From 2d471ee9d3ee66fad859eabe69f847631b6f8f3a Mon Sep 17 00:00:00 2001 From: Janne Valkealahti Date: Tue, 10 Mar 2015 11:54:48 +0000 Subject: [PATCH] Add new boot based samples --- build.gradle | 26 ++++ settings.gradle | 11 ++ spring-security-kerberos-samples/build.gradle | 18 +++ .../src/main/java/demo/app/Application.java | 16 +++ .../src/main/java/demo/app/MvcConfig.java | 18 +++ .../main/java/demo/app/WebSecurityConfig.java | 53 ++++++++ .../src/main/resources/application.yml | 2 + .../src/main/resources/logback.xml | 8 ++ .../src/main/resources/templates/hello.html | 10 ++ .../src/main/resources/templates/home.html | 10 ++ .../src/main/resources/templates/login.html | 20 +++ .../src/main/java/demo/app/Application.java | 18 +++ .../src/main/java/demo/app/MvcConfig.java | 18 +++ .../src/main/resources/application.yml | 5 + .../src/main/resources/logback.xml | 8 ++ .../src/main/resources/templates/hello.html | 10 ++ .../src/main/resources/templates/home.html | 10 ++ .../src/main/resources/templates/login.html | 20 +++ .../src/main/resources/websecurityconfig.xml | 60 +++++++++ .../src/main/java/demo/app/Application.java | 16 +++ .../src/main/java/demo/app/MvcConfig.java | 18 +++ .../main/java/demo/app/WebSecurityConfig.java | 105 ++++++++++++++++ .../src/main/resources/application.yml | 5 + .../src/main/resources/logback.xml | 8 ++ .../src/main/resources/templates/hello.html | 10 ++ .../src/main/resources/templates/home.html | 10 ++ .../src/main/resources/templates/login.html | 20 +++ .../src/main/java/demo/app/Application.java | 16 +++ .../src/main/java/demo/app/MvcConfig.java | 18 +++ .../main/java/demo/app/WebSecurityConfig.java | 117 ++++++++++++++++++ .../src/main/resources/application.yml | 7 ++ .../src/main/resources/logback.xml | 8 ++ .../src/main/resources/templates/hello.html | 10 ++ .../src/main/resources/templates/home.html | 10 ++ .../src/main/resources/templates/login.html | 20 +++ .../java/demo/DummyUserDetailsService.java | 16 +++ 36 files changed, 755 insertions(+) create mode 100644 spring-security-kerberos-samples/build.gradle create mode 100644 spring-security-kerberos-samples/sec-server-client-auth/src/main/java/demo/app/Application.java create mode 100644 spring-security-kerberos-samples/sec-server-client-auth/src/main/java/demo/app/MvcConfig.java create mode 100644 spring-security-kerberos-samples/sec-server-client-auth/src/main/java/demo/app/WebSecurityConfig.java create mode 100644 spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/application.yml create mode 100644 spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/logback.xml create mode 100644 spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/templates/hello.html create mode 100644 spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/templates/home.html create mode 100644 spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/templates/login.html create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/java/demo/app/Application.java create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/java/demo/app/MvcConfig.java create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/application.yml create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/logback.xml create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/templates/hello.html create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/templates/home.html create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/templates/login.html create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/websecurityconfig.xml create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/java/demo/app/Application.java create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/java/demo/app/MvcConfig.java create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/java/demo/app/WebSecurityConfig.java create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/application.yml create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/logback.xml create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/templates/hello.html create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/templates/home.html create mode 100644 spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/templates/login.html create mode 100644 spring-security-kerberos-samples/sec-server-win-auth/src/main/java/demo/app/Application.java create mode 100644 spring-security-kerberos-samples/sec-server-win-auth/src/main/java/demo/app/MvcConfig.java create mode 100644 spring-security-kerberos-samples/sec-server-win-auth/src/main/java/demo/app/WebSecurityConfig.java create mode 100644 spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/application.yml create mode 100644 spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/logback.xml create mode 100644 spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/templates/hello.html create mode 100644 spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/templates/home.html create mode 100644 spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/templates/login.html create mode 100644 spring-security-kerberos-samples/src/main/java/demo/DummyUserDetailsService.java diff --git a/build.gradle b/build.gradle index c7beacf..aa67315 100644 --- a/build.gradle +++ b/build.gradle @@ -7,6 +7,13 @@ buildscript { classpath("org.springframework.build.gradle:spring-io-plugin:0.0.3.RELEASE") classpath('org.asciidoctor:asciidoctor-gradle-plugin:1.5.2') classpath("io.spring.gradle:docbook-reference-plugin:0.3.0") + classpath("org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion") + } +} + +def sampleProjects() { + subprojects.findAll { project -> + project.name.contains('sec-server') && project.name != 'spring-security-kerberos-samples-common' } } @@ -164,6 +171,25 @@ project('spring-security-kerberos-sample') { } } +project('spring-security-kerberos-samples-common') { + dependencies { + compile project(":spring-security-kerberos-core") + } +} + +configure(sampleProjects()) { + apply plugin: 'spring-boot' + dependencies { + compile project(":spring-security-kerberos-samples-common") + compile "org.springframework.boot:spring-boot-starter-thymeleaf:$springBootVersion" + compile "org.springframework.security:spring-security-ldap:$springSecurityVersion" + testCompile "org.springframework:spring-test:$springVersion" + testCompile "org.hamcrest:hamcrest-core:$hamcrestVersion" + testCompile "org.hamcrest:hamcrest-library:$hamcrestVersion" + testCompile "junit:junit:$junitVersion" + } +} + configure(rootProject) { description = 'Spring Security Kerberos Extension' diff --git a/settings.gradle b/settings.gradle index e32ec3e..0f08568 100644 --- a/settings.gradle +++ b/settings.gradle @@ -4,3 +4,14 @@ include 'spring-security-kerberos-core' include 'spring-security-kerberos-client' include 'spring-security-kerberos-test' include 'spring-security-kerberos-sample' +include 'spring-security-kerberos-samples' +include 'spring-security-kerberos-samples:sec-server-client-auth' +include 'spring-security-kerberos-samples:sec-server-spnego-form-auth' +include 'spring-security-kerberos-samples:sec-server-spnego-form-auth-xml' +include 'spring-security-kerberos-samples:sec-server-win-auth' + +rootProject.children.find { + if (it.name == 'spring-security-kerberos-samples') { + it.name = 'spring-security-kerberos-samples-common' + } +} diff --git a/spring-security-kerberos-samples/build.gradle b/spring-security-kerberos-samples/build.gradle new file mode 100644 index 0000000..b3c301e --- /dev/null +++ b/spring-security-kerberos-samples/build.gradle @@ -0,0 +1,18 @@ +description = 'Spring Security Kerberos Samples Common' + +project('sec-server-win-auth') { + description = 'Security Server Windows Auth Sample' +} + +project('sec-server-client-auth') { + description = 'Security Server Side Auth Sample' +} + +project('sec-server-spnego-form-auth') { + description = 'Security Server Spnego and Form Auth Sample' +} + +project('sec-server-spnego-form-auth') { + description = 'Security Server Spnego and Form Auth Xml Sample' +} + diff --git a/spring-security-kerberos-samples/sec-server-client-auth/src/main/java/demo/app/Application.java b/spring-security-kerberos-samples/sec-server-client-auth/src/main/java/demo/app/Application.java new file mode 100644 index 0000000..d2b66db --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-client-auth/src/main/java/demo/app/Application.java @@ -0,0 +1,16 @@ +package demo.app; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration; + +@SpringBootApplication +@EnableAutoConfiguration(exclude = SecurityAutoConfiguration.class) +public class Application { + + public static void main(String[] args) throws Throwable { + SpringApplication.run(Application.class, args); + } + +} diff --git a/spring-security-kerberos-samples/sec-server-client-auth/src/main/java/demo/app/MvcConfig.java b/spring-security-kerberos-samples/sec-server-client-auth/src/main/java/demo/app/MvcConfig.java new file mode 100644 index 0000000..cb578b3 --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-client-auth/src/main/java/demo/app/MvcConfig.java @@ -0,0 +1,18 @@ +package demo.app; + +import org.springframework.context.annotation.Configuration; +import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; + +@Configuration +public class MvcConfig extends WebMvcConfigurerAdapter { + + @Override + public void addViewControllers(ViewControllerRegistry registry) { + registry.addViewController("/home").setViewName("home"); + registry.addViewController("/").setViewName("home"); + registry.addViewController("/hello").setViewName("hello"); + registry.addViewController("/login").setViewName("login"); + } + +} diff --git a/spring-security-kerberos-samples/sec-server-client-auth/src/main/java/demo/app/WebSecurityConfig.java b/spring-security-kerberos-samples/sec-server-client-auth/src/main/java/demo/app/WebSecurityConfig.java new file mode 100644 index 0000000..167ffe8 --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-client-auth/src/main/java/demo/app/WebSecurityConfig.java @@ -0,0 +1,53 @@ +package demo.app; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider; +import org.springframework.security.extensions.kerberos.SunJaasKerberosClient; + +import demo.DummyUserDetailsService; + +@Configuration +@EnableWebMvcSecurity +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .authorizeRequests() + .antMatchers("/", "/home").permitAll() + .anyRequest().authenticated() + .and() + .formLogin() + .loginPage("/login").permitAll() + .and() + .logout() + .permitAll(); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth + .authenticationProvider(kerberosAuthenticationProvider()); + } + + @Bean + public KerberosAuthenticationProvider kerberosAuthenticationProvider() { + KerberosAuthenticationProvider provider = new KerberosAuthenticationProvider(); + SunJaasKerberosClient client = new SunJaasKerberosClient(); + client.setDebug(true); + provider.setKerberosClient(client); + provider.setUserDetailsService(dummyUserDetailsService()); + return provider; + } + + @Bean + public DummyUserDetailsService dummyUserDetailsService() { + return new DummyUserDetailsService(); + } + +} diff --git a/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/application.yml b/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/application.yml new file mode 100644 index 0000000..aa22dc5 --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/application.yml @@ -0,0 +1,2 @@ +server: + port: 8080 diff --git a/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/logback.xml b/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/logback.xml new file mode 100644 index 0000000..a7d4dcf --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/logback.xml @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/templates/hello.html b/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/templates/hello.html new file mode 100644 index 0000000..4d566ef --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/templates/hello.html @@ -0,0 +1,10 @@ + + + + Spring Security Kerberos Example + + +

Hello [[${#httpServletRequest.remoteUser}]]!

+ + diff --git a/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/templates/home.html b/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/templates/home.html new file mode 100644 index 0000000..96ed241 --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/templates/home.html @@ -0,0 +1,10 @@ + + + + Spring Security Kerberos Example + + +

Welcome!

+

Click here to see a greeting.

+ + diff --git a/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/templates/login.html b/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/templates/login.html new file mode 100644 index 0000000..71c825a --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-client-auth/src/main/resources/templates/login.html @@ -0,0 +1,20 @@ + + + + Spring Security Kerberos Example + + +
+ Invalid username and password. +
+
+ You have been logged out. +
+
+
+
+
+
+ + diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/java/demo/app/Application.java b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/java/demo/app/Application.java new file mode 100644 index 0000000..7512ca6 --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/java/demo/app/Application.java @@ -0,0 +1,18 @@ +package demo.app; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration; +import org.springframework.context.annotation.ImportResource; + +@SpringBootApplication +@EnableAutoConfiguration(exclude = SecurityAutoConfiguration.class) +@ImportResource("websecurityconfig.xml") +public class Application { + + public static void main(String[] args) throws Throwable { + SpringApplication.run(Application.class, args); + } + +} diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/java/demo/app/MvcConfig.java b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/java/demo/app/MvcConfig.java new file mode 100644 index 0000000..cb578b3 --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/java/demo/app/MvcConfig.java @@ -0,0 +1,18 @@ +package demo.app; + +import org.springframework.context.annotation.Configuration; +import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; + +@Configuration +public class MvcConfig extends WebMvcConfigurerAdapter { + + @Override + public void addViewControllers(ViewControllerRegistry registry) { + registry.addViewController("/home").setViewName("home"); + registry.addViewController("/").setViewName("home"); + registry.addViewController("/hello").setViewName("hello"); + registry.addViewController("/login").setViewName("login"); + } + +} diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/application.yml b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/application.yml new file mode 100644 index 0000000..82766c8 --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/application.yml @@ -0,0 +1,5 @@ +server: + port: 8080 +app: + service-principal: HTTP/neo.example.org@EXAMPLE.ORG + keytab-location: file:///tmp/tomcat.keytab diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/logback.xml b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/logback.xml new file mode 100644 index 0000000..a7d4dcf --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/logback.xml @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/templates/hello.html b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/templates/hello.html new file mode 100644 index 0000000..4d566ef --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/templates/hello.html @@ -0,0 +1,10 @@ + + + + Spring Security Kerberos Example + + +

Hello [[${#httpServletRequest.remoteUser}]]!

+ + diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/templates/home.html b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/templates/home.html new file mode 100644 index 0000000..96ed241 --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/templates/home.html @@ -0,0 +1,10 @@ + + + + Spring Security Kerberos Example + + +

Welcome!

+

Click here to see a greeting.

+ + diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/templates/login.html b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/templates/login.html new file mode 100644 index 0000000..e20a78b --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/templates/login.html @@ -0,0 +1,20 @@ + + + + Spring Security Kerberos Example + + +
+ Invalid username and password. +
+
+ You have been logged out. +
+
+
+
+
+
+ + diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/websecurityconfig.xml b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/websecurityconfig.xml new file mode 100644 index 0000000..d5e8cdc --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth-xml/src/main/resources/websecurityconfig.xml @@ -0,0 +1,60 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/java/demo/app/Application.java b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/java/demo/app/Application.java new file mode 100644 index 0000000..d2b66db --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/java/demo/app/Application.java @@ -0,0 +1,16 @@ +package demo.app; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration; + +@SpringBootApplication +@EnableAutoConfiguration(exclude = SecurityAutoConfiguration.class) +public class Application { + + public static void main(String[] args) throws Throwable { + SpringApplication.run(Application.class, args); + } + +} diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/java/demo/app/MvcConfig.java b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/java/demo/app/MvcConfig.java new file mode 100644 index 0000000..cb578b3 --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/java/demo/app/MvcConfig.java @@ -0,0 +1,18 @@ +package demo.app; + +import org.springframework.context.annotation.Configuration; +import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; + +@Configuration +public class MvcConfig extends WebMvcConfigurerAdapter { + + @Override + public void addViewControllers(ViewControllerRegistry registry) { + registry.addViewController("/home").setViewName("home"); + registry.addViewController("/").setViewName("home"); + registry.addViewController("/hello").setViewName("hello"); + registry.addViewController("/login").setViewName("login"); + } + +} diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/java/demo/app/WebSecurityConfig.java b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/java/demo/app/WebSecurityConfig.java new file mode 100644 index 0000000..9c00811 --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/java/demo/app/WebSecurityConfig.java @@ -0,0 +1,105 @@ +package demo.app; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.core.io.FileSystemResource; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider; +import org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider; +import org.springframework.security.extensions.kerberos.SunJaasKerberosClient; +import org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator; +import org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter; +import org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint; +import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; + +import demo.DummyUserDetailsService; + +@Configuration +@EnableWebMvcSecurity +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + @Value("${app.service-principal}") + private String servicePrincipal; + + @Value("${app.keytab-location}") + private String keytabLocation; + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .exceptionHandling() + .authenticationEntryPoint(spnegoEntryPoint()) + .and() + .authorizeRequests() + .antMatchers("/", "/home").permitAll() + .anyRequest().authenticated() + .and() + .formLogin() + .loginPage("/login").permitAll() + .and() + .logout() + .permitAll() + .and() + .addFilterBefore( + spnegoAuthenticationProcessingFilter(authenticationManagerBean()), + BasicAuthenticationFilter.class); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth + .authenticationProvider(kerberosAuthenticationProvider()) + .authenticationProvider(kerberosServiceAuthenticationProvider()); + } + + @Bean + public KerberosAuthenticationProvider kerberosAuthenticationProvider() { + KerberosAuthenticationProvider provider = new KerberosAuthenticationProvider(); + SunJaasKerberosClient client = new SunJaasKerberosClient(); + client.setDebug(true); + provider.setKerberosClient(client); + provider.setUserDetailsService(dummyUserDetailsService()); + return provider; + } + + @Bean + public SpnegoEntryPoint spnegoEntryPoint() { + return new SpnegoEntryPoint("/login"); + } + + @Bean + public SpnegoAuthenticationProcessingFilter spnegoAuthenticationProcessingFilter( + AuthenticationManager authenticationManager) { + SpnegoAuthenticationProcessingFilter filter = new SpnegoAuthenticationProcessingFilter(); + filter.setAuthenticationManager(authenticationManager); + return filter; + } + + @Bean + public KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider() { + KerberosServiceAuthenticationProvider provider = new KerberosServiceAuthenticationProvider(); + provider.setTicketValidator(sunJaasKerberosTicketValidator()); + provider.setUserDetailsService(dummyUserDetailsService()); + return provider; + } + + @Bean + public SunJaasKerberosTicketValidator sunJaasKerberosTicketValidator() { + SunJaasKerberosTicketValidator ticketValidator = new SunJaasKerberosTicketValidator(); + ticketValidator.setServicePrincipal(servicePrincipal); + ticketValidator.setKeyTabLocation(new FileSystemResource(keytabLocation)); + ticketValidator.setDebug(true); + return ticketValidator; + } + + @Bean + public DummyUserDetailsService dummyUserDetailsService() { + return new DummyUserDetailsService(); + } + +} diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/application.yml b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/application.yml new file mode 100644 index 0000000..301c67b --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/application.yml @@ -0,0 +1,5 @@ +server: + port: 8080 +app: + service-principal: HTTP/neo.example.org@EXAMPLE.ORG + keytab-location: /tmp/tomcat.keytab diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/logback.xml b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/logback.xml new file mode 100644 index 0000000..a7d4dcf --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/logback.xml @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/templates/hello.html b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/templates/hello.html new file mode 100644 index 0000000..4d566ef --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/templates/hello.html @@ -0,0 +1,10 @@ + + + + Spring Security Kerberos Example + + +

Hello [[${#httpServletRequest.remoteUser}]]!

+ + diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/templates/home.html b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/templates/home.html new file mode 100644 index 0000000..96ed241 --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/templates/home.html @@ -0,0 +1,10 @@ + + + + Spring Security Kerberos Example + + +

Welcome!

+

Click here to see a greeting.

+ + diff --git a/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/templates/login.html b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/templates/login.html new file mode 100644 index 0000000..71c825a --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-spnego-form-auth/src/main/resources/templates/login.html @@ -0,0 +1,20 @@ + + + + Spring Security Kerberos Example + + +
+ Invalid username and password. +
+
+ You have been logged out. +
+
+
+
+
+
+ + diff --git a/spring-security-kerberos-samples/sec-server-win-auth/src/main/java/demo/app/Application.java b/spring-security-kerberos-samples/sec-server-win-auth/src/main/java/demo/app/Application.java new file mode 100644 index 0000000..d2b66db --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-win-auth/src/main/java/demo/app/Application.java @@ -0,0 +1,16 @@ +package demo.app; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration; + +@SpringBootApplication +@EnableAutoConfiguration(exclude = SecurityAutoConfiguration.class) +public class Application { + + public static void main(String[] args) throws Throwable { + SpringApplication.run(Application.class, args); + } + +} diff --git a/spring-security-kerberos-samples/sec-server-win-auth/src/main/java/demo/app/MvcConfig.java b/spring-security-kerberos-samples/sec-server-win-auth/src/main/java/demo/app/MvcConfig.java new file mode 100644 index 0000000..cb578b3 --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-win-auth/src/main/java/demo/app/MvcConfig.java @@ -0,0 +1,18 @@ +package demo.app; + +import org.springframework.context.annotation.Configuration; +import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; + +@Configuration +public class MvcConfig extends WebMvcConfigurerAdapter { + + @Override + public void addViewControllers(ViewControllerRegistry registry) { + registry.addViewController("/home").setViewName("home"); + registry.addViewController("/").setViewName("home"); + registry.addViewController("/hello").setViewName("hello"); + registry.addViewController("/login").setViewName("login"); + } + +} diff --git a/spring-security-kerberos-samples/sec-server-win-auth/src/main/java/demo/app/WebSecurityConfig.java b/spring-security-kerberos-samples/sec-server-win-auth/src/main/java/demo/app/WebSecurityConfig.java new file mode 100644 index 0000000..f32f11d --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-win-auth/src/main/java/demo/app/WebSecurityConfig.java @@ -0,0 +1,117 @@ +package demo.app; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.core.io.FileSystemResource; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider; +import org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator; +import org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter; +import org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint; +import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider; +import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; + +@Configuration +@EnableWebMvcSecurity +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + @Value("${app.ad-domain}") + private String adDomain; + + @Value("${app.ad-server}") + private String adServer; + + @Value("${app.service-principal}") + private String servicePrincipal; + + @Value("${app.keytab-location}") + private String keytabLocation; + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .exceptionHandling() + .authenticationEntryPoint(spnegoEntryPoint()) + .and() + .authorizeRequests() + .antMatchers("/", "/home").permitAll() + .anyRequest().authenticated() + .and() + .formLogin() + .loginPage("/login").permitAll() + .and() + .logout() + .permitAll() + .and() + .addFilterBefore( + spnegoAuthenticationProcessingFilter(authenticationManagerBean()), + BasicAuthenticationFilter.class); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth + .authenticationProvider(activeDirectoryLdapAuthenticationProvider()) + .authenticationProvider(kerberosServiceAuthenticationProvider()); + } + + @Bean + public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() { + return new ActiveDirectoryLdapAuthenticationProvider(adDomain, adServer); + } + + @Bean + public SpnegoEntryPoint spnegoEntryPoint() { + return new SpnegoEntryPoint("/login"); + } + + @Bean + public SpnegoAuthenticationProcessingFilter spnegoAuthenticationProcessingFilter( + AuthenticationManager authenticationManager) { + SpnegoAuthenticationProcessingFilter filter = new SpnegoAuthenticationProcessingFilter(); + filter.setAuthenticationManager(authenticationManager); + return filter; + } + + @Bean + public KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider() { + KerberosServiceAuthenticationProvider provider = new KerberosServiceAuthenticationProvider(); + provider.setTicketValidator(sunJaasKerberosTicketValidator()); + provider.setUserDetailsService(dummyUserDetailsService()); + return provider; + } + + @Bean + public SunJaasKerberosTicketValidator sunJaasKerberosTicketValidator() { + SunJaasKerberosTicketValidator ticketValidator = new SunJaasKerberosTicketValidator(); + ticketValidator.setServicePrincipal(servicePrincipal); + ticketValidator.setKeyTabLocation(new FileSystemResource(keytabLocation)); + ticketValidator.setDebug(true); + return ticketValidator; + } + + @Bean + public DummyUserDetailsService dummyUserDetailsService() { + return new DummyUserDetailsService(); + } + + static class DummyUserDetailsService implements UserDetailsService { + + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + return new User(username, "notUsed", true, true, true, true, + AuthorityUtils.createAuthorityList("ROLE_USER")); + } + + } + +} diff --git a/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/application.yml b/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/application.yml new file mode 100644 index 0000000..855859e --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/application.yml @@ -0,0 +1,7 @@ +server: + port: 8080 +app: + ad-domain: EXAMPLE.ORG + ad-server: ldap://WIN-EKBO0EQ7TS7.example.org/ + service-principal: HTTP/neo.example.org@EXAMPLE.ORG + keytab-location: /tmp/tomcat.keytab diff --git a/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/logback.xml b/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/logback.xml new file mode 100644 index 0000000..a7d4dcf --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/logback.xml @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/templates/hello.html b/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/templates/hello.html new file mode 100644 index 0000000..4d566ef --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/templates/hello.html @@ -0,0 +1,10 @@ + + + + Spring Security Kerberos Example + + +

Hello [[${#httpServletRequest.remoteUser}]]!

+ + diff --git a/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/templates/home.html b/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/templates/home.html new file mode 100644 index 0000000..96ed241 --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/templates/home.html @@ -0,0 +1,10 @@ + + + + Spring Security Kerberos Example + + +

Welcome!

+

Click here to see a greeting.

+ + diff --git a/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/templates/login.html b/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/templates/login.html new file mode 100644 index 0000000..71c825a --- /dev/null +++ b/spring-security-kerberos-samples/sec-server-win-auth/src/main/resources/templates/login.html @@ -0,0 +1,20 @@ + + + + Spring Security Kerberos Example + + +
+ Invalid username and password. +
+
+ You have been logged out. +
+
+
+
+
+
+ + diff --git a/spring-security-kerberos-samples/src/main/java/demo/DummyUserDetailsService.java b/spring-security-kerberos-samples/src/main/java/demo/DummyUserDetailsService.java new file mode 100644 index 0000000..6c00052 --- /dev/null +++ b/spring-security-kerberos-samples/src/main/java/demo/DummyUserDetailsService.java @@ -0,0 +1,16 @@ +package demo; + +import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; + +public class DummyUserDetailsService implements UserDetailsService { + + @Override + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + return new User(username, "notUsed", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_USER")); + } + +}