1 Reply Latest reply on Jul 4, 2016 9:01 AM by Horia Chiorean

    Configuring modeshape 5.1.0 to authenticate with ldap

    Nikhil Katiyar Newbie

      Hello Experts,

      These are the steps i followed to authenticate my modeshape with ldap:

      1)made Jaas-conf.xml which looks like this:

       

      <?xml version='1.0'?>

      <policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

          xsi:schemaLocation="urn:jboss:security-config:5.0" xmlns="urn:jboss:security-config:5.0">

          <application-policy name="modeshape-jcr">

          <authentication>

              <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >

               <module-option name="password-stacking" value="useFirstPass"/>

               <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                                    <module-option name="java.naming.provider.url" value="1.1.1.1(example):389"/>

                                    <module-option name="java.naming.referral" value="simple"/>

                                    <module-option name="bindDN" value="cn=admin,dc=silvereye,dc=in"/>

                                    <module-option name="bindCredential" value="mypassword"/>

                                    <module-option name="baseCtxDN" value="o=domains,dc=silvereye,dc=in"/>

                                    <module-option name="baseFilter" value="(mail={0})"/>

                                    <module-option name="rolesCtxDN" value="o=domains,dc=silvereye,dc=in"/>

                                    <module-option name="roleFilter" value="(mail={0})" />

                                    <module-option name="roleAttributeID" value="member"/>

                                    <module-option name="roleAttributeIsDN" value="true"/>

                                    <module-option name="roleNameAttributeID" value="cn"/>

                                    <module-option name="searchScope" value="SUBTREE_SCOPE" />

                                    <module-option name="allowEmptyPasswords" value="false"/>

                              </login-module>   

                          </authentication>

          </application-policy>

      </policy>

       

      2)Created  a json which looks like this:

       

       

       

      {

          "name" : "Test Repository",

          "storage" : {

               "binaryStorage" : {

            "type" : "file",

            "directory": "target/persistent_repository/binaries",

            "trash" : "target/persistent_repository/binaries/trash"

         }

          } ,

        

          "security" : {

          "anonymous" : {

              "username" : "default",

              "roles" : ["readonly","readwrite","admin"],

              "useOnFailedLogin" : false

          },

          "providers" : [

              {

                  "name" : "My Custom Security Provider",

                  "classname" : "com.example.SimpleTestSecurityProvider"

              },

              {

                  "classname" : "com.example.jaas.conf.xml",

                  "policyName" : "modeshape-jcr"

              }

          ]

      }

      }

       

       

      3)custom authentication provider looks like:\

       

       

      public class SimpleTestSecurityProvider implements AuthenticationProvider, AuthorizationProvider, SecurityContext {

        

          @Override

          public ExecutionContext authenticate( Credentials credentials, String repositoryName, String workspaceName,

                                                ExecutionContext repositoryContext, Map<String, Object> sessionAttributes ) {

       

       

              return repositoryContext.with(this);

          }

       

       

          @Override

          public boolean hasPermission( ExecutionContext context, String repositoryName, String repositorySourceName,

                                        String workspaceName, Path absPath, String... actions ) {          

              return true;

          }

       

       

          @Override

          public boolean isAnonymous() {

              return false;

          }

       

       

          @Override

          public String getUserName() {

              return "nirbhay@silvereye.in";

          }

       

       

          @Override

          public boolean hasRole( String roleName ) {

              return true;

          }

       

       

          @Override

          public void logout() {

          }

      }

       

       

       

      and my main code looks like this:

      [login.java]

       

       

      ModeShapeEngine engine = new ModeShapeEngine();

        engine.start();

        org.modeshape.common.collection.Problems problems=null;

        org.modeshape.common.collection.Problems problems1=null;

       

       

      try {

        RepositoryConfiguration config = RepositoryConfiguration.read("my_repository.json");

        problems = config.validate();

       

       

        javax.jcr.Repository repository1 = engine.deploy(config);

        // problems1 = repository.getStartupProblems();

        // javax.jcr.Repository repository1 = engine.getRepository("Test Repository");

        javax.jcr.Session session = repository1.login(new SimpleCredentials("myuser", "mypass".toCharArray()),"default");

        session.getUserID();

        //session.getRepository()

        // Get the root node ...

        Node root = session.getRootNode();

        root.addNode("dfg");

        session.save();

        assert root != null;

       

        System.out.println("Found the root node in the \"" + session.getWorkspace().getName() + "\" workspace");

       

       

      no error it gives session but falls to anonymous login:

       

      17:02:34.828 [main] DEBUG org.modeshape.jcr.JcrRepository - Enabling anonymous authentication and authorization.

      17:02:34.853 [main] DEBUG org.modeshape.jcr.JcrRepository - No JNDI found, so not registering 'Test Repository' repository

       

      Please Help !!

       

      Thank you,

       

      Nikhil