Configuring modeshape 5.1.0 to authenticate with ldap
nikkat2412 Jul 4, 2016 8:54 AMHello Experts,
These are the steps i followed to authenticate my modeshape with ldap:
1)made Jaas-conf.xml which looks like this:
<?xml version='1.0'?>
<policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:jboss:security-config:5.0" xmlns="urn:jboss:security-config:5.0">
<application-policy name="modeshape-jcr">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="1.1.1.1(example):389"/>
<module-option name="java.naming.referral" value="simple"/>
<module-option name="bindDN" value="cn=admin,dc=silvereye,dc=in"/>
<module-option name="bindCredential" value="mypassword"/>
<module-option name="baseCtxDN" value="o=domains,dc=silvereye,dc=in"/>
<module-option name="baseFilter" value="(mail={0})"/>
<module-option name="rolesCtxDN" value="o=domains,dc=silvereye,dc=in"/>
<module-option name="roleFilter" value="(mail={0})" />
<module-option name="roleAttributeID" value="member"/>
<module-option name="roleAttributeIsDN" value="true"/>
<module-option name="roleNameAttributeID" value="cn"/>
<module-option name="searchScope" value="SUBTREE_SCOPE" />
<module-option name="allowEmptyPasswords" value="false"/>
</login-module>
</authentication>
</application-policy>
</policy>
2)Created a json which looks like this:
{
"name" : "Test Repository",
"storage" : {
"binaryStorage" : {
"type" : "file",
"directory": "target/persistent_repository/binaries",
"trash" : "target/persistent_repository/binaries/trash"
}
} ,
"security" : {
"anonymous" : {
"username" : "default",
"roles" : ["readonly","readwrite","admin"],
"useOnFailedLogin" : false
},
"providers" : [
{
"name" : "My Custom Security Provider",
"classname" : "com.example.SimpleTestSecurityProvider"
},
{
"classname" : "com.example.jaas.conf.xml",
"policyName" : "modeshape-jcr"
}
]
}
}
3)custom authentication provider looks like:\
public class SimpleTestSecurityProvider implements AuthenticationProvider, AuthorizationProvider, SecurityContext {
@Override
public ExecutionContext authenticate( Credentials credentials, String repositoryName, String workspaceName,
ExecutionContext repositoryContext, Map<String, Object> sessionAttributes ) {
return repositoryContext.with(this);
}
@Override
public boolean hasPermission( ExecutionContext context, String repositoryName, String repositorySourceName,
String workspaceName, Path absPath, String... actions ) {
return true;
}
@Override
public boolean isAnonymous() {
return false;
}
@Override
public String getUserName() {
return "nirbhay@silvereye.in";
}
@Override
public boolean hasRole( String roleName ) {
return true;
}
@Override
public void logout() {
}
}
and my main code looks like this:
[login.java]
ModeShapeEngine engine = new ModeShapeEngine();
engine.start();
org.modeshape.common.collection.Problems problems=null;
org.modeshape.common.collection.Problems problems1=null;
try {
RepositoryConfiguration config = RepositoryConfiguration.read("my_repository.json");
problems = config.validate();
javax.jcr.Repository repository1 = engine.deploy(config);
// problems1 = repository.getStartupProblems();
// javax.jcr.Repository repository1 = engine.getRepository("Test Repository");
javax.jcr.Session session = repository1.login(new SimpleCredentials("myuser", "mypass".toCharArray()),"default");
session.getUserID();
//session.getRepository()
// Get the root node ...
Node root = session.getRootNode();
root.addNode("dfg");
session.save();
assert root != null;
System.out.println("Found the root node in the \"" + session.getWorkspace().getName() + "\" workspace");
no error it gives session but falls to anonymous login:
17:02:34.828 [main] DEBUG org.modeshape.jcr.JcrRepository - Enabling anonymous authentication and authorization.
17:02:34.853 [main] DEBUG org.modeshape.jcr.JcrRepository - No JNDI found, so not registering 'Test Repository' repository
Please Help !!
Thank you,
Nikhil