added ldap support
This commit is contained in:
@ -1 +1,7 @@
|
|||||||
jsf.projectStage=Development
|
jsf.projectStage=Development
|
||||||
|
|
||||||
|
shiro.contextFactory = # not defined
|
||||||
|
shiro.passwordMatcher= passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher${line.separator}passwordMatcher.passwordService = $passwordService
|
||||||
|
shiro.ldapRealm = # not defined
|
||||||
|
shiro.authcStrategy = org.apache.shiro.authc.pam.AllSuccessfulStrategy
|
||||||
|
shiro.realms = $jdbcRealm
|
||||||
|
|||||||
@ -1 +1,16 @@
|
|||||||
jsf.projectStage=Production
|
jsf.projectStage=Production
|
||||||
|
|
||||||
|
ldap.url = ldaps://your.domain.com
|
||||||
|
ldap.user = user
|
||||||
|
ldap.password = secret
|
||||||
|
ldap.suffix = @your.domain.com
|
||||||
|
ldap.fallbackSuffix = @your.domain2
|
||||||
|
ldap.searchBase = dc=com,dc=domain,dc.your
|
||||||
|
ldap.searchFilter = (&(objectClass=*)(mail={0}))
|
||||||
|
|
||||||
|
## NO CHANGES BEHIND THIS LINE REQUIRED
|
||||||
|
shiro.contextFactory = contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory${line.separator}contextFactory.url = ${ldap.url}${line.separator}contextFactory.systemUsername = ${ldap.user}${line.separator}contextFactory.systemPassword = ${ldap.password}${line.separator}contextFactory.environment[java.naming.security.protocol] = ssl
|
||||||
|
shiro.passwordMatcher= passwordMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
|
||||||
|
shiro.ldapRealm = ldapRealm = de.muehlencord.shared.account.util.UserNameActiveDirectoryRealm${line.separator}ldapRealm.principalSuffix = ${ldap.suffix}${line.separator}ldapRealm.fallbackPrincipalSuffix = ${ldap.fallbackSuffix}${line.separator}ldapRealm.ldapContextFactory = $contextFactory${line.separator}ldapRealm.searchBase = ${ldap.searchBase}${line.separator}ldapRealm.searchFilter = ${ldap.searchFilter}${line.separator}ldapRealm.permissionsLookupEnabled=false
|
||||||
|
shiro.authcStrategy = org.apache.shiro.authc.pam.AllSuccessfulStrategy
|
||||||
|
shiro.realms=$jdbcRealm,$ldapRealm
|
||||||
|
|||||||
@ -1,56 +1,62 @@
|
|||||||
[main]
|
[main]
|
||||||
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
|
|
||||||
securityManager.cacheManager = $cacheManager
|
# Context factory required for LDAP
|
||||||
|
${shiro.contextFactory}
|
||||||
# DataSource Setup
|
|
||||||
datasource = org.apache.shiro.jndi.JndiObjectFactory
|
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
|
||||||
datasource.resourceName = java:/jboss/accountDs
|
securityManager.cacheManager = $cacheManager
|
||||||
datasource.resourceRef = true
|
|
||||||
|
# DataSource Setup
|
||||||
# HashService
|
datasource = org.apache.shiro.jndi.JndiObjectFactory
|
||||||
hashService = org.apache.shiro.crypto.hash.DefaultHashService
|
datasource.resourceName = java:/jboss/accountDs
|
||||||
hashService.hashIterations = 500000
|
datasource.resourceRef = true
|
||||||
hashService.hashAlgorithmName = SHA-512
|
|
||||||
hashService.generatePublicSalt = true
|
# HashService
|
||||||
|
hashService = org.apache.shiro.crypto.hash.DefaultHashService
|
||||||
# Password service
|
hashService.hashIterations = 500000
|
||||||
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
|
hashService.hashAlgorithmName = SHA-512
|
||||||
passwordService.hashService = $hashService
|
hashService.generatePublicSalt = true
|
||||||
|
|
||||||
# Required password matcher
|
# Password service
|
||||||
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
|
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
|
||||||
passwordMatcher.passwordService = $passwordService
|
passwordService.hashService = $hashService
|
||||||
|
|
||||||
# JDBC Realm setup
|
# Required password matcher
|
||||||
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
|
${shiro.passwordMatcher}
|
||||||
jdbcRealm.permissionsLookupEnabled=false
|
|
||||||
# jdbcRealm.authenticationQuery = select al.account_password from account a, account_login al where al.account = a.id and a.username = ? and status not in ('LOCKED','DELETED')
|
# LDAP Realm setup
|
||||||
jdbcRealm.authenticationQuery = SELECT accl.account_password from account acc, account_login accl, account_role accr, application_role appr WHERE accl.account = acc.id AND acc.id = accr.account AND accr.account_role = appr.id AND appr.application = '143a2bd3-7e0b-4162-a76e-3031331c7dfe' AND acc.status not in ('LOCKED','DELETED') AND acc.username = ?
|
${shiro.ldapRealm}
|
||||||
jdbcRealm.userRolesQuery = select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id
|
|
||||||
jdbcRealm.credentialsMatcher = $passwordMatcher
|
# JDBC Realm setup
|
||||||
jdbcRealm.dataSource = $datasource
|
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
|
||||||
|
jdbcRealm.permissionsLookupEnabled=false
|
||||||
# Activate realms
|
# jdbcRealm.authenticationQuery = select al.account_password from account a, account_login al where al.account = a.id and a.username = ? and status not in ('LOCKED','DELETED')
|
||||||
authcStrategy = org.apache.shiro.authc.pam.AllSuccessfulStrategy
|
jdbcRealm.authenticationQuery = SELECT accl.account_password from account acc, account_login accl, account_role accr, application_role appr WHERE accl.account = acc.id AND acc.id = accr.account AND accr.account_role = appr.id AND appr.application = '143a2bd3-7e0b-4162-a76e-3031331c7dfe' AND acc.status not in ('LOCKED','DELETED') AND acc.username = ?
|
||||||
securityManager.realms = $jdbcRealm
|
jdbcRealm.userRolesQuery = select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id
|
||||||
securityManager.authenticator.authenticationStrategy = $authcStrategy
|
jdbcRealm.credentialsMatcher = $passwordMatcher
|
||||||
|
jdbcRealm.dataSource = $datasource
|
||||||
# Setup authentication filter
|
|
||||||
authc = de.muehlencord.shirofaces.filter.FacesAjaxAwarePassThruAuthenticationFilter
|
# Activate realms
|
||||||
authc.loginUrl = /login.xhtml
|
authcStrategy = ${shiro.authcStrategy}
|
||||||
authc.successUrl = /web/account.xhtml
|
securityManager.realms = ${shiro.realms}
|
||||||
|
securityManager.authenticator.authenticationStrategy = $authcStrategy
|
||||||
roles.unauthorizedUrl = /error/accessDenied.xhtml
|
|
||||||
|
# Setup authentication filter
|
||||||
#
|
authc = de.muehlencord.shirofaces.filter.FacesAjaxAwarePassThruAuthenticationFilter
|
||||||
# filter setup
|
authc.loginUrl = /login.xhtml
|
||||||
#
|
authc.successUrl = /web/account.xhtml
|
||||||
[urls]
|
|
||||||
/public/**=anon
|
roles.unauthorizedUrl = /error/accessDenied.xhtml
|
||||||
/resources/**=anon
|
|
||||||
/fonts/**=anon
|
#
|
||||||
/javax.faces.resource/**=anon
|
# filter setup
|
||||||
/login.xhtml=authc
|
#
|
||||||
/logout.xhtml=logout
|
[urls]
|
||||||
/**=authc
|
/public/**=anon
|
||||||
# /web/**=authc
|
/resources/**=anon
|
||||||
|
/fonts/**=anon
|
||||||
|
/javax.faces.resource/**=anon
|
||||||
|
/login.xhtml=authc
|
||||||
|
/logout.xhtml=logout
|
||||||
|
/**=authc
|
||||||
|
# /web/**=authc
|
||||||
|
|||||||
Reference in New Issue
Block a user