From aaa67135a87b691bc5e89b4c387dfd2cf4ac5272 Mon Sep 17 00:00:00 2001 From: jomu Date: Fri, 14 Dec 2018 09:59:13 +0100 Subject: [PATCH] switched to AccountRealm support including JWT support updated setup according to new code structure --- account-ui/src/main/filters/production.properties | 11 ++++++----- account-ui/src/main/webapp/WEB-INF/shiro.ini | 7 ++----- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/account-ui/src/main/filters/production.properties b/account-ui/src/main/filters/production.properties index 6bb220d..085bf34 100644 --- a/account-ui/src/main/filters/production.properties +++ b/account-ui/src/main/filters/production.properties @@ -1,16 +1,17 @@ jsf.projectStage=Production -ldap.url = ldaps://your.domain.com +ldap.url = ldaps://host:port +## we will use provided username / password from webapplication ldap.user = user ldap.password = secret -ldap.suffix = @your.domain.com -ldap.fallbackSuffix = @your.domain2 -ldap.searchBase = dc=com,dc=domain,dc.your +ldap.suffix = @diebold.com +ldap.fallbackSuffix = @dieboldnixdorf.com +ldap.searchBase = dc=ad,dc=diebold,dc=com ldap.searchFilter = (&(objectClass=*)(mail={0})) ## NO CHANGES BEHIND THIS LINE REQUIRED shiro.contextFactory = contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory${line.separator}contextFactory.url = ${ldap.url}${line.separator}contextFactory.systemUsername = ${ldap.user}${line.separator}contextFactory.systemPassword = ${ldap.password}${line.separator}contextFactory.environment[java.naming.security.protocol] = ssl shiro.passwordMatcher= passwordMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher -shiro.ldapRealm = ldapRealm = de.muehlencord.shared.account.util.UserNameActiveDirectoryRealm${line.separator}ldapRealm.principalSuffix = ${ldap.suffix}${line.separator}ldapRealm.fallbackPrincipalSuffix = ${ldap.fallbackSuffix}${line.separator}ldapRealm.ldapContextFactory = $contextFactory${line.separator}ldapRealm.searchBase = ${ldap.searchBase}${line.separator}ldapRealm.searchFilter = ${ldap.searchFilter}${line.separator}ldapRealm.permissionsLookupEnabled=false +shiro.ldapRealm = ldapRealm = de.muehlencord.shared.account.shiro.realm.UserNameActiveDirectoryRealm${line.separator}ldapRealm.principalSuffix = ${ldap.suffix}${line.separator}ldapRealm.fallbackPrincipalSuffix = ${ldap.fallbackSuffix}${line.separator}ldapRealm.ldapContextFactory = $contextFactory${line.separator}ldapRealm.searchBase = ${ldap.searchBase}${line.separator}ldapRealm.searchFilter = ${ldap.searchFilter}${line.separator}ldapRealm.permissionsLookupEnabled=false shiro.authcStrategy = org.apache.shiro.authc.pam.AllSuccessfulStrategy shiro.realms=$jdbcRealm,$ldapRealm diff --git a/account-ui/src/main/webapp/WEB-INF/shiro.ini b/account-ui/src/main/webapp/WEB-INF/shiro.ini index 1c05288..b3b5b10 100644 --- a/account-ui/src/main/webapp/WEB-INF/shiro.ini +++ b/account-ui/src/main/webapp/WEB-INF/shiro.ini @@ -28,11 +28,8 @@ ${shiro.passwordMatcher} ${shiro.ldapRealm} # JDBC Realm setup -jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm -jdbcRealm.permissionsLookupEnabled=true -jdbcRealm.authenticationQuery = SELECT accl.account_password from account acc, account_login accl, account_role accr, application_role appr WHERE accl.account = acc.id AND acc.id = accr.account AND accr.account_role = appr.id AND appr.application = '143a2bd3-7e0b-4162-a76e-3031331c7dfe' AND acc.status not in ('LOCKED','DELETED','DISABLED') AND acc.username = ? -jdbcRealm.userRolesQuery = select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id -jdbcRealm.permissionsQuery = select permission_name from application_role appr, role_permission rp, application_permission appp WHERE appr.role_name = ? AND appr.application = '${applicationUuid}' AND rp.application_role = appr.id AND rp.role_permission = appp.id +jdbcRealm = de.muehlencord.shared.account.shiro.realm.AccountRealm +jdbcRealm.applicationId = ${applicationUuid} jdbcRealm.credentialsMatcher = $passwordMatcher jdbcRealm.dataSource = $datasource