Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The authentication mechanism is defined in spring/custom-security.xml:

Code Block
languagexml
   <!--Mock Authentication-->
    <sec:authentication-manager id="authenticationManager">
        <sec:authentication-provider>
            <sec:password-encoder ref="passwordEncoder"/>
            <sec:user-service id="userDetailsService" properties="admin-users.properties"/>
        </sec:authentication-provider>
    </sec:authentication-manager>
 
    <!-- Password encode bean to support plain text passwords in user.properties -->
    <bean id="passwordEncoder"
          class="org.springframework.security.crypto.password.NoOpPasswordEncoder"
          factory-method="getInstance"/>
 
    <!-- Password encode bean to support passwords encrypted with BCrypt way in admin.properties -->
<!--    <bean id="adminPasswordEncoder"-->
<!--          class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>-->

...

  • FIXICC_ADMIN - access by FIXICC with ALL permissions (the role is defined in fixicc_permissions.properties )
  • FIXICC_GUEST - access by FIXICC with ONLY READ permissions (the role is defined in fixicc_permissions.properties )
  • SSH_ADMIN - access by Remote Shell with ALL permissions (the role is defined in fixedge.properties)
  • JMX_ADMIN - access by JMX with ALL permissions (the role is defined in fixedge.properties)

...

Code Block
languagexml
<authentication-manager>
    <ldap-authentication-provider
      ="ou=people"
      user-search-filter="(uid={0})"
      group-search-base="ou=groups"
      group-search-filter="(member={0})">
    </ldap-authentication-provider>
</authentication-manager>
   
<ldap-server url="ldap://epam.com:389/dc=epam,dc=com" 
                     manager-dn="uid=admin,ou=system"
                     manager-password="admin"/>

where

Attribute nameDescription
ldap-authentication-provider
user-search-baseSearch base for user searches. Defaults to "". Only used with a 'user-search-filter'.
user-search-filter

The LDAP filter used to search for users (optional). For example, "(uid={0})".

The substituted parameter is user's login name.

group-search-baseDefines the part of the directory tree under which group searches should be performed.
Defaults to "" (searching from the root).
group-search-filterThe filter which is used to search for group membership.
Defaults to (uniqueMember={0}). The substituted parameter is the DN of the user.
group-role-attributeThe LDAP attribute name which contains the role name which will be used within Spring Security. Defaults to "cn".
user-dn-patternA specific pattern used to build user's DN, for example, "uid={0},ou=people".
The key "{0}" must be present and will be substituted with the username.
ldap-server
urlSpecifies the LDAP server URL when not using the embedded LDAP server.
manager-dnUsername (DN) of the "manager" user identity (i.e. "uid=admin,ou=system") which will be used to authenticate to a (non-embedded) LDAP server.
If omitted, anonymous access will be used.
manager-passwordThe password for the manager DN. This is required if the manager-dn is specified.

Check more details about the configuration authentication with an LDAP server on Spring Documentation.

...

Shell configuration properties are defined by the shell.properties file.

NameDefault valueDescription

crash.auth

spring

Authentication mechanism

crash.ssh.port

2000

SSH server port to listen

crash.ssh.keypath/crash/hostkey.pem

The path to the PEM file with an SSH server key. Alternatively, Java Keystore can be used (see the crash.ssh.keystore.path option)

crash.ssh.keystore.path

The path to the Keystore file with SSH server keys. Has higher priority than crash.ssh.keypath

crash.ssh.keystore.password
The password for the Keystore file
crash.ssh.keystore.provider
Key manager provider.
Note that the list of registered providers may be retrieved via the Security.getProviders() method.
crash.ssh.keystore.typeJKS

The type of Keystore. 
See the Keystore section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard Keystore types.
Examples of value: JKS, JCEKS, PKCS12, PKCS11
The default value is JKS (Java Key Store).

crash.ssh.keygenfalseSpecify if a key file should be generated during server start. The crash.ssh.keypath should be defined.

crash.ssh.auth_timeout

300000

Authentication timeout of the SSH server (in milliseconds)

crash.ssh.idle_timeout

300000

Idle timeout of the SSH server (in milliseconds)

crash.ssh.default_encoding

UTF-8

Character encoding

FEJ uses the Java shell called ‘CRaSH’. For more information about configuration properties, please refer to the CRaSH reference documentation.

...