Wildfly 15 - How to configure LDAP Authentication?
felipe.bit Dec 20, 2018 8:57 AMGood evening! I'm trying to use Java EE 8 for athentication
I can validate my username and password in line 45 but I can't authenticate it using Security context in line 44. I'm trying to do it "portable" so I would not like to setup Elytron configs for this... so there is anyway to do it? This is my code:
@LdapIdentityStoreDefinition( url = "ldap://srv-infra04.axxiom1.local/", bindDn = "cn=suporteldap,ou=Usuarios,dc=openldapdev,dc=int", bindDnPassword = "5up0rt31DAP", callerSearchBase = "dc=openldapdev,dc=int" ) @BasicAuthenticationMechanismDefinition @WebFilter(urlPatterns = { "/*" }) public class LdapAuthFilter implements Filter { @Inject IdentityStore store; @Inject SecurityContext sec; @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; String authHeader = request.getHeader("Authorization"); if (authHeader != null) { StringTokenizer st = new StringTokenizer(authHeader); if (st.hasMoreTokens()) { String basic = st.nextToken(); if (basic.equalsIgnoreCase("Basic")) { try { String credentials = new String(Base64.getDecoder().decode(st.nextToken())); int p = credentials.indexOf(":"); if (p != -1) { String _username = credentials.substring(0, p).trim(); String _password = credentials.substring(p + 1).trim(); Credential credential = new UsernamePasswordCredential( _username, new Password(_password)); // AuthenticationStatus status = sec.authenticate(request, response, AuthenticationParameters.withParams().credential(credential)); CredentialValidationResult cred = store.validate(credential); if (!cred.getStatus().equals(Status.VALID)) { unauthorized(response, "Bad credentials"); } filterChain.doFilter(servletRequest, servletResponse); } else { unauthorized(response, "Invalid authentication token"); } } catch (UnsupportedEncodingException e) { throw new Error("Couldn't retrieve authentication", e); } } } } else { unauthorized(response); } } private void unauthorized(HttpServletResponse response, String message) throws IOException { response.setHeader("WWW-Authenticate", "Basic realm=\"" + "Test" + "\""); response.sendError(401, message); } private void unauthorized(HttpServletResponse response) throws IOException { unauthorized(response, "Unauthorized"); } }