-arg>
<constructor-arg value="PTTMCDB.PROPERTY" /> <!-- DB Table -->
<constructor-arg value="PROPERTYNAME" /> <!-- DB Key Column -->
<constructor-arg value="PROPERTYVALUE" /> <!-- DB Value Column -->
</bean>
</constructor-arg>
</bean>
</property>
</bean>
This is where I am reading the properties fetched from DB.
<bean id="emailReaderUtil"
class="mailreader.pop3.EmailReaderUtil">
<property name="popServerHost" value="${pop3.popServerHost}"/>
</bean>
I recently changed some of my application to use the the following:
org.springframework.jndi.JndiTemplate
org.springframework.jms.connection.CachingConnectionFactory
org.springframework.jms.core.JmsTemplate
Everything is working fine and I'm able to deploy my war files and send JMS messages to the queue.
However something peculiar happens when my managed server restarts. The deployables will all go into a fail state which requires me to then manually start them up.
This started happening after the change to use caching connection factory, jndi template and jms template.
My SpringConfig file:
<!-- Service Controller begin -->
<bean id="appUtils" class="com.foo.util.AppUtil" lazy-init="true" />
<bean id="jms_jndiTemplate" class="org.springframework.jndi.JndiTemplate" lazy-init="true">
<property name="environment">
<props>
<prop key="java.naming.factory.initial">#{jmsJndiFactory}</prop>
<prop key="java.naming.provider.url">#{jmsIp}</prop>
</props>
</property>
</bean>
<bean id="jmsUtils" class="com.foo.JmsUtil" >
<property name="template">
<bean class="org.springframework.jms.core.JmsTemplate" lazy-init="true">
<property name="connectionFactory">
<bean class="org.springframework.jms.connection.CachingConnectionFactory" lazy-init="true">
<property name="sessionCacheSize" value="10" />
<property name="targetConnectionFactory">
<bean class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiTemplate" ref="jms_jndiTemplate" />
<property name="jndiName" ref="jmsFactory" />
</bean>
</property>
</bean>
</property>
</bean>
</property>
<property name="destination">
<bean class="org.springframework.jndi.JndiObjectFactoryBean" lazy-init="true">
<property name="jndiTemplate" ref="jms_jndiTemplate" />
<property name="jndiName" ref="jmsQueue" />
</bean>
</property>
</bean>
ApplicationContext file:
<bean id="jmsQueue" class="java.lang.String" ><constructor-arg value="${jmsQueue.local}" /></bean>
<bean id="jmsFactory" class="java.lang.String" ><constructor-arg value="${jmsFactory.local}" /></bean>
<bean id="jmsJndiFactory" class="java.lang.String" ><constructor-arg value="${jmsJndiFactory.local}" /></bean>
<bean id="jmsIp" class="java.lang.String" ><constructor-arg value="${jmsIp.local}" /></bean>
applicationProperties file:
jmsQueue.local=jms/Queue
jmsFactory.local=jms/ConnectionFactory
jmsJndiFactory.local=weblogic.jndi.WLInitialContextFactory
jmsIp.local=t3://localhost:7031
Anyone has any idea as to why this might be happening? I'm using Weblogic. Any help would be greatly appreciated.
Thanks!
Edit: Forgot to mention that the error causing the failed state is
javax.naming.NameNotFoundException: Unable to resolve 'jms.Queue'. Resolved 'jms'; remaining name 'Queue'.
This is a JNDI error. The message means "I tried to find jms/Queue in the JNDI context but I only got as far as jms; there is no Queue child below".
Check the resources which you configured for the application in WebSphere.
I m trying to implement the Spring saml sample application and I m having issues with authentication. I followed the exact steps outlined in quick start guide namely: downloading the sample app; configuring IDP and SP metadata;
I was able to generate the SP metadata and successfully uploaded it to SSOCircle IDP.
When I enter in my SSOCircle login details - it fails to redirect back to my local application and log me in;
Here are my config changes I made:
IDP config:
<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>
<bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
<constructor-arg>
<value type="java.lang.String">http://idp.ssocircle.com/idp-meta.xml</value>
</constructor-arg>
<constructor-arg>
<value type="int">5000</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</list>
</constructor-arg>
</bean>
SP config:
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.MetadataGenerator">
<property name="entityId" value="http://localhost:8081/spring-security-saml2-sample"/>
<property name="signMetadata" value="false"/>
<property name="extendedMetadata">
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="idpDiscoveryEnabled" value="false"/>
</bean>
</property>
</bean>
</constructor-arg>
</bean>
Can someone please thrown some light here... Thank you in advance.
Ok, I was able to get through this; by explicitly changing the "bindingSSO" property in MetadataGenerator bean to "POST" solved my problem.
<property name="bindingsSSO" >
<list>
<value>POST</value>
</list>
</property>
It looks like, the code is setting the default binding to "SSO_ARTIFACT"
I'm using:
- Spring 3.1.3
And the problem is I'm unable to connect with the Active Directory via LDAP using valid credentials.
i don't know if is caused by a malformed pattern or a configuration issue about userdn or url's rootDn. Although , at first glance , it seems that everything is correct.
This is my current spring security config file:
...
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean id="bindAuthenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userDnPatterns">
<list><value>sAMAccountName={0}</value></list>
</property>
</bean>
</constructor-arg>
</bean>
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://remotehost:port/OU=My%20Company,dc=domain,dc=subdomain"/>
<property name="userDn" value="CN=managerUserCN,OU=Users,OU=Test Accounts,OU=My Company,dc=domain,dc=subdomain/>
<property name="password" value="thePass"/>
</bean>
...
*I have replaced the real urls, organizations, groups, etc by descriptive data
*It's a requeriment searching by sAMAccountName.
And the NamingException throwed by doAuthentication:bindWithDn is the next:
*org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1*
And 52e code interpretation which I read on the LDAP wiki is not entirely correct because is launching both typing a existing username and nonexistent username.
I'm refering to:
NOTE: Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted.
Not for me.
I have found the answer for my question.
I got it specifying user-Search property in the bindAuthentication. Previously I had tested the userSearch option without including base directory (first parameter). So, almost for me, it's mandatory and let the authentication works.
In code:
<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean id="bindAuthenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userSearch" ref="userSearch"/>
</bean>
</constructor-arg>
</bean>
<bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg>
<value>OU=My Company,DC=domain,DC=subdomain</value>
</constructor-arg>
<constructor-arg>
<value>(sAMAccountName={0})</value>
</constructor-arg>
<constructor-arg ref="contextSource" />
<property name="searchSubtree">
<value>true</value>
</property>
</bean>
Perhaps I can help someone with a similar issue.
pD: Another option would be use the specified ActiveDirectoryLdapAuthenticationProvider
<bean id="ldapActiveDirectoryAuthProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<constructor-arg value="domain.subdomain" />
<constructor-arg value="ldap://host:port" />
<property name="convertSubErrorCodesToExceptions" value="true"/>
</bean>
It seems to work fine too.
i'm looking for the simplest way of adding jaxb annotations support to jackson.
Jackson is added now to Spring by <mvc:annotation-driven/>. I need that by #ResponseBody annotation the Object is converted to xml or json dependently to the media type.
I'm new in spring-mvc so doesn't understand well yet how things work. Thanks.
Okay, I assume you want to be able to return both XML and JSON. To do this you need to create MessageConverters for both formats.
The XML message converter:
<bean id="xmlConverter"
class="org.springframework.http.converter.xml.MarshallingHttpMessageConverter">
<constructor-arg>
<oxm:jaxb2-marshaller id="jaxb2Marshaller">
<!-- you must either bind your JAXB annotated classes here -->
<!-- OR provide a jaxb.index and use contextPath -->
<oxm:class-to-be-bound name="com.mycompany.MyClass"/>
</oxm:jaxb2-marshaller>
</constructor-arg>
<property name="supportedMediaTypes">
<list>
<bean class="org.springframework.http.MediaType">
<constructor-arg index="0" value="application"/>
<constructor-arg index="1" value="xml"/>
<constructor-arg index="2" value="UTF-8"/>
</bean>
</list>
</property>
</bean>
The JSON message converter, which uses the JAXB annotations:
<bean id="jaxbAnnotationInspector"
class="org.codehaus.jackson.xc.JaxbAnnotationIntrospector"/>
<bean id="jacksonObjectMapper" class="org.codehaus.jackson.map.ObjectMapper">
<property name="annotationIntrospector" ref="jaxbAnnotationInspector"/>
</bean>
<bean id="jsonConverter"
class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter">
<property name="objectMapper">
<bean ref="jacksonObjectMapper"/>
</property>
<property name="supportedMediaTypes">
<list>
<bean class="org.springframework.http.MediaType">
<constructor-arg index="0" value="application"/>
<constructor-arg index="1" value="json"/>
<constructor-arg index="2" value="UTF-8"/>
</bean>
</list>
</property>
</bean>
And finally, the AnnotationMethodHandlerAdapter, which will convert the responses to the appropriate content type, depending upon the accept headers:
<bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter">
<property name="messageConverters">
<list>
<ref bean="xmlConverter"/>
<ref bean="jsonConverter"/>
</list>
</property>
</bean>
Note that the JAXB support in jackson isn't 100% complete or correct all the time, but the developers are really good at fixing bugs and responding to error reports.