-
Notifications
You must be signed in to change notification settings - Fork 224
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SES-36: More Kerberos sample configurations
- Loading branch information
Mike Wiesner
committed
Mar 4, 2010
1 parent
20544c2
commit fa6dbfa
Showing
8 changed files
with
216 additions
and
17 deletions.
There are no files selected for viewing
6 changes: 6 additions & 0 deletions
6
spring-security-kerberos-sample/src/main/webapp/WEB-INF/sample-krb.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
[libdefaults] | ||
default_realm = SPRINGSOURCE.COM | ||
[realms] | ||
SPRINGSOURCE.COM = { | ||
kdc = kdc.springsource.com | ||
} |
40 changes: 40 additions & 0 deletions
40
spring-security-kerberos-sample/src/main/webapp/WEB-INF/server-side-kerberos.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<beans xmlns="http://www.springframework.org/schema/beans" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security" | ||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd | ||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> | ||
|
||
<!-- This configuration uses SPNEGO by default, but one could also use a form if he directly goes to /login.html --> | ||
<sec:http> | ||
<sec:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_FULLY" /> | ||
<sec:form-login login-page="/login.html" default-target-url="/secure/index.jsp"/> | ||
</sec:http> | ||
|
||
<sec:authentication-manager alias="authenticationManager"> | ||
<sec:authentication-provider ref="kerberosAuthenticationProvider"/> | ||
</sec:authentication-manager> | ||
|
||
<bean id="kerberosAuthenticationProvider" | ||
class="org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider"> | ||
<property name="kerberosClient"> | ||
<bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosClient"> | ||
<property name="debug" value="true"/> | ||
</bean> | ||
</property> | ||
<property name="userDetailsService" ref="dummyUserDetailsService"/> | ||
</bean> | ||
|
||
<bean | ||
class="org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig"> | ||
<property name="debug" value="true" /> | ||
<!-- You can point to a different kerberos config location here, if you don't want the default one --> | ||
<!-- <property name="krbConfLocation" value="/etc/krb5.conf"/> --> | ||
</bean> | ||
|
||
<!-- | ||
Just returns the User authenticated by Kerberos and gives him the | ||
ROLE_USER | ||
--> | ||
<bean id="dummyUserDetailsService" | ||
class="org.springframework.security.extensions.kerberos.sample.DummyUserDetailsService" /> | ||
</beans> |
58 changes: 58 additions & 0 deletions
58
spring-security-kerberos-sample/src/main/webapp/WEB-INF/spnego-with-form-login.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<beans xmlns="http://www.springframework.org/schema/beans" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security" | ||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd | ||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> | ||
|
||
<!-- This configuration uses SPNEGO by default, but one could also use a form if he directly goes to /login.html --> | ||
<sec:http entry-point-ref="spnegoEntryPoint"> | ||
<sec:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_FULLY" /> | ||
<sec:custom-filter ref="spnegoAuthenticationProcessingFilter" | ||
position="BASIC_AUTH_FILTER" /> | ||
<sec:form-login login-page="/login.html" default-target-url="/secure/index.jsp"/> | ||
</sec:http> | ||
|
||
<bean id="spnegoEntryPoint" | ||
class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" /> | ||
|
||
<bean id="spnegoAuthenticationProcessingFilter" | ||
class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter"> | ||
<property name="authenticationManager" ref="authenticationManager" /> | ||
</bean> | ||
|
||
<sec:authentication-manager alias="authenticationManager"> | ||
<sec:authentication-provider ref="kerberosServiceAuthenticationProvider" /> <!-- Used with SPNEGO --> | ||
<sec:authentication-provider user-service-ref="dummyUserDetailsService"/> <!-- Used with form login --> | ||
</sec:authentication-manager> | ||
|
||
|
||
|
||
<bean id="kerberosServiceAuthenticationProvider" | ||
class="org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider"> | ||
<property name="ticketValidator"> | ||
<bean | ||
class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator"> | ||
<property name="servicePrincipal" value="HTTP/web.springsource.com" /> | ||
<!-- Setting keyTabLocation to a classpath resource will most likely not work in a Java EE application Server --> | ||
<!-- See the Javadoc for more information on that --> | ||
<property name="keyTabLocation" value="/etc/web-springsource-com.keytab" /> | ||
<property name="debug" value="true" /> | ||
</bean> | ||
</property> | ||
<property name="userDetailsService" ref="dummyUserDetailsService" /> | ||
</bean> | ||
|
||
<!-- This bean definition enables a very detailed Kerberos logging --> | ||
<bean | ||
class="org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig"> | ||
<property name="debug" value="true" /> | ||
</bean> | ||
|
||
<!-- | ||
Just returns the User authenticated by Kerberos and gives him the | ||
ROLE_USER | ||
--> | ||
<bean id="dummyUserDetailsService" | ||
class="org.springframework.security.extensions.kerberos.sample.DummyUserDetailsService" /> | ||
|
||
</beans> |
66 changes: 66 additions & 0 deletions
66
...urity-kerberos-sample/src/main/webapp/WEB-INF/spnego-with-server-side-kerberos-option.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<beans xmlns="http://www.springframework.org/schema/beans" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security" | ||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd | ||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> | ||
|
||
<!-- This configuration uses SPNEGO by default, but one could also use a form if he directly goes to /login.html --> | ||
<sec:http entry-point-ref="spnegoEntryPoint"> | ||
<sec:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_FULLY" /> | ||
<sec:custom-filter ref="spnegoAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" /> | ||
<sec:form-login login-page="/login.html" default-target-url="/secure/index.jsp"/> | ||
</sec:http> | ||
|
||
<bean id="spnegoEntryPoint" | ||
class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" /> | ||
|
||
<bean id="spnegoAuthenticationProcessingFilter" | ||
class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter"> | ||
<property name="authenticationManager" ref="authenticationManager" /> | ||
</bean> | ||
|
||
<sec:authentication-manager alias="authenticationManager"> | ||
<sec:authentication-provider ref="kerberosServiceAuthenticationProvider" /> <!-- Used with SPNEGO --> | ||
<sec:authentication-provider ref="kerberosAuthenticationProvider"/> <!-- Used with form login --> | ||
</sec:authentication-manager> | ||
|
||
<bean id="kerberosAuthenticationProvider" | ||
class="org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider"> | ||
<property name="kerberosClient"> | ||
<bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosClient"> | ||
<property name="debug" value="true"/> | ||
</bean> | ||
</property> | ||
<property name="userDetailsService" ref="dummyUserDetailsService"/> | ||
</bean> | ||
|
||
<bean id="kerberosServiceAuthenticationProvider" | ||
class="org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider"> | ||
<property name="ticketValidator"> | ||
<bean | ||
class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator"> | ||
<property name="servicePrincipal" value="HTTP/web.springsource.com" /> | ||
<!-- Setting keyTabLocation to a classpath resource will most likely not work in a Java EE application Server --> | ||
<!-- See the Javadoc for more information on that --> | ||
<property name="keyTabLocation" value="/etc/web-springsource-com.keytab" /> | ||
<property name="debug" value="true" /> | ||
</bean> | ||
</property> | ||
<property name="userDetailsService" ref="dummyUserDetailsService" /> | ||
</bean> | ||
|
||
<bean | ||
class="org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig"> | ||
<property name="debug" value="true" /> | ||
<!-- You can point to a different kerberos config location here, if you don't want the default one --> | ||
<!-- <property name="krbConfLocation" value="/etc/krb5.conf"/> --> | ||
</bean> | ||
|
||
<!-- | ||
Just returns the User authenticated by Kerberos and gives him the | ||
ROLE_USER | ||
--> | ||
<bean id="dummyUserDetailsService" | ||
class="org.springframework.security.extensions.kerberos.sample.DummyUserDetailsService" /> | ||
|
||
</beans> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
18 changes: 18 additions & 0 deletions
18
spring-security-kerberos-sample/src/main/webapp/login.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
<html><head><title>Login Page</title></head><body onload='document.f.j_username.focus();'> | ||
<h3>Login with Username and Password</h3><form name='f' action='/spring-security-kerberos-sample/j_spring_security_check' method='POST'> | ||
<ul> | ||
<li>With "spnego-with-form-login.xml" active, you can enter any username and password is always "notUsed".</li> | ||
<li>With "spnego-with-server-side-kerberos-option.xml" or "server-side-kerberos.xml" active, you can enter any Kerberos user with the corresponding password.</li> | ||
<li>The login doesn't work with "spnego.xml" active</li> | ||
</ul> | ||
You can activate the different configurations in web.xml. | ||
|
||
|
||
<table> | ||
<tr><td>User:</td><td><input type='text' name='j_username' value=''></td></tr> | ||
<tr><td>Password:</td><td><input type='password' name='j_password'/></td></tr> | ||
<tr><td colspan='2'><input name="submit" type="submit"/></td></tr> | ||
<tr><td colspan='2'><input name="reset" type="reset"/></td></tr> | ||
</table> | ||
</form> | ||
</body></html> |