These photos are from Sao Paulo Downtown:
cheers!
Borys
Tuesday, October 18, 2011
Sao Paulo's Downtown
A coffee break for an exalted programmer! However, Sao Paulo was raining all day. That's why it is called "A cidade da garoa".
These photos are from Sao Paulo Downtown:
These photos are from Sao Paulo Downtown:
Saturday, October 15, 2011
Icefaces POM Reference
Hi folks,
follows an icefaces pom reference
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>YourProject</groupId>
<artifactId>YourArtifact</artifactId>
<version>1.0</version>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>jfreechart</groupId>
<artifactId>jfreechart</artifactId>
<version>1.0.0</version>
</dependency>
<dependency>
<groupId>commons-pool</groupId>
<artifactId>commons-pool</artifactId>
<version>1.5.4</version>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity</artifactId>
<version>1.5</version>
</dependency>
<!-- Icefaces Specific Dependency -->
<dependency>
<groupId>net.sf.jcharts</groupId>
<artifactId>krysalis-jCharts</artifactId>
<version>1.0.0-alpha-1</version>
</dependency>
<dependency>
<groupId>javax.mail</groupId>
<artifactId>mail</artifactId>
<version>1.4.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.icefaces</groupId>
<artifactId>icefaces</artifactId>
<version>1.8.2</version>
<exclusions>
<exclusion>
<artifactId>el-api</artifactId>
<groupId>javax.el</groupId>
</exclusion>
<exclusion>
<artifactId>servlet-api</artifactId>
<groupId>javax.servlet</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.icefaces</groupId>
<artifactId>icefaces-comps</artifactId>
<version>1.8.2</version>
</dependency>
<dependency>
<groupId>org.icefaces</groupId>
<artifactId>icefaces-facelets</artifactId>
<version>1.8.2</version>
<exclusions>
<exclusion>
<artifactId>el-api</artifactId>
<groupId>javax.el</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>net.sourceforge.jexcelapi</groupId>
<artifactId>jxl</artifactId>
<version>2.6.3</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>javax.faces</groupId>
<artifactId>jsf-api</artifactId>
<version>1.2-b19</version>
<scope>PROVIDED</scope>
</dependency>
<dependency>
<groupId>javax.faces</groupId>
<artifactId>jsf-impl</artifactId>
<version>1.2-b19</version>
<scope>PROVIDED</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.8.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.14</version>
</dependency>
<!-- Spring -->
<!-- Core utilities used by other modules. Define this if you use Spring Utility APIs (org.springframework.core.*/org.springframework.util.*) -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springmodules</groupId>
<artifactId>spring-modules-jakarta-commons</artifactId>
<version>0.8</version>
<exclusions>
<exclusion>
<artifactId>servlet-api</artifactId>
<groupId>javax.servlet</groupId>
</exclusion>
<exclusion>
<artifactId>myfaces-api</artifactId>
<groupId>myfaces</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.4</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.5</version>
</dependency>
<dependency>
<groupId>org.hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>2.0.0</version>
</dependency>
<dependency>
<groupId>commons-configuration</groupId>
<artifactId>commons-configuration</artifactId>
<version>1.6</version>
</dependency>
<dependency>
<groupId>commons-dbutils</groupId>
<artifactId>commons-dbutils</artifactId>
<version>1.3</version>
</dependency>
<dependency>
<groupId>commons-dbcp</groupId>
<artifactId>commons-dbcp</artifactId>
<version>1.4</version>
</dependency>
<dependency>
<groupId>commons-net</groupId>
<artifactId>commons-net</artifactId>
<version>2.2</version>
</dependency>
<dependency>
<groupId>com.oracle.driver</groupId>
<artifactId>ojdbc14</artifactId>
<version>10</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>3.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>3.0.3.RELEASE</version>
<exclusions>
<exclusion>
<artifactId>spring-beans</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>3.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-oxm</artifactId>
<version>3.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>3.0.3.RELEASE</version>
<exclusions>
<exclusion>
<artifactId>spring-beans</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
<version>3.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc-portlet</artifactId>
<version>3.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>quartz</groupId>
<artifactId>quartz</artifactId>
<version>1.5.2</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>3.0.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.3</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
<version>1.3.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.5.8</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>net.sf.json-lib</groupId>
<artifactId>json-lib</artifactId>
<version>2.3</version>
<classifier>jdk15</classifier>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.5.8</version>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.0</version>
</dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
<version>2.0.3</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.0.2</version>
<configuration>
<source>1.6</source>
<target>1.6</target>
</configuration>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>jetty-dev</id>
<dependencies>
<dependency>
<groupId>javax.faces</groupId>
<artifactId>jsf-api</artifactId>
<version>1.2_15</version>
</dependency>
<dependency>
<groupId>javax.faces</groupId>
<artifactId>jsf-impl</artifactId>
<version>1.2_15</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.0.2</version>
<configuration>
<source>1.6</source>
<target>1.6</target>
</configuration>
</plugin>
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
<version>6.1.22</version>
<configuration>
<scanIntervalSeconds>2</scanIntervalSeconds>
<stopKey>foo</stopKey>
<stopPort>9999</stopPort>
<connectors>
<connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
<port>9090</port>
<maxIdleTime>60000</maxIdleTime>
</connector>
</connectors>
</configuration>
<dependencies>
</dependencies>
<executions>
<execution>
<id>start-jetty</id>
<phase>pre-integration-test</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<scanIntervalSeconds>2</scanIntervalSeconds>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<properties>
<build.vcs.number>3</build.vcs.number>
<build.number>1</build.number>
</properties>
</profile>
</profiles>
<properties>
<org.springframework.version>3.0.5.RELEASE</org.springframework.version>
<jsf.version>2.1.1-b03</jsf.version>
<ice.version>2.0.0</ice.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
</properties>
</project>
follows an icefaces pom reference
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>YourProject</groupId>
<artifactId>YourArtifact</artifactId>
<version>1.0</version>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>jfreechart</groupId>
<artifactId>jfreechart</artifactId>
<version>1.0.0</version>
</dependency>
<dependency>
<groupId>commons-pool</groupId>
<artifactId>commons-pool</artifactId>
<version>1.5.4</version>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity</artifactId>
<version>1.5</version>
</dependency>
<!-- Icefaces Specific Dependency -->
<dependency>
<groupId>net.sf.jcharts</groupId>
<artifactId>krysalis-jCharts</artifactId>
<version>1.0.0-alpha-1</version>
</dependency>
<dependency>
<groupId>javax.mail</groupId>
<artifactId>mail</artifactId>
<version>1.4.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.icefaces</groupId>
<artifactId>icefaces</artifactId>
<version>1.8.2</version>
<exclusions>
<exclusion>
<artifactId>el-api</artifactId>
<groupId>javax.el</groupId>
</exclusion>
<exclusion>
<artifactId>servlet-api</artifactId>
<groupId>javax.servlet</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.icefaces</groupId>
<artifactId>icefaces-comps</artifactId>
<version>1.8.2</version>
</dependency>
<dependency>
<groupId>org.icefaces</groupId>
<artifactId>icefaces-facelets</artifactId>
<version>1.8.2</version>
<exclusions>
<exclusion>
<artifactId>el-api</artifactId>
<groupId>javax.el</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>net.sourceforge.jexcelapi</groupId>
<artifactId>jxl</artifactId>
<version>2.6.3</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>javax.faces</groupId>
<artifactId>jsf-api</artifactId>
<version>1.2-b19</version>
<scope>PROVIDED</scope>
</dependency>
<dependency>
<groupId>javax.faces</groupId>
<artifactId>jsf-impl</artifactId>
<version>1.2-b19</version>
<scope>PROVIDED</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.8.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.14</version>
</dependency>
<!-- Spring -->
<!-- Core utilities used by other modules. Define this if you use Spring Utility APIs (org.springframework.core.*/org.springframework.util.*) -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springmodules</groupId>
<artifactId>spring-modules-jakarta-commons</artifactId>
<version>0.8</version>
<exclusions>
<exclusion>
<artifactId>servlet-api</artifactId>
<groupId>javax.servlet</groupId>
</exclusion>
<exclusion>
<artifactId>myfaces-api</artifactId>
<groupId>myfaces</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.4</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.5</version>
</dependency>
<dependency>
<groupId>org.hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>2.0.0</version>
</dependency>
<dependency>
<groupId>commons-configuration</groupId>
<artifactId>commons-configuration</artifactId>
<version>1.6</version>
</dependency>
<dependency>
<groupId>commons-dbutils</groupId>
<artifactId>commons-dbutils</artifactId>
<version>1.3</version>
</dependency>
<dependency>
<groupId>commons-dbcp</groupId>
<artifactId>commons-dbcp</artifactId>
<version>1.4</version>
</dependency>
<dependency>
<groupId>commons-net</groupId>
<artifactId>commons-net</artifactId>
<version>2.2</version>
</dependency>
<dependency>
<groupId>com.oracle.driver</groupId>
<artifactId>ojdbc14</artifactId>
<version>10</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>3.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>3.0.3.RELEASE</version>
<exclusions>
<exclusion>
<artifactId>spring-beans</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>3.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-oxm</artifactId>
<version>3.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>3.0.3.RELEASE</version>
<exclusions>
<exclusion>
<artifactId>spring-beans</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
<version>3.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc-portlet</artifactId>
<version>3.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>quartz</groupId>
<artifactId>quartz</artifactId>
<version>1.5.2</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>3.0.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.3</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
<version>1.3.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.5.8</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>net.sf.json-lib</groupId>
<artifactId>json-lib</artifactId>
<version>2.3</version>
<classifier>jdk15</classifier>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.5.8</version>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.0</version>
</dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
<version>2.0.3</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.0.2</version>
<configuration>
<source>1.6</source>
<target>1.6</target>
</configuration>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>jetty-dev</id>
<dependencies>
<dependency>
<groupId>javax.faces</groupId>
<artifactId>jsf-api</artifactId>
<version>1.2_15</version>
</dependency>
<dependency>
<groupId>javax.faces</groupId>
<artifactId>jsf-impl</artifactId>
<version>1.2_15</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.0.2</version>
<configuration>
<source>1.6</source>
<target>1.6</target>
</configuration>
</plugin>
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
<version>6.1.22</version>
<configuration>
<scanIntervalSeconds>2</scanIntervalSeconds>
<stopKey>foo</stopKey>
<stopPort>9999</stopPort>
<connectors>
<connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
<port>9090</port>
<maxIdleTime>60000</maxIdleTime>
</connector>
</connectors>
</configuration>
<dependencies>
</dependencies>
<executions>
<execution>
<id>start-jetty</id>
<phase>pre-integration-test</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<scanIntervalSeconds>2</scanIntervalSeconds>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<properties>
<build.vcs.number>3</build.vcs.number>
<build.number>1</build.number>
</properties>
</profile>
</profiles>
<properties>
<org.springframework.version>3.0.5.RELEASE</org.springframework.version>
<jsf.version>2.1.1-b03</jsf.version>
<ice.version>2.0.0</ice.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
</properties>
</project>
Thursday, October 13, 2011
How to configure Spring Security with Active Directory
Hi,
one thing that can be very trick is how to configure a Spring Security with LDAP using Active Directory as the underlying authentication system.
Spring Security documentation lacks on information about Active Directory. The tick thing is that we need to extend Spring Security LDAP authentication components to successfully implement it in our JSF or Dynamic web application.
In this tutorial, I'm using:
Maven2 with Simple Web Application skipping the Archtypes ( I don't like them since we always after need to clean up the code)
Spring 3
Spring Security
So, let's start:
Step 1 - Configure your web application for using Spring and Spring Security
/src/main/webapp/WEB-INF/web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>WebApplication</display-name>
<session-config>
<session-timeout>10</session-timeout>
</session-config>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:WebApplication-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
2 - Configure the Spring context
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:cxf="http://camel.apache.org/schema/cxfEndpoint"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/jee
http://www.springframework.org/schema/jee/spring-jee-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.0.xsd
">
<context:annotation-config/>
<context:component-scan base-package="com.yourcompany.services" />
<tx:annotation-driven />
<security:http auto-config='false' >
<security:intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/app/*" access="ROLE_USER" />
<security:form-login login-page='/login.jsp' authentication-failure-url="/login.jsp?authfailed=true" />
<security:session-management session-fixation-protection="none" > </security:session-management>
<security:anonymous />
<security:http-basic />
<security:logout />
</security:http>
<security:ldap-server id="ldapServer" url="ldap://your_active_directory:389/" />
<security:authentication-manager>
<security:authentication-provider ref="ldapAuthenticationProvider" />
</security:authentication-manager>
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://your_active_directory_ip:389/" />
</bean>
<bean id="ldapAuthenticationProvider"
class="com.yourcompany.services.security.LdapAuthenticationProvider">
<property name="authenticator" ref="ldapAuthenticator" />
</bean>
<bean id="ldapAuthenticator"
class="com.yourcompany.services.security.LdapAuthenticatorImpl">
<property name="contextFactory" ref="contextSource" />
<property name="principalPrefix" value="" />
</bean>
</beans>
3 - Here is the trick, you must create LdapAuthenticationProvider, LdapAuthenticatorImpl, LdapAuthenticationToken and Principal
Here are the source codes:
package com.yourcompany.services.security;
import javax.naming.ldap.InitialLdapContext;
import org.springframework.ldap.AuthenticationException;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.ldap.authentication.LdapAuthenticator;
public class LdapAuthenticationProvider implements AuthenticationProvider {
private LdapAuthenticator authenticator;
public Authentication authenticate(Authentication auth) throws AuthenticationException {
// Authenticate, using the passed-in credentials.
DirContextOperations authAdapter = authenticator.authenticate(auth);
// Creating an LdapAuthenticationToken (rather than using the existing Authentication
// object) allows us to add the already-created LDAP context for our app to use later.
LdapAuthenticationToken ldapAuth = new LdapAuthenticationToken(auth, "ROLE_USER");
InitialLdapContext ldapContext = (InitialLdapContext) authAdapter.getObjectAttribute("ldapContext");
if (ldapContext != null) {
ldapAuth.setContext(ldapContext);
}
return ldapAuth;
}
public boolean supports(Class clazz) {
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(clazz));
}
public LdapAuthenticator getAuthenticator() {
return authenticator;
}
public void setAuthenticator(LdapAuthenticator authenticator) {
this.authenticator = authenticator;
}
}
package com.yourcompany.services.security;
import javax.naming.ldap.InitialLdapContext;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.Authentication;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.authentication.LdapAuthenticator;
public class LdapAuthenticatorImpl implements LdapAuthenticator {
private DefaultSpringSecurityContextSource contextFactory;
private String principalPrefix = "";
public DirContextOperations authenticate(Authentication authentication) {
// Grab the username and password out of the authentication object.
String principal = authentication.getName();
String password = "";
if (authentication.getCredentials() != null) {
password = authentication.getCredentials().toString();
}
// If we have a valid username and password, try to authenticate.
if (!("".equals(principal.trim())) && !("".equals(password.trim()))) {
try {
InitialLdapContext ldapContext = (InitialLdapContext) contextFactory.getContext(principal+"@YOUR_COMPANY_WINDOWS_DOMAIN",password);
DirContextOperations authAdapter = new DirContextAdapter();
authAdapter.addAttributeValue("ldapContext", ldapContext);
return authAdapter;
} catch(Exception e){
e.printStackTrace();
throw new org.springframework.security.authentication.BadCredentialsException("Login/Password not allowed to login.");
}
// We need to pass the context back out, so that the auth provider can add it to the
// Authentication object.
} else {
throw new org.springframework.security.authentication.BadCredentialsException("Login/Password not allowed to login.");
}
}
/**
* Since the InitialLdapContext that's stored as a property of an LdapAuthenticationToken is
* transient (because it isn't Serializable), we need some way to recreate the
* InitialLdapContext if it's null (e.g., if the LdapAuthenticationToken has been serialized
* and deserialized). This is that mechanism.
*
* @param authenticator
* the LdapAuthenticator instance from your application's context
* @param auth
* the LdapAuthenticationToken in which to recreate the InitialLdapContext
* @return
*/
static public InitialLdapContext recreateLdapContext(LdapAuthenticator authenticator,
LdapAuthenticationToken auth) {
DirContextOperations authAdapter = authenticator.authenticate(auth);
InitialLdapContext context = (InitialLdapContext) authAdapter
.getObjectAttribute("ldapContext");
auth.setContext(context);
return context;
}
public DefaultSpringSecurityContextSource getContextFactory() {
return contextFactory;
}
/**
* Set the context factory to use for generating a new LDAP context.
*
* @param contextFactory
*/
public void setContextFactory(DefaultSpringSecurityContextSource contextFactory) {
this.contextFactory = contextFactory;
}
public String getPrincipalPrefix() {
return principalPrefix;
}
/**
* Set the string to be prepended to all principal names prior to attempting authentication
* against the LDAP server. (For example, if the Active Directory wants the domain-name-plus
* backslash prepended, use this.)
*
* @param principalPrefix
*/
public void setPrincipalPrefix(String principalPrefix) {
if (principalPrefix != null) {
this.principalPrefix = principalPrefix;
} else {
this.principalPrefix = "";
}
}
}
package com.yourcompany.services.security;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
public class LdapAuthenticationToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = -5040340622950665401L;
private Authentication auth;
transient private InitialLdapContext context;
private List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
/**
* Construct a new LdapAuthenticationToken, using an existing Authentication object and
* granting all users a default authority.
*
* @param auth
* @param defaultAuthority
*/
public LdapAuthenticationToken(Authentication auth, GrantedAuthority defaultAuthority) {
super(auth.getAuthorities());
this.auth = auth;
super.setAuthenticated(true);
}
/**
* Construct a new LdapAuthenticationToken, using an existing Authentication object and
* granting all users a default authority.
*
* @param auth
* @param defaultAuthority
*/
public LdapAuthenticationToken(Authentication auth, String defaultAuthority) {
this(auth, new GrantedAuthorityImpl(defaultAuthority));
}
public String nome;
public boolean alreadyLogged = false;
public Collection<GrantedAuthority> getAuthorities() {
if (!alreadyLogged) {
GrantedAuthority[] authoritiesArray = this.authorities.toArray(new GrantedAuthority[0]);
SearchControls searchCtls = new SearchControls();
String returnedAtts[] ={ "cn", "memberOf" };
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchCtls.setReturningAttributes(returnedAtts);
try {
NamingEnumeration answer = context.search("DC=yourcompany,DC=com", "(&(objectClass=*)(sAMAccountName=" + auth.getPrincipal() + "))", searchCtls);
System.out.println("USERS ROLES: " + answer);
while (answer.hasMoreElements())
{
SearchResult sr = (SearchResult) answer.next();
Attributes attrs = sr.getAttributes();
Map amap = null;
if (attrs != null)
{
amap = new HashMap();
NamingEnumeration ne = attrs.getAll();
while (ne.hasMore())
{
Attribute attr = (Attribute) ne.next();
if (attr.get()!= null) {
if (attr.getID().equals("cn")) {
nome = attr.get() + "";
} else if(attr.getID().equals("memberOf")) {
@SuppressWarnings("rawtypes")
NamingEnumeration enu = attr.getAll();
while(enu.hasMoreElements()) {
//StringTokenizer token = new StringTokenizer(attr.get() + "", ";");
String tk = new String (enu.nextElement() + "");
System.out.println(">>>>>>>>>>>>>>>>>>>>> TK: " + tk);
System.out.println("Already Logged: " + alreadyLogged);
if (tk.contains("HBWebAdmin")){
System.out.println("ROLE_USER");
GrantedAuthority admin = new GrantedAuthorityImpl("ROLE_USER");
authorities.add(admin);
}
if (tk.contains("HBWebAdmin") && tk.contains("ADMIN")){
System.out.println("ROLE_ADMIN");
GrantedAuthority admin = new GrantedAuthorityImpl("ROLE_ADMIN");
authorities.add(admin);
}
if (tk.contains("HBWebAdmin") && tk.contains("MNG_REPORT")){
System.out.println("Adding role: ROLE_MNG_REPORT");
GrantedAuthority user = new GrantedAuthorityImpl("ROLE_MNG_REPORT");
authorities.add(user);
}
if (tk.contains("HBWebAdmin") && tk.contains("MNG_REGISTER")){
System.out.println("Adding role: ROLE_MNG_REGISTER");
GrantedAuthority user = new GrantedAuthorityImpl("ROLE_MNG_REGISTER");
authorities.add(user);
}
if (tk.contains("HBWebAdmin") && tk.contains("MNG_LOGIN_MNG")){
System.out.println("Adding role: ROLE_MNG_LOGIN_MNG" );
GrantedAuthority user = new GrantedAuthorityImpl("ROLE_MNG_LOGIN_MNG");
authorities.add(user);
}
if (tk.contains("HBWebAdmin") && tk.contains("LEVEL1")){
System.out.println("Adding role: ROLE_LEVEL1" );
GrantedAuthority user = new GrantedAuthorityImpl("ROLE_LEVEL1");
authorities.add(user);
}
if (tk.contains("HBWebAdmin") && tk.contains("LEVEL2")){
System.out.println("Adding role: ROLE_LEVEL2" );
GrantedAuthority user = new GrantedAuthorityImpl("ROLE_LEVEL2");
authorities.add(user);
}
if (tk.contains("HBWebAdmin") && tk.contains("LEVEL3")){
System.out.println("Adding role: ROLE_LEVEL3" );
GrantedAuthority user = new GrantedAuthorityImpl("ROLE_LEVEL3");
authorities.add(user);
}
}
}
}
}
ne.close();
alreadyLogged = true;
}
}
} catch (NamingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return this.authorities;
}
public void addAuthority(GrantedAuthority authority) {
this.authorities.add(authority);
}
public Object getCredentials() {
return auth.getCredentials();
}
public Object getPrincipal() {
com.yourcompany.services.security.Principal p = new com.yourcompany.services.services.security.Principal(name);
return p;
}
/**
* Retrieve the LDAP context attached to this user's authentication object.
*
* @return the LDAP context
*/
public InitialLdapContext getContext() {
return context;
}
/**
* Attach an LDAP context to this user's authentication object.
*
* @param context
* the LDAP context
*/
public void setContext(InitialLdapContext context) {
this.context = context;
}
}
package com.yourcompany.services.security;
public class Principal implements java.security.Principal {
private String name;
public Principal(String name){
this.name = name;
}
@Override
public String getName() {
return name;
}
}
The trick thing is that you need to use your Context root of the Active Directory tree and pass the Active Directory Search like this
NamingEnumeration answer = context.search("DC=yourcompany,DC=com", "(&(objectClass=*)(sAMAccountName=" + auth.getPrincipal() + "))", searchCtls);
The above search, searches for the specific properties specified by searchCtls using the objectClass=* and sAMAccountName= userid, so this way your code is not tied to only one context in the Active Directory.
Pay attention to the bind authentication
InitialLdapContext ldapContext = (InitialLdapContext) contextFactory.getContext(principal+"@YOUR_COMPANY_WINDOWS_DOMAIN",password);
you need to pass user_id@YOURCOMPANYDOMAIN and the password, so Active Directory will handle the password comparison when trying to get the context.
one thing that can be very trick is how to configure a Spring Security with LDAP using Active Directory as the underlying authentication system.
Spring Security documentation lacks on information about Active Directory. The tick thing is that we need to extend Spring Security LDAP authentication components to successfully implement it in our JSF or Dynamic web application.
In this tutorial, I'm using:
Maven2 with Simple Web Application skipping the Archtypes ( I don't like them since we always after need to clean up the code)
Spring 3
Spring Security
So, let's start:
Step 1 - Configure your web application for using Spring and Spring Security
/src/main/webapp/WEB-INF/web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>WebApplication</display-name>
<session-config>
<session-timeout>10</session-timeout>
</session-config>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:WebApplication-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
2 - Configure the Spring context
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:cxf="http://camel.apache.org/schema/cxfEndpoint"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/jee
http://www.springframework.org/schema/jee/spring-jee-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.0.xsd
">
<context:annotation-config/>
<context:component-scan base-package="com.yourcompany.services" />
<tx:annotation-driven />
<security:http auto-config='false' >
<security:intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/app/*" access="ROLE_USER" />
<security:form-login login-page='/login.jsp' authentication-failure-url="/login.jsp?authfailed=true" />
<security:session-management session-fixation-protection="none" > </security:session-management>
<security:anonymous />
<security:http-basic />
<security:logout />
</security:http>
<security:ldap-server id="ldapServer" url="ldap://your_active_directory:389/" />
<security:authentication-manager>
<security:authentication-provider ref="ldapAuthenticationProvider" />
</security:authentication-manager>
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://your_active_directory_ip:389/" />
</bean>
<bean id="ldapAuthenticationProvider"
class="com.yourcompany.services.security.LdapAuthenticationProvider">
<property name="authenticator" ref="ldapAuthenticator" />
</bean>
<bean id="ldapAuthenticator"
class="com.yourcompany.services.security.LdapAuthenticatorImpl">
<property name="contextFactory" ref="contextSource" />
<property name="principalPrefix" value="" />
</bean>
</beans>
3 - Here is the trick, you must create LdapAuthenticationProvider, LdapAuthenticatorImpl, LdapAuthenticationToken and Principal
Here are the source codes:
package com.yourcompany.services.security;
import javax.naming.ldap.InitialLdapContext;
import org.springframework.ldap.AuthenticationException;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.ldap.authentication.LdapAuthenticator;
public class LdapAuthenticationProvider implements AuthenticationProvider {
private LdapAuthenticator authenticator;
public Authentication authenticate(Authentication auth) throws AuthenticationException {
// Authenticate, using the passed-in credentials.
DirContextOperations authAdapter = authenticator.authenticate(auth);
// Creating an LdapAuthenticationToken (rather than using the existing Authentication
// object) allows us to add the already-created LDAP context for our app to use later.
LdapAuthenticationToken ldapAuth = new LdapAuthenticationToken(auth, "ROLE_USER");
InitialLdapContext ldapContext = (InitialLdapContext) authAdapter.getObjectAttribute("ldapContext");
if (ldapContext != null) {
ldapAuth.setContext(ldapContext);
}
return ldapAuth;
}
public boolean supports(Class clazz) {
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(clazz));
}
public LdapAuthenticator getAuthenticator() {
return authenticator;
}
public void setAuthenticator(LdapAuthenticator authenticator) {
this.authenticator = authenticator;
}
}
package com.yourcompany.services.security;
import javax.naming.ldap.InitialLdapContext;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.Authentication;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.authentication.LdapAuthenticator;
public class LdapAuthenticatorImpl implements LdapAuthenticator {
private DefaultSpringSecurityContextSource contextFactory;
private String principalPrefix = "";
public DirContextOperations authenticate(Authentication authentication) {
// Grab the username and password out of the authentication object.
String principal = authentication.getName();
String password = "";
if (authentication.getCredentials() != null) {
password = authentication.getCredentials().toString();
}
// If we have a valid username and password, try to authenticate.
if (!("".equals(principal.trim())) && !("".equals(password.trim()))) {
try {
InitialLdapContext ldapContext = (InitialLdapContext) contextFactory.getContext(principal+"@YOUR_COMPANY_WINDOWS_DOMAIN",password);
DirContextOperations authAdapter = new DirContextAdapter();
authAdapter.addAttributeValue("ldapContext", ldapContext);
return authAdapter;
} catch(Exception e){
e.printStackTrace();
throw new org.springframework.security.authentication.BadCredentialsException("Login/Password not allowed to login.");
}
// We need to pass the context back out, so that the auth provider can add it to the
// Authentication object.
} else {
throw new org.springframework.security.authentication.BadCredentialsException("Login/Password not allowed to login.");
}
}
/**
* Since the InitialLdapContext that's stored as a property of an LdapAuthenticationToken is
* transient (because it isn't Serializable), we need some way to recreate the
* InitialLdapContext if it's null (e.g., if the LdapAuthenticationToken has been serialized
* and deserialized). This is that mechanism.
*
* @param authenticator
* the LdapAuthenticator instance from your application's context
* @param auth
* the LdapAuthenticationToken in which to recreate the InitialLdapContext
* @return
*/
static public InitialLdapContext recreateLdapContext(LdapAuthenticator authenticator,
LdapAuthenticationToken auth) {
DirContextOperations authAdapter = authenticator.authenticate(auth);
InitialLdapContext context = (InitialLdapContext) authAdapter
.getObjectAttribute("ldapContext");
auth.setContext(context);
return context;
}
public DefaultSpringSecurityContextSource getContextFactory() {
return contextFactory;
}
/**
* Set the context factory to use for generating a new LDAP context.
*
* @param contextFactory
*/
public void setContextFactory(DefaultSpringSecurityContextSource contextFactory) {
this.contextFactory = contextFactory;
}
public String getPrincipalPrefix() {
return principalPrefix;
}
/**
* Set the string to be prepended to all principal names prior to attempting authentication
* against the LDAP server. (For example, if the Active Directory wants the domain-name-plus
* backslash prepended, use this.)
*
* @param principalPrefix
*/
public void setPrincipalPrefix(String principalPrefix) {
if (principalPrefix != null) {
this.principalPrefix = principalPrefix;
} else {
this.principalPrefix = "";
}
}
}
package com.yourcompany.services.security;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
public class LdapAuthenticationToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = -5040340622950665401L;
private Authentication auth;
transient private InitialLdapContext context;
private List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
/**
* Construct a new LdapAuthenticationToken, using an existing Authentication object and
* granting all users a default authority.
*
* @param auth
* @param defaultAuthority
*/
public LdapAuthenticationToken(Authentication auth, GrantedAuthority defaultAuthority) {
super(auth.getAuthorities());
this.auth = auth;
super.setAuthenticated(true);
}
/**
* Construct a new LdapAuthenticationToken, using an existing Authentication object and
* granting all users a default authority.
*
* @param auth
* @param defaultAuthority
*/
public LdapAuthenticationToken(Authentication auth, String defaultAuthority) {
this(auth, new GrantedAuthorityImpl(defaultAuthority));
}
public String nome;
public boolean alreadyLogged = false;
public Collection<GrantedAuthority> getAuthorities() {
if (!alreadyLogged) {
GrantedAuthority[] authoritiesArray = this.authorities.toArray(new GrantedAuthority[0]);
SearchControls searchCtls = new SearchControls();
String returnedAtts[] ={ "cn", "memberOf" };
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
searchCtls.setReturningAttributes(returnedAtts);
try {
NamingEnumeration answer = context.search("DC=yourcompany,DC=com", "(&(objectClass=*)(sAMAccountName=" + auth.getPrincipal() + "))", searchCtls);
System.out.println("USERS ROLES: " + answer);
while (answer.hasMoreElements())
{
SearchResult sr = (SearchResult) answer.next();
Attributes attrs = sr.getAttributes();
Map amap = null;
if (attrs != null)
{
amap = new HashMap();
NamingEnumeration ne = attrs.getAll();
while (ne.hasMore())
{
Attribute attr = (Attribute) ne.next();
if (attr.get()!= null) {
if (attr.getID().equals("cn")) {
nome = attr.get() + "";
} else if(attr.getID().equals("memberOf")) {
@SuppressWarnings("rawtypes")
NamingEnumeration enu = attr.getAll();
while(enu.hasMoreElements()) {
//StringTokenizer token = new StringTokenizer(attr.get() + "", ";");
String tk = new String (enu.nextElement() + "");
System.out.println(">>>>>>>>>>>>>>>>>>>>> TK: " + tk);
System.out.println("Already Logged: " + alreadyLogged);
if (tk.contains("HBWebAdmin")){
System.out.println("ROLE_USER");
GrantedAuthority admin = new GrantedAuthorityImpl("ROLE_USER");
authorities.add(admin);
}
if (tk.contains("HBWebAdmin") && tk.contains("ADMIN")){
System.out.println("ROLE_ADMIN");
GrantedAuthority admin = new GrantedAuthorityImpl("ROLE_ADMIN");
authorities.add(admin);
}
if (tk.contains("HBWebAdmin") && tk.contains("MNG_REPORT")){
System.out.println("Adding role: ROLE_MNG_REPORT");
GrantedAuthority user = new GrantedAuthorityImpl("ROLE_MNG_REPORT");
authorities.add(user);
}
if (tk.contains("HBWebAdmin") && tk.contains("MNG_REGISTER")){
System.out.println("Adding role: ROLE_MNG_REGISTER");
GrantedAuthority user = new GrantedAuthorityImpl("ROLE_MNG_REGISTER");
authorities.add(user);
}
if (tk.contains("HBWebAdmin") && tk.contains("MNG_LOGIN_MNG")){
System.out.println("Adding role: ROLE_MNG_LOGIN_MNG" );
GrantedAuthority user = new GrantedAuthorityImpl("ROLE_MNG_LOGIN_MNG");
authorities.add(user);
}
if (tk.contains("HBWebAdmin") && tk.contains("LEVEL1")){
System.out.println("Adding role: ROLE_LEVEL1" );
GrantedAuthority user = new GrantedAuthorityImpl("ROLE_LEVEL1");
authorities.add(user);
}
if (tk.contains("HBWebAdmin") && tk.contains("LEVEL2")){
System.out.println("Adding role: ROLE_LEVEL2" );
GrantedAuthority user = new GrantedAuthorityImpl("ROLE_LEVEL2");
authorities.add(user);
}
if (tk.contains("HBWebAdmin") && tk.contains("LEVEL3")){
System.out.println("Adding role: ROLE_LEVEL3" );
GrantedAuthority user = new GrantedAuthorityImpl("ROLE_LEVEL3");
authorities.add(user);
}
}
}
}
}
ne.close();
alreadyLogged = true;
}
}
} catch (NamingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return this.authorities;
}
public void addAuthority(GrantedAuthority authority) {
this.authorities.add(authority);
}
public Object getCredentials() {
return auth.getCredentials();
}
public Object getPrincipal() {
com.yourcompany.services.security.Principal p = new com.yourcompany.services.services.security.Principal(name);
return p;
}
/**
* Retrieve the LDAP context attached to this user's authentication object.
*
* @return the LDAP context
*/
public InitialLdapContext getContext() {
return context;
}
/**
* Attach an LDAP context to this user's authentication object.
*
* @param context
* the LDAP context
*/
public void setContext(InitialLdapContext context) {
this.context = context;
}
}
package com.yourcompany.services.security;
public class Principal implements java.security.Principal {
private String name;
public Principal(String name){
this.name = name;
}
@Override
public String getName() {
return name;
}
}
The trick thing is that you need to use your Context root of the Active Directory tree and pass the Active Directory Search like this
NamingEnumeration answer = context.search("DC=yourcompany,DC=com", "(&(objectClass=*)(sAMAccountName=" + auth.getPrincipal() + "))", searchCtls);
The above search, searches for the specific properties specified by searchCtls using the objectClass=* and sAMAccountName= userid, so this way your code is not tied to only one context in the Active Directory.
Pay attention to the bind authentication
InitialLdapContext ldapContext = (InitialLdapContext) contextFactory.getContext(principal+"@YOUR_COMPANY_WINDOWS_DOMAIN",password);
you need to pass user_id@YOURCOMPANYDOMAIN and the password, so Active Directory will handle the password comparison when trying to get the context.
Wednesday, October 12, 2011
How to install an SSL certificate on IHS (IBM HTTP Server)
Hi, folks.
I'm going to explain how to install an SSL certificate on IHS (IBM HTTP Server).
I have received this request yesterday and today I have struggled with this configuration. So, now if you are in a hurry, I think you can configure an SSL in 5 minutes. So let's go through the steps:
* TIPS
TIP 1 - Create a .sh script for creating the db, for importing certificates and for receiving the signed key.
TIP 2 - gsk7cmd command supports -Xms1024m -Xmx2048m options for adding extra heap memory to java. This is very usefull because some times you end up with OutOfMemory errors.
TIP3 - After creating the request you can see the request by list request certificates in the keystore, after receiving the signed certificate the certificate request is removed. Don't worry, this is normal.
TIP4 - SL0208E: SSL Handshake Failed, Certificate validation error. This error is related to the Root Class3 certificate. Don't forget to import it to the keystore.
Step 1 - Configure your environment variables
Using command line (as almost on every server)
Step 1 - Configure your environment
export JAVA_HOME=/java/jre
export PATH=/java/jre/bin:$PATH
Step 2 - Create a new key store database:
IHS_ROOT_DIR/gsk7/bin/gsk7cmd -keydb -create -db keystore -pw 1234 -type cms -stash
Step3 - Create a new Key Request:
IHS_ROOT_DIR/gsk7/bin/gsk7cmd -certreq -create -db keystore.kdb -pw 1234 -
label keystorelabel -dn "CN=subdomain.yourcompany.com,O=Company Name,OU=OrganizationUnit,L=Sao Paulo,ST=Sao Paulo,C=BR" -size 2048 -file keyrequest.csr
Step3 - Import primary and secondary intermediate certsign public keys
access this link and copy the primary and secondary intermediate keys
http://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html
copy the Primary Intermediate CA Certificate and save in a file called
primary.crt
copy the Secondary Intermediate CA Certificate and save in a file called
secondary.crt
access Verisign link and choose your product. The most common is "Standard SSL"
https://knowledge.verisign.com/support/mpki-for-ssl-support/index?page=content&actp=CROSSLINK&id=SO4785
Access your product. After accessing your product link, it will be displayed the Class 3 Public Primary Certification Authority. Copy the certificate and store it in a file called
rootclasscert.crt
so now you have the 3 certificates:
primary.crt
secondary.crt
rootclasscert.crt
Step 4 - Import primary, secondary and rootclasscert into your keystore.kdb database
/gsk7/bin/gsk7cmd -Xms1024m -Xmx2048m -cert -add -db keystore.
kdb -pw 1234 -label primary -format ascii -trust enable -file primary.crt
/gsk7/bin/gsk7cmd -Xms1024m -Xmx2048m -cert -add -db keystore.
kdb -pw 1234 -label secondary -format ascii -trust enable -file secondary.crt
/gsk7/bin/gsk7cmd -Xms1024m -Xmx2048m -cert -add -db keystore.
kdb -pw 1234 -label rootclasscert -format ascii -trust enable -file rootclasscert.crt
Step 5 - Send your request file keyrequest.csr to Verisign so to receive a signed certificate.
This step is atomic. You access your Verisign account and copy and paste the request key and Verisign will send the signed certificate by email at the same time.
Step 6 - Receive the file and store it in your database
Copy the content of the cert.cer or copy the attached file to your server and issue the following command:
/gsk7/bin/gsk7cmd -Xms1024m -Xmx2048m -cert -receive -file cert.cer -db keystore.kdb -pw 1234 -format ascii -default_cert yes
Step 7 - Configure your IHS to point to the new keystore
Example:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
< virtualhost your.ip.address.number:443 >
ServerName your.ip.address.number
SSLEnable
SSLProtocolDisable SSLv2
KeyFile YOUR_PATH/SSL/keystore.kdb
</virtualhost>
SSLDisable
Step 8 - Stop and Start IHS.
/bin/adminctl stop
/bin/apachectl stop
/bin/adminctl start
/bin/apachectl start
check your server now using https://yourserver/
Hope that helps!
Borys Marcelo
I'm going to explain how to install an SSL certificate on IHS (IBM HTTP Server).
I have received this request yesterday and today I have struggled with this configuration. So, now if you are in a hurry, I think you can configure an SSL in 5 minutes. So let's go through the steps:
* TIPS
TIP 1 - Create a .sh script for creating the db, for importing certificates and for receiving the signed key.
TIP 2 - gsk7cmd command supports -Xms1024m -Xmx2048m options for adding extra heap memory to java. This is very usefull because some times you end up with OutOfMemory errors.
TIP3 - After creating the request you can see the request by list request certificates in the keystore, after receiving the signed certificate the certificate request is removed. Don't worry, this is normal.
TIP4 - SL0208E: SSL Handshake Failed, Certificate validation error. This error is related to the Root Class3 certificate. Don't forget to import it to the keystore.
Step 1 - Configure your environment variables
Using command line (as almost on every server)
Step 1 - Configure your environment
export JAVA_HOME=
export PATH=
Step 2 - Create a new key store database:
IHS_ROOT_DIR/gsk7/bin/gsk7cmd -keydb -create -db keystore -pw 1234 -type cms -stash
Step3 - Create a new Key Request:
label keystorelabel -dn "CN=subdomain.yourcompany.com,O=Company Name,OU=OrganizationUnit,L=Sao Paulo,ST=Sao Paulo,C=BR" -size 2048 -file keyrequest.csr
Step3 - Import primary and secondary intermediate certsign public keys
access this link and copy the primary and secondary intermediate keys
http://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html
copy the Primary Intermediate CA Certificate and save in a file called
primary.crt
copy the Secondary Intermediate CA Certificate and save in a file called
secondary.crt
access Verisign link and choose your product. The most common is "Standard SSL"
https://knowledge.verisign.com/support/mpki-for-ssl-support/index?page=content&actp=CROSSLINK&id=SO4785
Access your product. After accessing your product link, it will be displayed the Class 3 Public Primary Certification Authority. Copy the certificate and store it in a file called
rootclasscert.crt
so now you have the 3 certificates:
primary.crt
secondary.crt
rootclasscert.crt
Step 4 - Import primary, secondary and rootclasscert into your keystore.kdb database
kdb -pw 1234 -label primary -format ascii -trust enable -file primary.crt
kdb -pw 1234 -label secondary -format ascii -trust enable -file secondary.crt
kdb -pw 1234 -label rootclasscert -format ascii -trust enable -file rootclasscert.crt
Step 5 - Send your request file keyrequest.csr to Verisign so to receive a signed certificate.
This step is atomic. You access your Verisign account and copy and paste the request key and Verisign will send the signed certificate by email at the same time.
Step 6 - Receive the file and store it in your database
Copy the content of the cert.cer or copy the attached file to your server and issue the following command:
Step 7 - Configure your IHS to point to the new keystore
Example:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
< virtualhost your.ip.address.number:443 >
ServerName your.ip.address.number
SSLEnable
SSLProtocolDisable SSLv2
KeyFile YOUR_PATH/SSL/keystore.kdb
</virtualhost>
Step 8 - Stop and Start IHS.
check your server now using https://yourserver/
Hope that helps!
Borys Marcelo
Subscribe to:
Posts (Atom)