...
The authentication mechanism is defined in spring/custom-security.xml:
| Code Block | ||
|---|---|---|
| ||
<!--Mock Authentication-->
<sec:authentication-manager id="authenticationManager">
<sec:authentication-provider>
<sec:password-encoder ref="passwordEncoder"/>
<sec:user-service id="userDetailsService" properties="admin-users.properties"/>
</sec:authentication-provider>
</sec:authentication-manager>
<!-- Password encode bean to support plain text passwords in user.properties -->
<bean id="passwordEncoder"
class="org.springframework.security.crypto.password.NoOpPasswordEncoder"
factory-method="getInstance"/>
<!-- Password encode bean to support passwords encrypted with BCrypt way in admin.properties -->
<!-- <bean id="adminPasswordEncoder"-->
<!-- class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>--> |
...
- FIXICC_ADMIN - access by FIXICC with ALL permissions (the role is defined in fixicc_permissions.properties )
- FIXICC_GUEST - access by FIXICC with ONLY READ permissions (the role is defined in fixicc_permissions.properties )
- SSH_ADMIN - access by Remote Shell with ALL permissions (the role is defined in fixedge.properties)
- JMX_ADMIN - access by JMX with ALL permissions (the role is defined in fixedge.properties)
...
| Code Block | ||
|---|---|---|
| ||
<authentication-manager>
<ldap-authentication-provider
="ou=people"
user-search-filter="(uid={0})"
group-search-base="ou=groups"
group-search-filter="(member={0})">
</ldap-authentication-provider>
</authentication-manager>
<ldap-server url="ldap://epam.com:389/dc=epam,dc=com"
manager-dn="uid=admin,ou=system"
manager-password="admin"/> |
where
| Attribute name | Description |
|---|---|
| ldap-authentication-provider | |
| user-search-base | Search base for user searches. Defaults to "". Only used with a 'user-search-filter'. |
| user-search-filter | The LDAP filter used to search for users (optional). For example, "(uid={0})". The substituted parameter is user's login name. |
| group-search-base | Defines the part of the directory tree under which group searches should be performed. Defaults to "" (searching from the root). |
| group-search-filter | The filter which is used to search for group membership. Defaults to (uniqueMember={0}). The substituted parameter is the DN of the user. |
| group-role-attribute | The LDAP attribute name which contains the role name which will be used within Spring Security. Defaults to "cn". |
| user-dn-pattern | A specific pattern used to build user's DN, for example, "uid={0},ou=people". The key "{0}" must be present and will be substituted with the username. |
| ldap-server | |
| url | Specifies the LDAP server URL when not using the embedded LDAP server. |
| manager-dn | Username (DN) of the "manager" user identity (i.e. "uid=admin,ou=system") which will be used to authenticate to a (non-embedded) LDAP server. If omitted, anonymous access will be used. |
| manager-password | The password for the manager DN. This is required if the manager-dn is specified. |
Check more details about the configuration authentication with an LDAP server on Spring Documentation.
...
Shell configuration properties are defined by the shell.properties file.
| Name | Default value | Description |
|---|---|---|
crash.auth | spring | Authentication mechanism |
crash.ssh.port | 2000 | SSH server port to listen |
| crash.ssh.keypath | /crash/hostkey.pem | The path to the PEM file with an SSH server key. Alternatively, Java Keystore can be used (see the crash.ssh.keystore.path option) |
| crash.ssh.keystore.path | The path to the Keystore file with SSH server keys. Has higher priority than crash.ssh.keypath | |
| crash.ssh.keystore.password | The password for the Keystore file | |
| crash.ssh.keystore.provider | Key manager provider. Note that the list of registered providers may be retrieved via the Security.getProviders() method. | |
| crash.ssh.keystore.type | JKS | The type of Keystore. |
| crash.ssh.keygen | false | Specify if a key file should be generated during server start. The crash.ssh.keypath should be defined. |
crash.ssh.auth_timeout | 300000 | Authentication timeout of the SSH server (in milliseconds) |
crash.ssh.idle_timeout | 300000 | Idle timeout of the SSH server (in milliseconds) |
crash.ssh.default_encoding | UTF-8 | Character encoding |
FEJ uses the Java shell called ‘CRaSH’. For more information about configuration properties, please refer to the CRaSH reference documentation.
...