added ldap support
This commit is contained in:
@ -1 +1,7 @@
|
||||
jsf.projectStage=Development
|
||||
|
||||
shiro.contextFactory = # not defined
|
||||
shiro.passwordMatcher= passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher${line.separator}passwordMatcher.passwordService = $passwordService
|
||||
shiro.ldapRealm = # not defined
|
||||
shiro.authcStrategy = org.apache.shiro.authc.pam.AllSuccessfulStrategy
|
||||
shiro.realms = $jdbcRealm
|
||||
|
||||
@ -1 +1,16 @@
|
||||
jsf.projectStage=Production
|
||||
|
||||
ldap.url = ldaps://your.domain.com
|
||||
ldap.user = user
|
||||
ldap.password = secret
|
||||
ldap.suffix = @your.domain.com
|
||||
ldap.fallbackSuffix = @your.domain2
|
||||
ldap.searchBase = dc=com,dc=domain,dc.your
|
||||
ldap.searchFilter = (&(objectClass=*)(mail={0}))
|
||||
|
||||
## NO CHANGES BEHIND THIS LINE REQUIRED
|
||||
shiro.contextFactory = contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory${line.separator}contextFactory.url = ${ldap.url}${line.separator}contextFactory.systemUsername = ${ldap.user}${line.separator}contextFactory.systemPassword = ${ldap.password}${line.separator}contextFactory.environment[java.naming.security.protocol] = ssl
|
||||
shiro.passwordMatcher= passwordMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
|
||||
shiro.ldapRealm = ldapRealm = de.muehlencord.shared.account.util.UserNameActiveDirectoryRealm${line.separator}ldapRealm.principalSuffix = ${ldap.suffix}${line.separator}ldapRealm.fallbackPrincipalSuffix = ${ldap.fallbackSuffix}${line.separator}ldapRealm.ldapContextFactory = $contextFactory${line.separator}ldapRealm.searchBase = ${ldap.searchBase}${line.separator}ldapRealm.searchFilter = ${ldap.searchFilter}${line.separator}ldapRealm.permissionsLookupEnabled=false
|
||||
shiro.authcStrategy = org.apache.shiro.authc.pam.AllSuccessfulStrategy
|
||||
shiro.realms=$jdbcRealm,$ldapRealm
|
||||
|
||||
@ -1,56 +1,62 @@
|
||||
[main]
|
||||
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
|
||||
securityManager.cacheManager = $cacheManager
|
||||
|
||||
# DataSource Setup
|
||||
datasource = org.apache.shiro.jndi.JndiObjectFactory
|
||||
datasource.resourceName = java:/jboss/accountDs
|
||||
datasource.resourceRef = true
|
||||
|
||||
# HashService
|
||||
hashService = org.apache.shiro.crypto.hash.DefaultHashService
|
||||
hashService.hashIterations = 500000
|
||||
hashService.hashAlgorithmName = SHA-512
|
||||
hashService.generatePublicSalt = true
|
||||
|
||||
# Password service
|
||||
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
|
||||
passwordService.hashService = $hashService
|
||||
|
||||
# Required password matcher
|
||||
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
|
||||
passwordMatcher.passwordService = $passwordService
|
||||
|
||||
# JDBC Realm setup
|
||||
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
|
||||
jdbcRealm.permissionsLookupEnabled=false
|
||||
# jdbcRealm.authenticationQuery = select al.account_password from account a, account_login al where al.account = a.id and a.username = ? and status not in ('LOCKED','DELETED')
|
||||
jdbcRealm.authenticationQuery = SELECT accl.account_password from account acc, account_login accl, account_role accr, application_role appr WHERE accl.account = acc.id AND acc.id = accr.account AND accr.account_role = appr.id AND appr.application = '143a2bd3-7e0b-4162-a76e-3031331c7dfe' AND acc.status not in ('LOCKED','DELETED') AND acc.username = ?
|
||||
jdbcRealm.userRolesQuery = select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id
|
||||
jdbcRealm.credentialsMatcher = $passwordMatcher
|
||||
jdbcRealm.dataSource = $datasource
|
||||
|
||||
# Activate realms
|
||||
authcStrategy = org.apache.shiro.authc.pam.AllSuccessfulStrategy
|
||||
securityManager.realms = $jdbcRealm
|
||||
securityManager.authenticator.authenticationStrategy = $authcStrategy
|
||||
|
||||
# Setup authentication filter
|
||||
authc = de.muehlencord.shirofaces.filter.FacesAjaxAwarePassThruAuthenticationFilter
|
||||
authc.loginUrl = /login.xhtml
|
||||
authc.successUrl = /web/account.xhtml
|
||||
|
||||
roles.unauthorizedUrl = /error/accessDenied.xhtml
|
||||
|
||||
#
|
||||
# filter setup
|
||||
#
|
||||
[urls]
|
||||
/public/**=anon
|
||||
/resources/**=anon
|
||||
/fonts/**=anon
|
||||
/javax.faces.resource/**=anon
|
||||
/login.xhtml=authc
|
||||
/logout.xhtml=logout
|
||||
/**=authc
|
||||
# /web/**=authc
|
||||
[main]
|
||||
|
||||
# Context factory required for LDAP
|
||||
${shiro.contextFactory}
|
||||
|
||||
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
|
||||
securityManager.cacheManager = $cacheManager
|
||||
|
||||
# DataSource Setup
|
||||
datasource = org.apache.shiro.jndi.JndiObjectFactory
|
||||
datasource.resourceName = java:/jboss/accountDs
|
||||
datasource.resourceRef = true
|
||||
|
||||
# HashService
|
||||
hashService = org.apache.shiro.crypto.hash.DefaultHashService
|
||||
hashService.hashIterations = 500000
|
||||
hashService.hashAlgorithmName = SHA-512
|
||||
hashService.generatePublicSalt = true
|
||||
|
||||
# Password service
|
||||
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
|
||||
passwordService.hashService = $hashService
|
||||
|
||||
# Required password matcher
|
||||
${shiro.passwordMatcher}
|
||||
|
||||
# LDAP Realm setup
|
||||
${shiro.ldapRealm}
|
||||
|
||||
# JDBC Realm setup
|
||||
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
|
||||
jdbcRealm.permissionsLookupEnabled=false
|
||||
# jdbcRealm.authenticationQuery = select al.account_password from account a, account_login al where al.account = a.id and a.username = ? and status not in ('LOCKED','DELETED')
|
||||
jdbcRealm.authenticationQuery = SELECT accl.account_password from account acc, account_login accl, account_role accr, application_role appr WHERE accl.account = acc.id AND acc.id = accr.account AND accr.account_role = appr.id AND appr.application = '143a2bd3-7e0b-4162-a76e-3031331c7dfe' AND acc.status not in ('LOCKED','DELETED') AND acc.username = ?
|
||||
jdbcRealm.userRolesQuery = select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id
|
||||
jdbcRealm.credentialsMatcher = $passwordMatcher
|
||||
jdbcRealm.dataSource = $datasource
|
||||
|
||||
# Activate realms
|
||||
authcStrategy = ${shiro.authcStrategy}
|
||||
securityManager.realms = ${shiro.realms}
|
||||
securityManager.authenticator.authenticationStrategy = $authcStrategy
|
||||
|
||||
# Setup authentication filter
|
||||
authc = de.muehlencord.shirofaces.filter.FacesAjaxAwarePassThruAuthenticationFilter
|
||||
authc.loginUrl = /login.xhtml
|
||||
authc.successUrl = /web/account.xhtml
|
||||
|
||||
roles.unauthorizedUrl = /error/accessDenied.xhtml
|
||||
|
||||
#
|
||||
# filter setup
|
||||
#
|
||||
[urls]
|
||||
/public/**=anon
|
||||
/resources/**=anon
|
||||
/fonts/**=anon
|
||||
/javax.faces.resource/**=anon
|
||||
/login.xhtml=authc
|
||||
/logout.xhtml=logout
|
||||
/**=authc
|
||||
# /web/**=authc
|
||||
|
||||
Reference in New Issue
Block a user