Add new boot based samples
This commit is contained in:
18
spring-security-kerberos-samples/build.gradle
Normal file
18
spring-security-kerberos-samples/build.gradle
Normal file
@@ -0,0 +1,18 @@
|
||||
description = 'Spring Security Kerberos Samples Common'
|
||||
|
||||
project('sec-server-win-auth') {
|
||||
description = 'Security Server Windows Auth Sample'
|
||||
}
|
||||
|
||||
project('sec-server-client-auth') {
|
||||
description = 'Security Server Side Auth Sample'
|
||||
}
|
||||
|
||||
project('sec-server-spnego-form-auth') {
|
||||
description = 'Security Server Spnego and Form Auth Sample'
|
||||
}
|
||||
|
||||
project('sec-server-spnego-form-auth') {
|
||||
description = 'Security Server Spnego and Form Auth Xml Sample'
|
||||
}
|
||||
|
||||
@@ -0,0 +1,16 @@
|
||||
package demo.app;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
|
||||
@SpringBootApplication
|
||||
@EnableAutoConfiguration(exclude = SecurityAutoConfiguration.class)
|
||||
public class Application {
|
||||
|
||||
public static void main(String[] args) throws Throwable {
|
||||
SpringApplication.run(Application.class, args);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,18 @@
|
||||
package demo.app;
|
||||
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
|
||||
|
||||
@Configuration
|
||||
public class MvcConfig extends WebMvcConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
public void addViewControllers(ViewControllerRegistry registry) {
|
||||
registry.addViewController("/home").setViewName("home");
|
||||
registry.addViewController("/").setViewName("home");
|
||||
registry.addViewController("/hello").setViewName("hello");
|
||||
registry.addViewController("/login").setViewName("login");
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,53 @@
|
||||
package demo.app;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider;
|
||||
import org.springframework.security.extensions.kerberos.SunJaasKerberosClient;
|
||||
|
||||
import demo.DummyUserDetailsService;
|
||||
|
||||
@Configuration
|
||||
@EnableWebMvcSecurity
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests()
|
||||
.antMatchers("/", "/home").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login").permitAll()
|
||||
.and()
|
||||
.logout()
|
||||
.permitAll();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.authenticationProvider(kerberosAuthenticationProvider());
|
||||
}
|
||||
|
||||
@Bean
|
||||
public KerberosAuthenticationProvider kerberosAuthenticationProvider() {
|
||||
KerberosAuthenticationProvider provider = new KerberosAuthenticationProvider();
|
||||
SunJaasKerberosClient client = new SunJaasKerberosClient();
|
||||
client.setDebug(true);
|
||||
provider.setKerberosClient(client);
|
||||
provider.setUserDetailsService(dummyUserDetailsService());
|
||||
return provider;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public DummyUserDetailsService dummyUserDetailsService() {
|
||||
return new DummyUserDetailsService();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
server:
|
||||
port: 8080
|
||||
@@ -0,0 +1,8 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<configuration>
|
||||
|
||||
<include resource="org/springframework/boot/logging/logback/base.xml"/>
|
||||
|
||||
<logger name="org.springframework.security" level="DEBUG"/>
|
||||
|
||||
</configuration>
|
||||
@@ -0,0 +1,10 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
|
||||
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
|
||||
<head>
|
||||
<title>Spring Security Kerberos Example</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1 th:inline="text">Hello [[${#httpServletRequest.remoteUser}]]!</h1>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,10 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
|
||||
<head>
|
||||
<title>Spring Security Kerberos Example</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome!</h1>
|
||||
<p>Click <a th:href="@{/hello}">here</a> to see a greeting.</p>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,20 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
|
||||
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
|
||||
<head>
|
||||
<title>Spring Security Kerberos Example</title>
|
||||
</head>
|
||||
<body>
|
||||
<div th:if="${param.error}">
|
||||
Invalid username and password.
|
||||
</div>
|
||||
<div th:if="${param.logout}">
|
||||
You have been logged out.
|
||||
</div>
|
||||
<form th:action="@{/login}" method="post">
|
||||
<div><label> User Name : <input type="text" name="username"/> </label></div>
|
||||
<div><label> Password: <input type="password" name="password"/> </label></div>
|
||||
<div><input type="submit" value="Sign In"/></div>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,18 @@
|
||||
package demo.app;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
import org.springframework.context.annotation.ImportResource;
|
||||
|
||||
@SpringBootApplication
|
||||
@EnableAutoConfiguration(exclude = SecurityAutoConfiguration.class)
|
||||
@ImportResource("websecurityconfig.xml")
|
||||
public class Application {
|
||||
|
||||
public static void main(String[] args) throws Throwable {
|
||||
SpringApplication.run(Application.class, args);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,18 @@
|
||||
package demo.app;
|
||||
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
|
||||
|
||||
@Configuration
|
||||
public class MvcConfig extends WebMvcConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
public void addViewControllers(ViewControllerRegistry registry) {
|
||||
registry.addViewController("/home").setViewName("home");
|
||||
registry.addViewController("/").setViewName("home");
|
||||
registry.addViewController("/hello").setViewName("hello");
|
||||
registry.addViewController("/login").setViewName("login");
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,5 @@
|
||||
server:
|
||||
port: 8080
|
||||
app:
|
||||
service-principal: HTTP/neo.example.org@EXAMPLE.ORG
|
||||
keytab-location: file:///tmp/tomcat.keytab
|
||||
@@ -0,0 +1,8 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<configuration>
|
||||
|
||||
<include resource="org/springframework/boot/logging/logback/base.xml"/>
|
||||
|
||||
<logger name="org.springframework.security" level="DEBUG"/>
|
||||
|
||||
</configuration>
|
||||
@@ -0,0 +1,10 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
|
||||
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
|
||||
<head>
|
||||
<title>Spring Security Kerberos Example</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1 th:inline="text">Hello [[${#httpServletRequest.remoteUser}]]!</h1>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,10 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
|
||||
<head>
|
||||
<title>Spring Security Kerberos Example</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome!</h1>
|
||||
<p>Click <a th:href="@{/hello}">here</a> to see a greeting.</p>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,20 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
|
||||
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
|
||||
<head>
|
||||
<title>Spring Security Kerberos Example</title>
|
||||
</head>
|
||||
<body>
|
||||
<div th:if="${param.error}">
|
||||
Invalid username and password.
|
||||
</div>
|
||||
<div th:if="${param.logout}">
|
||||
You have been logged out.
|
||||
</div>
|
||||
<form th:action="@{/j_spring_security_check}" method="post">
|
||||
<div><label> User Name : <input type="text" name="j_username"/> </label></div>
|
||||
<div><label> Password: <input type="password" name="j_password"/> </label></div>
|
||||
<div><input type="submit" value="Sign In"/></div>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,60 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:sec="http://www.springframework.org/schema/security"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
|
||||
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd">
|
||||
|
||||
<sec:http entry-point-ref="spnegoEntryPoint" use-expressions="true" >
|
||||
<sec:intercept-url pattern="/" access="permitAll" />
|
||||
<sec:intercept-url pattern="/home" access="permitAll" />
|
||||
<sec:intercept-url pattern="/login" access="permitAll" />
|
||||
<sec:intercept-url pattern="/**" access="authenticated"/>
|
||||
<sec:form-login login-page="/login" />
|
||||
<sec:custom-filter ref="spnegoAuthenticationProcessingFilter"
|
||||
before="BASIC_AUTH_FILTER" />
|
||||
</sec:http>
|
||||
|
||||
<sec:authentication-manager alias="authenticationManager">
|
||||
<sec:authentication-provider ref="kerberosAuthenticationProvider" />
|
||||
<sec:authentication-provider ref="kerberosServiceAuthenticationProvider" />
|
||||
</sec:authentication-manager>
|
||||
|
||||
<bean id="kerberosAuthenticationProvider"
|
||||
class="org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider">
|
||||
<property name="userDetailsService" ref="dummyUserDetailsService"/>
|
||||
<property name="kerberosClient">
|
||||
<bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosClient">
|
||||
<property name="debug" value="true"/>
|
||||
</bean>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="spnegoEntryPoint"
|
||||
class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" >
|
||||
<constructor-arg value="/login" />
|
||||
</bean>
|
||||
|
||||
<bean id="spnegoAuthenticationProcessingFilter"
|
||||
class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter">
|
||||
<property name="authenticationManager" ref="authenticationManager" />
|
||||
</bean>
|
||||
|
||||
<bean id="kerberosServiceAuthenticationProvider"
|
||||
class="org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider">
|
||||
<property name="ticketValidator">
|
||||
<bean
|
||||
class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator">
|
||||
<property name="servicePrincipal" value="${app.service-principal}" />
|
||||
<property name="keyTabLocation" value="${app.keytab-location}" />
|
||||
<property name="debug" value="true" />
|
||||
</bean>
|
||||
</property>
|
||||
<property name="userDetailsService" ref="dummyUserDetailsService" />
|
||||
</bean>
|
||||
|
||||
<bean id="dummyUserDetailsService" class="demo.DummyUserDetailsService" />
|
||||
|
||||
</beans>
|
||||
@@ -0,0 +1,16 @@
|
||||
package demo.app;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
|
||||
@SpringBootApplication
|
||||
@EnableAutoConfiguration(exclude = SecurityAutoConfiguration.class)
|
||||
public class Application {
|
||||
|
||||
public static void main(String[] args) throws Throwable {
|
||||
SpringApplication.run(Application.class, args);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,18 @@
|
||||
package demo.app;
|
||||
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
|
||||
|
||||
@Configuration
|
||||
public class MvcConfig extends WebMvcConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
public void addViewControllers(ViewControllerRegistry registry) {
|
||||
registry.addViewController("/home").setViewName("home");
|
||||
registry.addViewController("/").setViewName("home");
|
||||
registry.addViewController("/hello").setViewName("hello");
|
||||
registry.addViewController("/login").setViewName("login");
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,105 @@
|
||||
package demo.app;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.io.FileSystemResource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider;
|
||||
import org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider;
|
||||
import org.springframework.security.extensions.kerberos.SunJaasKerberosClient;
|
||||
import org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator;
|
||||
import org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter;
|
||||
import org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint;
|
||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||
|
||||
import demo.DummyUserDetailsService;
|
||||
|
||||
@Configuration
|
||||
@EnableWebMvcSecurity
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Value("${app.service-principal}")
|
||||
private String servicePrincipal;
|
||||
|
||||
@Value("${app.keytab-location}")
|
||||
private String keytabLocation;
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.exceptionHandling()
|
||||
.authenticationEntryPoint(spnegoEntryPoint())
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/", "/home").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login").permitAll()
|
||||
.and()
|
||||
.logout()
|
||||
.permitAll()
|
||||
.and()
|
||||
.addFilterBefore(
|
||||
spnegoAuthenticationProcessingFilter(authenticationManagerBean()),
|
||||
BasicAuthenticationFilter.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.authenticationProvider(kerberosAuthenticationProvider())
|
||||
.authenticationProvider(kerberosServiceAuthenticationProvider());
|
||||
}
|
||||
|
||||
@Bean
|
||||
public KerberosAuthenticationProvider kerberosAuthenticationProvider() {
|
||||
KerberosAuthenticationProvider provider = new KerberosAuthenticationProvider();
|
||||
SunJaasKerberosClient client = new SunJaasKerberosClient();
|
||||
client.setDebug(true);
|
||||
provider.setKerberosClient(client);
|
||||
provider.setUserDetailsService(dummyUserDetailsService());
|
||||
return provider;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SpnegoEntryPoint spnegoEntryPoint() {
|
||||
return new SpnegoEntryPoint("/login");
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SpnegoAuthenticationProcessingFilter spnegoAuthenticationProcessingFilter(
|
||||
AuthenticationManager authenticationManager) {
|
||||
SpnegoAuthenticationProcessingFilter filter = new SpnegoAuthenticationProcessingFilter();
|
||||
filter.setAuthenticationManager(authenticationManager);
|
||||
return filter;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider() {
|
||||
KerberosServiceAuthenticationProvider provider = new KerberosServiceAuthenticationProvider();
|
||||
provider.setTicketValidator(sunJaasKerberosTicketValidator());
|
||||
provider.setUserDetailsService(dummyUserDetailsService());
|
||||
return provider;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SunJaasKerberosTicketValidator sunJaasKerberosTicketValidator() {
|
||||
SunJaasKerberosTicketValidator ticketValidator = new SunJaasKerberosTicketValidator();
|
||||
ticketValidator.setServicePrincipal(servicePrincipal);
|
||||
ticketValidator.setKeyTabLocation(new FileSystemResource(keytabLocation));
|
||||
ticketValidator.setDebug(true);
|
||||
return ticketValidator;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public DummyUserDetailsService dummyUserDetailsService() {
|
||||
return new DummyUserDetailsService();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,5 @@
|
||||
server:
|
||||
port: 8080
|
||||
app:
|
||||
service-principal: HTTP/neo.example.org@EXAMPLE.ORG
|
||||
keytab-location: /tmp/tomcat.keytab
|
||||
@@ -0,0 +1,8 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<configuration>
|
||||
|
||||
<include resource="org/springframework/boot/logging/logback/base.xml"/>
|
||||
|
||||
<logger name="org.springframework.security" level="DEBUG"/>
|
||||
|
||||
</configuration>
|
||||
@@ -0,0 +1,10 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
|
||||
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
|
||||
<head>
|
||||
<title>Spring Security Kerberos Example</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1 th:inline="text">Hello [[${#httpServletRequest.remoteUser}]]!</h1>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,10 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
|
||||
<head>
|
||||
<title>Spring Security Kerberos Example</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome!</h1>
|
||||
<p>Click <a th:href="@{/hello}">here</a> to see a greeting.</p>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,20 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
|
||||
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
|
||||
<head>
|
||||
<title>Spring Security Kerberos Example</title>
|
||||
</head>
|
||||
<body>
|
||||
<div th:if="${param.error}">
|
||||
Invalid username and password.
|
||||
</div>
|
||||
<div th:if="${param.logout}">
|
||||
You have been logged out.
|
||||
</div>
|
||||
<form th:action="@{/login}" method="post">
|
||||
<div><label> User Name : <input type="text" name="username"/> </label></div>
|
||||
<div><label> Password: <input type="password" name="password"/> </label></div>
|
||||
<div><input type="submit" value="Sign In"/></div>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,16 @@
|
||||
package demo.app;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
|
||||
@SpringBootApplication
|
||||
@EnableAutoConfiguration(exclude = SecurityAutoConfiguration.class)
|
||||
public class Application {
|
||||
|
||||
public static void main(String[] args) throws Throwable {
|
||||
SpringApplication.run(Application.class, args);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,18 @@
|
||||
package demo.app;
|
||||
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
|
||||
|
||||
@Configuration
|
||||
public class MvcConfig extends WebMvcConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
public void addViewControllers(ViewControllerRegistry registry) {
|
||||
registry.addViewController("/home").setViewName("home");
|
||||
registry.addViewController("/").setViewName("home");
|
||||
registry.addViewController("/hello").setViewName("hello");
|
||||
registry.addViewController("/login").setViewName("login");
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,117 @@
|
||||
package demo.app;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.io.FileSystemResource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider;
|
||||
import org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator;
|
||||
import org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter;
|
||||
import org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint;
|
||||
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
|
||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||
|
||||
@Configuration
|
||||
@EnableWebMvcSecurity
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Value("${app.ad-domain}")
|
||||
private String adDomain;
|
||||
|
||||
@Value("${app.ad-server}")
|
||||
private String adServer;
|
||||
|
||||
@Value("${app.service-principal}")
|
||||
private String servicePrincipal;
|
||||
|
||||
@Value("${app.keytab-location}")
|
||||
private String keytabLocation;
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.exceptionHandling()
|
||||
.authenticationEntryPoint(spnegoEntryPoint())
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/", "/home").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login").permitAll()
|
||||
.and()
|
||||
.logout()
|
||||
.permitAll()
|
||||
.and()
|
||||
.addFilterBefore(
|
||||
spnegoAuthenticationProcessingFilter(authenticationManagerBean()),
|
||||
BasicAuthenticationFilter.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.authenticationProvider(activeDirectoryLdapAuthenticationProvider())
|
||||
.authenticationProvider(kerberosServiceAuthenticationProvider());
|
||||
}
|
||||
|
||||
@Bean
|
||||
public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
|
||||
return new ActiveDirectoryLdapAuthenticationProvider(adDomain, adServer);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SpnegoEntryPoint spnegoEntryPoint() {
|
||||
return new SpnegoEntryPoint("/login");
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SpnegoAuthenticationProcessingFilter spnegoAuthenticationProcessingFilter(
|
||||
AuthenticationManager authenticationManager) {
|
||||
SpnegoAuthenticationProcessingFilter filter = new SpnegoAuthenticationProcessingFilter();
|
||||
filter.setAuthenticationManager(authenticationManager);
|
||||
return filter;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider() {
|
||||
KerberosServiceAuthenticationProvider provider = new KerberosServiceAuthenticationProvider();
|
||||
provider.setTicketValidator(sunJaasKerberosTicketValidator());
|
||||
provider.setUserDetailsService(dummyUserDetailsService());
|
||||
return provider;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SunJaasKerberosTicketValidator sunJaasKerberosTicketValidator() {
|
||||
SunJaasKerberosTicketValidator ticketValidator = new SunJaasKerberosTicketValidator();
|
||||
ticketValidator.setServicePrincipal(servicePrincipal);
|
||||
ticketValidator.setKeyTabLocation(new FileSystemResource(keytabLocation));
|
||||
ticketValidator.setDebug(true);
|
||||
return ticketValidator;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public DummyUserDetailsService dummyUserDetailsService() {
|
||||
return new DummyUserDetailsService();
|
||||
}
|
||||
|
||||
static class DummyUserDetailsService implements UserDetailsService {
|
||||
|
||||
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
|
||||
return new User(username, "notUsed", true, true, true, true,
|
||||
AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
server:
|
||||
port: 8080
|
||||
app:
|
||||
ad-domain: EXAMPLE.ORG
|
||||
ad-server: ldap://WIN-EKBO0EQ7TS7.example.org/
|
||||
service-principal: HTTP/neo.example.org@EXAMPLE.ORG
|
||||
keytab-location: /tmp/tomcat.keytab
|
||||
@@ -0,0 +1,8 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<configuration>
|
||||
|
||||
<include resource="org/springframework/boot/logging/logback/base.xml"/>
|
||||
|
||||
<logger name="org.springframework.security" level="DEBUG"/>
|
||||
|
||||
</configuration>
|
||||
@@ -0,0 +1,10 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
|
||||
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
|
||||
<head>
|
||||
<title>Spring Security Kerberos Example</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1 th:inline="text">Hello [[${#httpServletRequest.remoteUser}]]!</h1>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,10 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
|
||||
<head>
|
||||
<title>Spring Security Kerberos Example</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome!</h1>
|
||||
<p>Click <a th:href="@{/hello}">here</a> to see a greeting.</p>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,20 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
|
||||
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
|
||||
<head>
|
||||
<title>Spring Security Kerberos Example</title>
|
||||
</head>
|
||||
<body>
|
||||
<div th:if="${param.error}">
|
||||
Invalid username and password.
|
||||
</div>
|
||||
<div th:if="${param.logout}">
|
||||
You have been logged out.
|
||||
</div>
|
||||
<form th:action="@{/login}" method="post">
|
||||
<div><label> User Name : <input type="text" name="username"/> </label></div>
|
||||
<div><label> Password: <input type="password" name="password"/> </label></div>
|
||||
<div><input type="submit" value="Sign In"/></div>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,16 @@
|
||||
package demo;
|
||||
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
|
||||
public class DummyUserDetailsService implements UserDetailsService {
|
||||
|
||||
@Override
|
||||
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
|
||||
return new User(username, "notUsed", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user