Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


FEJ uses Spring Security for authentication purposes. Security Authentication configuration is stored in the fejlocated in the spring/custom-security.xml file.

File-based authentication


If you need a more complex authentication solution, please refer to Spring Security documentation.

The authentication mechanism is defined in spring/custom-security.xml:

Code Block
<bean id="passwordEncoder"
 <!--Mock Authentication-->

<sec:authentication-manager id="authenticationManager">
            <sec:password-encoder ref="passwordEncoder"/>
            <sec:user-service id="userDetailsService" properties=""/>

Users are defined by the external properties file named

Code Block

    <!-- Password encode bean to support plain text passwords in -->
    <bean id="passwordEncoder"

    <!-- Password encode bean to support passwords encripted with BCrypt way in -->
<!--    <bean id="adminPasswordEncoder"-->
<!--          class=""/>-->

Authorized administrative users are defined in properties file:

Code Block
# Spring security file format
# password depends on configured spring PasswordEncoder (hash or plain text)
# Format: username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]

# password is plain text

# password is hash (bcrypt)

By default, FEJ provides such user roles with different access level: 

  • FIXICC_ADMIN - access by FIXICC with ALL permissions (role is defined in )
  • FIXICC_GUEST - access by FIXICC with ONLY READ permissions (role is defined in )
  • SSH_ADMIN - access by Remote Shell with ALL permissions (role is defined in
  • JMX_ADMIN - access by JMX with ALL permissions (role is defined in

LDAP authentication

FEJ also supports authentication against an LDAP server.


To activate the authentication of administrative users with LDAP, it needs to replace the authentication-manager bean definition in fejin spring/custom-security.xml file:

Code Block
<ldap-server url="ldap://,dc=com" /
Attribute nameDescription
user-search-baseSearch base for user searches. Defaults to "". Only used with a 'user-search-filter'.
user-search-filterThe LDAP filter used to search for users (optional). For example "(uid={0})". The
substituted parameter is the user's login name.
group-search-baseSearch base for group membership searches. Defaults to "" (searching from the root).
group-search-filterGroup search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN
of the user.
group-role-attributeThe LDAP attribute name which contains the role name which will be used within Spring
Security. Defaults to "cn".
user-dn-patternA specific pattern used to build the user's DN, for example "uid={0},ou=people". The key
"{0}" must be present and will be substituted with the username.

See more details about configuration authentication with the LDAP server in Spring Documentation.