From 275a4acaeaba3037913aaaaa9126dda12aa3100d Mon Sep 17 00:00:00 2001 From: Kumar Chandrakant Date: Thu, 18 Apr 2019 11:13:09 +0530 Subject: [PATCH] Adding source files for article BAEL-1932 (#6746) --- pom.xml | 5 +- spring-security-kerberos/README.md | 10 +++ spring-security-kerberos/pom.xml | 61 +++++++++++++ .../main/java/org/baeldung/Application.java | 13 +++ .../baeldung/config/WebSecurityConfig.java | 87 +++++++++++++++++++ .../security/DummyUserDetailsService.java | 16 ++++ 6 files changed, 191 insertions(+), 1 deletion(-) create mode 100644 spring-security-kerberos/README.md create mode 100644 spring-security-kerberos/pom.xml create mode 100644 spring-security-kerberos/src/main/java/org/baeldung/Application.java create mode 100644 spring-security-kerberos/src/main/java/org/baeldung/config/WebSecurityConfig.java create mode 100644 spring-security-kerberos/src/main/java/org/baeldung/security/DummyUserDetailsService.java diff --git a/pom.xml b/pom.xml index 79dab80c74..b102b5cd30 100644 --- a/pom.xml +++ b/pom.xml @@ -381,7 +381,7 @@ core-java-8 core-java-8-2 - core-java-lambdas + core-java-lambdas core-java-arrays @@ -542,6 +542,7 @@ tensorflow-java spring-boot-flowable + spring-security-kerberos @@ -769,6 +770,7 @@ tensorflow-java spring-boot-flowable + spring-security-kerberos @@ -913,6 +915,7 @@ persistence-modules/spring-hibernate-5 spring-boot-flowable + spring-security-kerberos diff --git a/spring-security-kerberos/README.md b/spring-security-kerberos/README.md new file mode 100644 index 0000000000..0338c2058c --- /dev/null +++ b/spring-security-kerberos/README.md @@ -0,0 +1,10 @@ +## @PreFilter and @PostFilter annotations + +### Build the Project ### + +``` +mvn clean install +``` + +### Relevant Articles: +- [Spring Security – Kerberos](http://www.baeldung.com/xxxxxx) diff --git a/spring-security-kerberos/pom.xml b/spring-security-kerberos/pom.xml new file mode 100644 index 0000000000..35c4ba4926 --- /dev/null +++ b/spring-security-kerberos/pom.xml @@ -0,0 +1,61 @@ + + 4.0.0 + com.baeldung + spring-security-kerberos + 0.1-SNAPSHOT + spring-security-kerberos + war + + parent-boot-1 + com.baeldung + 0.0.1-SNAPSHOT + ../parent-boot-1 + + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework.boot + spring-boot-starter-security + + + + org.springframework.security.kerberos + spring-security-kerberos-core + 1.0.1.RELEASE + + + org.springframework.security.kerberos + spring-security-kerberos-web + 1.0.1.RELEASE + + + org.springframework.security.kerberos + spring-security-kerberos-client + 1.0.1.RELEASE + + + + org.springframework.boot + spring-boot-starter-test + test + + + org.springframework.security + spring-security-test + test + + + + + + org.apache.maven.plugins + maven-war-plugin + + + + diff --git a/spring-security-kerberos/src/main/java/org/baeldung/Application.java b/spring-security-kerberos/src/main/java/org/baeldung/Application.java new file mode 100644 index 0000000000..39c2b51356 --- /dev/null +++ b/spring-security-kerberos/src/main/java/org/baeldung/Application.java @@ -0,0 +1,13 @@ +package org.baeldung; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class Application { + + public static void main(String[] args) { + SpringApplication.run(Application.class, args); + } + +} diff --git a/spring-security-kerberos/src/main/java/org/baeldung/config/WebSecurityConfig.java b/spring-security-kerberos/src/main/java/org/baeldung/config/WebSecurityConfig.java new file mode 100644 index 0000000000..49a1cf0a8e --- /dev/null +++ b/spring-security-kerberos/src/main/java/org/baeldung/config/WebSecurityConfig.java @@ -0,0 +1,87 @@ +package org.baeldung.config; + +import org.baeldung.security.DummyUserDetailsService; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.core.io.FileSystemResource; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider; +import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider; +import org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient; +import org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator; +import org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter; +import org.springframework.security.kerberos.web.authentication.SpnegoEntryPoint; +import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; + +@Configuration +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests() + .anyRequest() + .authenticated() + .and() + .addFilterBefore(spnegoAuthenticationProcessingFilter(authenticationManagerBean()), BasicAuthenticationFilter.class); + } + + @Override + @Bean + public AuthenticationManager authenticationManagerBean() throws Exception { + return super.authenticationManagerBean(); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.authenticationProvider(kerberosAuthenticationProvider()) + .authenticationProvider(kerberosServiceAuthenticationProvider()); + } + + @Bean + public KerberosAuthenticationProvider kerberosAuthenticationProvider() { + KerberosAuthenticationProvider provider = new KerberosAuthenticationProvider(); + SunJaasKerberosClient client = new SunJaasKerberosClient(); + client.setDebug(true); + provider.setKerberosClient(client); + provider.setUserDetailsService(dummyUserDetailsService()); + return provider; + } + + @Bean + public SpnegoEntryPoint spnegoEntryPoint() { + return new SpnegoEntryPoint("/login"); + } + + @Bean + public SpnegoAuthenticationProcessingFilter spnegoAuthenticationProcessingFilter(AuthenticationManager authenticationManager) { + SpnegoAuthenticationProcessingFilter filter = new SpnegoAuthenticationProcessingFilter(); + filter.setAuthenticationManager(authenticationManager); + return filter; + } + + @Bean + public KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider() { + KerberosServiceAuthenticationProvider provider = new KerberosServiceAuthenticationProvider(); + provider.setTicketValidator(sunJaasKerberosTicketValidator()); + provider.setUserDetailsService(dummyUserDetailsService()); + return provider; + } + + @Bean + public SunJaasKerberosTicketValidator sunJaasKerberosTicketValidator() { + SunJaasKerberosTicketValidator ticketValidator = new SunJaasKerberosTicketValidator(); + ticketValidator.setServicePrincipal("HTTP/demo.kerberos.bealdung.com@baeldung.com"); + ticketValidator.setKeyTabLocation(new FileSystemResource("baeldung.keytab")); + ticketValidator.setDebug(true); + return ticketValidator; + } + + @Bean + public DummyUserDetailsService dummyUserDetailsService() { + return new DummyUserDetailsService(); + } + +} \ No newline at end of file diff --git a/spring-security-kerberos/src/main/java/org/baeldung/security/DummyUserDetailsService.java b/spring-security-kerberos/src/main/java/org/baeldung/security/DummyUserDetailsService.java new file mode 100644 index 0000000000..10d71fca8f --- /dev/null +++ b/spring-security-kerberos/src/main/java/org/baeldung/security/DummyUserDetailsService.java @@ -0,0 +1,16 @@ +package org.baeldung.security; + +import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; + +public class DummyUserDetailsService implements UserDetailsService { + + @Override + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + return new User(username, "notUsed", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_USER")); + } + +} \ No newline at end of file