1 Reply Latest reply on Dec 20, 2018 2:32 PM by dlofthouse

    Wildfly 15 - How to configure LDAP Authentication?

    felipe.bit

      Good evening! I'm trying to use Java EE 8 for athentication

       

      I can validate my username and password in line 45 but I can't authenticate it using Security context in line 44. I'm trying to do it "portable" so I would not like to setup Elytron configs for this... so there is anyway to do it? This is my code:

       

      @LdapIdentityStoreDefinition(
         url = "ldap://srv-infra04.axxiom1.local/",
         bindDn = "cn=suporteldap,ou=Usuarios,dc=openldapdev,dc=int",
         bindDnPassword = "5up0rt31DAP",
         callerSearchBase = "dc=openldapdev,dc=int"   
      )
      @BasicAuthenticationMechanismDefinition
      @WebFilter(urlPatterns = { "/*" })
      public class LdapAuthFilter implements Filter {
      
      
          @Inject
          IdentityStore store;
          
          @Inject
          SecurityContext sec;
      
      
          @Override
          public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
                  throws IOException, ServletException {
              HttpServletRequest request = (HttpServletRequest) servletRequest;
              HttpServletResponse response = (HttpServletResponse) servletResponse;
      
      
              String authHeader = request.getHeader("Authorization");
              if (authHeader != null) {
                  StringTokenizer st = new StringTokenizer(authHeader);
                  if (st.hasMoreTokens()) {
                      String basic = st.nextToken();
      
      
                      if (basic.equalsIgnoreCase("Basic")) {
                          try {
                              String credentials = new String(Base64.getDecoder().decode(st.nextToken()));
                              int p = credentials.indexOf(":");
                              if (p != -1) {
                                  String _username = credentials.substring(0, p).trim();
                                  String _password = credentials.substring(p + 1).trim();
                                  
                              Credential credential = new UsernamePasswordCredential(
                                      _username, new Password(_password));
                             
                              // AuthenticationStatus status = sec.authenticate(request, response, AuthenticationParameters.withParams().credential(credential));
                                  CredentialValidationResult cred = store.validate(credential);
                                  if (!cred.getStatus().equals(Status.VALID)) {
                                      unauthorized(response, "Bad credentials");
                                  }
      
      
                                  filterChain.doFilter(servletRequest, servletResponse);
                              } else {
                                  unauthorized(response, "Invalid authentication token");
                              }
                          } catch (UnsupportedEncodingException e) {
                              throw new Error("Couldn't retrieve authentication", e);
                          }
                      }
                  }
              } else {
                  unauthorized(response);
              }
      
      
          }
      
      
          private void unauthorized(HttpServletResponse response, String message) throws IOException {
              response.setHeader("WWW-Authenticate", "Basic realm=\"" + "Test" + "\"");
              response.sendError(401, message);
          }
      
      
          private void unauthorized(HttpServletResponse response) throws IOException {
              unauthorized(response, "Unauthorized");
          }
      
      }
      
      

       

      Thank you

      Regards