...
FEJ uses Spring Security for authentication purposes. Security Authentication configuration is stored in the fejlocated in the spring/custom-security.xml file.
File-based authentication
...
If you need a more complex authentication solution, please refer to Spring Security documentation.
The authentication mechanism is defined in spring/custom-security.xml:
| Code Block | ||
|---|---|---|
| ||
<bean id="passwordEncoder" class="org.springframework.security.crypto.password.NoOpPasswordEncoder" <!--Mock Authentication--> factory-method="getInstance"/> <sec:authentication-manager id="authenticationManager"> <sec:authentication-provider> <sec:password-encoder ref="passwordEncoder"/> <sec:user-service id="userDetailsService" properties="admin-users.properties"/> </sec:authentication-provider> </sec:authentication-manager> |
Users are defined by the external properties file named users.properties.
| Code Block | ||
|---|---|---|
| ||
test=test,ROLE_ADMIN,enabled |
<!-- Password encode bean to support plain text passwords in user.properties -->
<bean id="passwordEncoder"
class="org.springframework.security.crypto.password.NoOpPasswordEncoder"
factory-method="getInstance"/>
<!-- Password encode bean to support passwords encripted with BCrypt way in admin.properties -->
<!-- <bean id="adminPasswordEncoder"-->
<!-- class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>--> |
Authorized administrative users are defined in admin-users.properties properties file:
| Code Block | ||
|---|---|---|
| ||
# Spring security file format
# password depends on configured spring PasswordEncoder (hash or plain text)
#
# Format: username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]
# password is plain text
admin=admin,JMX_ADMIN,SSH_ADMIN,FIXICC_ADMIN,enabled
guest=guest,FIXICC_GUEST,enabled
# password is hash (bcrypt)
#admin=$2a$10$hCDWIHTwb7zui0dDbG8dXe2r9x3H4JDEynQuoGDn85rk6vOjxGoJC,JMX_ADMIN,SSH_ADMIN,FIXICC_ADMIN,enabled
#guest=$2a$10$pQcJLlpuHRmn5w1MdBx/xudmEBKc0l/ER7TXifc2zntKIrW3lw8S2,FIXICC_GUEST,enabled |
By default, FEJ provides such user roles with different access level:
- FIXICC_ADMIN - access by FIXICC with ALL permissions (role is defined in fixicc_permissions.properties )
- FIXICC_GUEST - access by FIXICC with ONLY READ permissions (role is defined in fixicc_permissions.properties )
- SSH_ADMIN - access by Remote Shell with ALL permissions (role is defined in fixedge.properties)
- JMX_ADMIN - access by JMX with ALL permissions (role is defined in fixedge.properties)
LDAP authentication
FEJ also supports authentication against an LDAP server.
...
To activate the authentication of administrative users with LDAP, it needs to replace the authentication-manager bean definition in fejin spring/custom-security.xml file:
| Code Block | ||
|---|---|---|
| ||
<authentication-manager>
<ldap-authentication-provider
user-search-base="ou=people"
user-search-filter="(uid={0})"
group-search-base="ou=groups"
group-search-filter="(member={0})">
</ldap-authentication-provider>
</authentication-manager>
<ldap-server url="ldap://epam.com:389/dc=epam,dc=com" / |
| Attribute name | Description |
|---|---|
| user-search-base | Search base for user searches. Defaults to "". Only used with a 'user-search-filter'. |
| user-search-filter | The LDAP filter used to search for users (optional). For example "(uid={0})". The substituted parameter is the user's login name. |
| group-search-base | Search base for group membership searches. Defaults to "" (searching from the root). |
| group-search-filter | Group search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN of the user. |
| group-role-attribute | The LDAP attribute name which contains the role name which will be used within Spring Security. Defaults to "cn". |
| user-dn-pattern | A specific pattern used to build the user's DN, for example "uid={0},ou=people". The key "{0}" must be present and will be substituted with the username. |
See more details about configuration authentication with the LDAP server in Spring Documentation.
...