Administrative user management
This section describes how to set up users and user rights for accessing administrative instruments.
Administrative access to FEJ can be obtained through:
- remote shell
- JMX
- FIXICC app
Configuration of users and their access rights are performed by using Spring Security.
For details on monitoring and management by using a remote shell, refer to FIXEdge Java Administration.
The changes in the configuration will be applied after FIXEdge Java restart.
Security configuration
FEJ uses Spring Security for authentication purposes. Authentication configuration is located in the spring/custom-security.xml file.
File-based authentication
By default, for testing purposes, the FEJ container uses simple, in-memory authentication with the NoOpPasswordEncoder
encoder and plain-text credentials.
For other password encoder options, please check Spring Security 5.0
If you need a more complex authentication solution, please refer to Spring Security documentation.
<bean id="passwordEncoder" class="org.springframework.security.crypto.password.NoOpPasswordEncoder" factory-method="getInstance"/> <sec:authentication-manager id="authenticationManager"> <sec:authentication-provider> <sec:password-encoder ref="passwordEncoder"/> <sec:user-service id="userDetailsService" properties="users.properties"/> </sec:authentication-provider> </sec:authentication-manager>
Users are defined by the external properties file named users.properties
.
test=test,ROLE_ADMIN,enabled
LDAP authentication
FEJ also supports authentication against an LDAP server.
Before getting deep into LDAP authentication, let’s get familiar with some LDAP terms.
Term | Description |
---|---|
Dn | Distinguished name, a unique name that is used to find a user on an LDAP server, for example, in the Microsoft Active Directory. |
Ou | Organization unit |
Bind | LDAP Bind is an operation in which LDAP clients send bindRequest to an LDAP user, including a username and password. If |
Search | LDAP search is an operation that is performed to retrieve the Dn of a user by using some user credentials. |
Root | LDAP directory’s top element, like the root of a tree. |
BaseDn | Branch in an LDAP tree that can be used as a base for the LDAP search operation. |
To activate the authentication of administrative users with LDAP, it needs to replace the authentication-manager bean definition in fej-security.xml file:
<authentication-manager> <ldap-authentication-provider user-search-base="ou=people" user-search-filter="(uid={0})" group-search-base="ou=groups" group-search-filter="(member={0})"> </ldap-authentication-provider> </authentication-manager> <ldap-server url="ldap://epam.com:389/dc=epam,dc=com" /
See more details about configuration authentication with the LDAP server in Spring Documentation.
Administrative shell configuration
To configure access to the interactive shell, shell configuration properties are used.
Shell configuration properties are defined by the shell.properties file.
Name | Default value | Description |
---|---|---|
crash.auth | spring | Authentication mechanism |
crash.ssh.port | 2000 | SSH server port |
crash.ssh.auth_timeout | 300000 | Authentication timeout of the SSH server (in milliseconds) |
crash.ssh.idle_timeout | 300000 | Idle timeout of the SSH server (in milliseconds) |
crash.ssh.default_encoding | UTF-8 | Character encoding |
FEJ uses the Java shell called ‘CRaSH’. For more information about configuration properties, please refer to:
- FIXEdge Java Administration - list of available commands in FIXEdge
- CRaSH reference documentation - official CRaSH API reference
Administrative JMX configuration
The fixedge.properties file contains settings for defining the JMX port and the URL for accessing the JMX service.
For details, refer to the official Java documentation.
Monitoring and management by using the JMX technology are described in the Management over JMX section.
FIXICC access configuration
For details on FIXICC access configuration, refer to the FIXICC & FEJ Integration User Guide.