Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Authorized administrative users are defined in the properties file:

Code Block
# Spring security file format
# password depends on configured spring PasswordEncoder (hash or plain text)
# Format: username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]

# password is plain text

# password is hash (bcrypt)

By default, FEJ provides such the following user roles with different access levellevels

  • FIXICC_ADMIN - access by FIXICC with ALL permissions (role is defined in )
  • FIXICC_GUEST - access by FIXICC with ONLY READ permissions (role is defined in )
  • SSH_ADMIN - access by Remote Shell with ALL permissions (role is defined in
  • JMX_ADMIN - access by JMX with ALL permissions (role is defined in




Distinguished name, a . A unique name that is used to find a user on an LDAP server, for example, in the Microsoft Active Directory.


Organization unit


LDAP Bind is an operation in which LDAP clients send bindRequest to an LDAP server, including a username and password. If
the LDAP server finds that the username and password is correct, it grants access to the LDAP server.


LDAP search is an operation that is performed to retrieve the Dn of a user by using some user credentials.


LDAP directory’s top element, like the root of a tree.


Branch in an LDAP tree that can be used as a base for the LDAP search operation.

To activate the authentication of administrative users with LDAP, it needs to replace the authentication-manager bean definition in the spring/custom-security.xml file:

Code Block
<ldap-server url="ldap://,dc=com" /

Elements from the above sample are described in the table below:

Attribute nameDescription
user-search-baseSearch base for user searches. Defaults to "". Only used with a 'user-search-filter'.
user-search-filterThe LDAP filter used to search for users (optional). For example "(uid={0})". The
substituted parameter is the user's login name.
group-search-baseSearch base for group membership searches. Defaults to "" (searching from the root).
group-search-filterGroup search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN
of the user.
group-role-attributeThe LDAP attribute name
that contains the role name
that will be used within Spring
Security. Defaults to "cn".
user-dn-patternA specific pattern used to build the user's DN, for example "uid={0},ou=people". The key
"{0}" must be present and will be substituted with the username.

See more details about configuration authentication with the LDAP server in Spring Documentation.


Monitoring and management by using the JMX technology is described at the Management over JMX section.