From 295b78661ae6af2b2e1ec2daf2f5db3b3422b3cc Mon Sep 17 00:00:00 2001 From: Denis Date: Sun, 31 Mar 2019 22:08:40 +0200 Subject: [PATCH] BAEL-1931 Kerberos integration in Java (#6559) * BAEL-1931 kerberos integration in java * add javadoc to manual test * use list in mini kdc builder, constructor injection in service * remove unused constant --- spring-security-sso/pom.xml | 5 +- .../spring-security-sso-kerberos/.gitignore | 2 + .../spring-security-sso-kerberos/pom.xml | 94 ++++++++++++++++ .../kerberos/client/KerberosClientApp.java | 20 ++++ .../java/kerberos/client/SampleService.java | 26 +++++ .../kerberos/client/config/AppConfig.java | 10 ++ .../client/config/KerberosConfig.java | 22 ++++ .../java/kerberos/kdc/KerberosMiniKdc.java | 35 ++++++ .../kerberos/kdc/MiniKdcConfigBuilder.java | 64 +++++++++++ .../kerberos/server/KerberizedServerApp.java | 22 ++++ .../kerberos/server/config/MvcConfig.java | 18 +++ .../server/config/WebSecurityConfig.java | 103 ++++++++++++++++++ .../server/controller/SampleController.java | 15 +++ .../service/DummyUserDetailsService.java | 16 +++ .../src/main/resources/application.properties | 6 + .../src/main/resources/minikdc-krb5.conf | 25 +++++ .../src/main/resources/minikdc.ldiff | 47 ++++++++ .../src/main/resources/templates/hello.html | 10 ++ .../src/main/resources/templates/home.html | 10 ++ .../src/main/resources/templates/login.html | 20 ++++ .../client/SampleServiceManualTest.java | 43 ++++++++ 21 files changed, 612 insertions(+), 1 deletion(-) create mode 100644 spring-security-sso/spring-security-sso-kerberos/.gitignore create mode 100644 spring-security-sso/spring-security-sso-kerberos/pom.xml create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/KerberosClientApp.java create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/SampleService.java create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/config/AppConfig.java create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/config/KerberosConfig.java create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/kdc/KerberosMiniKdc.java create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/kdc/MiniKdcConfigBuilder.java create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/KerberizedServerApp.java create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/config/MvcConfig.java create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/config/WebSecurityConfig.java create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/controller/SampleController.java create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/service/DummyUserDetailsService.java create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/resources/application.properties create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/resources/minikdc-krb5.conf create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/resources/minikdc.ldiff create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/resources/templates/hello.html create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/resources/templates/home.html create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/main/resources/templates/login.html create mode 100644 spring-security-sso/spring-security-sso-kerberos/src/test/java/kerberos/client/SampleServiceManualTest.java diff --git a/spring-security-sso/pom.xml b/spring-security-sso/pom.xml index 707f516da2..ed8ad87a62 100644 --- a/spring-security-sso/pom.xml +++ b/spring-security-sso/pom.xml @@ -18,12 +18,15 @@ spring-security-sso-auth-server spring-security-sso-ui spring-security-sso-ui-2 + spring-security-sso-kerberos 3.1.0 2.3.3.RELEASE - 2.1.1.RELEASE + 2.1.1.RELEASE + 1.0.1.RELEASE + 2.0.0-M2 diff --git a/spring-security-sso/spring-security-sso-kerberos/.gitignore b/spring-security-sso/spring-security-sso-kerberos/.gitignore new file mode 100644 index 0000000000..a90740bb66 --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/.gitignore @@ -0,0 +1,2 @@ +krb-test-workdir/ +/bin/ diff --git a/spring-security-sso/spring-security-sso-kerberos/pom.xml b/spring-security-sso/spring-security-sso-kerberos/pom.xml new file mode 100644 index 0000000000..5fb435a9b9 --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/pom.xml @@ -0,0 +1,94 @@ + + + 4.0.0 + spring-security-sso-kerberos + + + org.baeldung + spring-security-sso + 1.0.0-SNAPSHOT + + + + + + ${basedir}/src/main/resources + true + + **/* + + + + + + org.apache.maven.plugins + maven-resources-plugin + 2.7 + + + @ + + false + + + + + + + + org.springframework.boot + spring-boot-starter-security + + + org.springframework.security.kerberos + spring-security-kerberos-web + ${spring-security-kerberos.version} + + + org.springframework.security.kerberos + spring-security-kerberos-client + ${spring-security-kerberos.version} + + + org.apache.directory.jdbm + apacheds-jdbm1 + ${apacheds-jdbm1.version} + + + org.springframework.security.kerberos + spring-security-kerberos-test + + + org.apache.directory.jdbm + apacheds-jdbm1 + + + org.slf4j + slf4j-log4j12 + + + ${spring-security-kerberos.version} + + + org.springframework.boot + spring-boot-starter-test + test + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework.boot + spring-boot-starter-logging + + + + + org.springframework.boot + spring-boot-starter-thymeleaf + + + \ No newline at end of file diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/KerberosClientApp.java b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/KerberosClientApp.java new file mode 100644 index 0000000000..a353961854 --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/KerberosClientApp.java @@ -0,0 +1,20 @@ +package kerberos.client; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +import java.nio.file.Paths; + +@SpringBootApplication +class KerberosClientApp { + + static { + System.setProperty("java.security.krb5.conf", + Paths.get(".\\krb-test-workdir\\krb5.conf").normalize().toAbsolutePath().toString()); + System.setProperty("sun.security.krb5.debug", "true"); + } + + public static void main(String[] args) { + SpringApplication.run(KerberosClientApp.class, args); + } +} diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/SampleService.java b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/SampleService.java new file mode 100644 index 0000000000..4145cf0c1a --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/SampleService.java @@ -0,0 +1,26 @@ +package kerberos.client; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Service; +import org.springframework.web.client.RestTemplate; + +@Service +class SampleService { + + @Value("${app.access-url}") + private String endpoint; + + private RestTemplate restTemplate; + + public SampleService(RestTemplate restTemplate) { + this.restTemplate = restTemplate; + } + + void setRestTemplate(RestTemplate restTemplate) { + this.restTemplate = restTemplate; + } + + String getData() { + return restTemplate.getForObject(endpoint, String.class); + } +} diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/config/AppConfig.java b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/config/AppConfig.java new file mode 100644 index 0000000000..5248f648f9 --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/config/AppConfig.java @@ -0,0 +1,10 @@ +package kerberos.client.config; + +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Import; + +@Configuration +@Import(KerberosConfig.class) +class AppConfig { + +} diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/config/KerberosConfig.java b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/config/KerberosConfig.java new file mode 100644 index 0000000000..9ab775e95d --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/client/config/KerberosConfig.java @@ -0,0 +1,22 @@ +package kerberos.client.config; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.kerberos.client.KerberosRestTemplate; +import org.springframework.web.client.RestTemplate; + +@Configuration +class KerberosConfig { + + @Value("${app.user-principal}") + private String principal; + + @Value("${app.keytab-location}") + private String keytabLocation; + + @Bean + public RestTemplate restTemplate() { + return new KerberosRestTemplate(keytabLocation, principal); + } +} diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/kdc/KerberosMiniKdc.java b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/kdc/KerberosMiniKdc.java new file mode 100644 index 0000000000..60cf3ca1c2 --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/kdc/KerberosMiniKdc.java @@ -0,0 +1,35 @@ +package kerberos.kdc; + +import org.apache.commons.io.FileUtils; +import org.springframework.security.kerberos.test.MiniKdc; + +import java.io.File; +import java.io.IOException; +import java.nio.file.Path; +import java.nio.file.Paths; + +class KerberosMiniKdc { + + private static final String KRB_WORK_DIR = ".\\spring-security-sso\\spring-security-sso-kerberos\\krb-test-workdir"; + + public static void main(String[] args) throws Exception { + + String[] config = MiniKdcConfigBuilder.builder() + .workDir(prepareWorkDir()) + .confDir("minikdc-krb5.conf") + .keytabName("example.keytab") + .principals("client/localhost", "HTTP/localhost") + .build(); + + MiniKdc.main(config); + } + + private static String prepareWorkDir() throws IOException { + Path dir = Paths.get(KRB_WORK_DIR); + File directory = dir.normalize().toFile(); + + FileUtils.deleteQuietly(directory); + FileUtils.forceMkdir(directory); + return dir.toString(); + } +} diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/kdc/MiniKdcConfigBuilder.java b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/kdc/MiniKdcConfigBuilder.java new file mode 100644 index 0000000000..a9dd21a175 --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/kdc/MiniKdcConfigBuilder.java @@ -0,0 +1,64 @@ +package kerberos.kdc; + +import java.net.URI; +import java.net.URISyntaxException; +import java.net.URL; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Objects; + +class MiniKdcConfigBuilder { + + private String workDir; + private String confDir; + private String keytabName; + private Collection principals; + + private MiniKdcConfigBuilder() { + // desired + } + + static MiniKdcConfigBuilder builder() { + return new MiniKdcConfigBuilder(); + } + + MiniKdcConfigBuilder workDir(String workDir) { + this.workDir = workDir; + return this; + } + + MiniKdcConfigBuilder confDir(String cfg) { + try { + URL resource = Thread.currentThread().getContextClassLoader().getResource(cfg); + URI uri = Objects.requireNonNull(resource).toURI(); + this.confDir = Paths.get(uri).toString(); + } catch (URISyntaxException cause) { + throw new IllegalStateException("Could not resolve path for: " + cfg, cause); + } + return this; + } + + MiniKdcConfigBuilder keytabName(String keytabName) { + this.keytabName = Paths.get(workDir).resolve(keytabName).toString(); + return this; + } + + MiniKdcConfigBuilder principals(String... principals) { + this.principals = Arrays.asList(principals); + return this; + } + + String[] build() { + + Collection miniKdcConfig = new ArrayList<>(); + + miniKdcConfig.add(workDir); + miniKdcConfig.add(confDir); + miniKdcConfig.add(keytabName); + miniKdcConfig.addAll(principals); + + return miniKdcConfig.toArray(new String[0]); + } +} diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/KerberizedServerApp.java b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/KerberizedServerApp.java new file mode 100644 index 0000000000..8286013605 --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/KerberizedServerApp.java @@ -0,0 +1,22 @@ +package kerberos.server; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +import java.nio.file.Paths; + +@SpringBootApplication +public class KerberizedServerApp { + + static { + System.setProperty("java.security.krb5.conf", + Paths.get(".\\spring-security-sso\\spring-security-sso-kerberos\\krb-test-workdir\\krb5.conf") + .normalize().toAbsolutePath().toString()); + System.setProperty("sun.security.krb5.debug", "true"); + } + + public static void main(String[] args) { + + SpringApplication.run(KerberizedServerApp.class, args); + } +} diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/config/MvcConfig.java b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/config/MvcConfig.java new file mode 100644 index 0000000000..3ad07e407b --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/config/MvcConfig.java @@ -0,0 +1,18 @@ +package kerberos.server.config; + +import org.springframework.context.annotation.Configuration; +import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; + +@Configuration +class MvcConfig extends WebMvcConfigurerAdapter { + + @Override + public void addViewControllers(ViewControllerRegistry registry) { + registry.addViewController("/home").setViewName("home"); + registry.addViewController("/").setViewName("home"); + registry.addViewController("/hello").setViewName("hello"); + registry.addViewController("/login").setViewName("login"); + } + +} \ No newline at end of file diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/config/WebSecurityConfig.java b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/config/WebSecurityConfig.java new file mode 100644 index 0000000000..5d241c5823 --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/config/WebSecurityConfig.java @@ -0,0 +1,103 @@ +package kerberos.server.config; + +import kerberos.server.service.DummyUserDetailsService; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.core.io.FileSystemResource; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider; +import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider; +import org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient; +import org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator; +import org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter; +import org.springframework.security.kerberos.web.authentication.SpnegoEntryPoint; +import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; + +@Configuration +@EnableWebSecurity +class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + @Value("${app.service-principal}") + private String servicePrincipal; + + @Value("${app.keytab-location}") + private String keytabLocation; + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.exceptionHandling() + .authenticationEntryPoint(spnegoEntryPoint()) + .and() + .authorizeRequests().antMatchers("/", "/home").permitAll() + .anyRequest().authenticated() + .and() + .formLogin().loginPage("/login").permitAll() + .and() + .logout().permitAll() + .and() + .addFilterBefore(spnegoAuthenticationProcessingFilter(authenticationManagerBean()), + BasicAuthenticationFilter.class); + } + + @Bean + public AuthenticationManager anAuthenticationManager() throws Exception { + return authenticationManager(); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.authenticationProvider(kerberosAuthenticationProvider()) + .authenticationProvider(kerberosServiceAuthenticationProvider()); + } + + @Bean + public KerberosAuthenticationProvider kerberosAuthenticationProvider() { + KerberosAuthenticationProvider provider = new KerberosAuthenticationProvider(); + SunJaasKerberosClient client = new SunJaasKerberosClient(); + client.setDebug(true); + provider.setKerberosClient(client); + provider.setUserDetailsService(dummyUserDetailsService()); + return provider; + } + + @Bean + public SpnegoEntryPoint spnegoEntryPoint() { + return new SpnegoEntryPoint("/login"); + } + + @Bean + public SpnegoAuthenticationProcessingFilter spnegoAuthenticationProcessingFilter( + AuthenticationManager authenticationManager) { + SpnegoAuthenticationProcessingFilter filter = new SpnegoAuthenticationProcessingFilter(); + filter.setAuthenticationManager(authenticationManager); + return filter; + } + + @Bean + public KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider() { + KerberosServiceAuthenticationProvider provider = new KerberosServiceAuthenticationProvider(); + provider.setTicketValidator(sunJaasKerberosTicketValidator()); + provider.setUserDetailsService(dummyUserDetailsService()); + return provider; + } + + @Bean + public SunJaasKerberosTicketValidator sunJaasKerberosTicketValidator() { + SunJaasKerberosTicketValidator ticketValidator = new SunJaasKerberosTicketValidator(); + ticketValidator.setServicePrincipal(servicePrincipal); + ticketValidator.setKeyTabLocation(new FileSystemResource(keytabLocation)); + ticketValidator.setDebug(true); + return ticketValidator; + } + + @Bean + public DummyUserDetailsService dummyUserDetailsService() { + return new DummyUserDetailsService(); + } + +} diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/controller/SampleController.java b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/controller/SampleController.java new file mode 100644 index 0000000000..b1d3e6fb90 --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/controller/SampleController.java @@ -0,0 +1,15 @@ +package kerberos.server.controller; + +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +@RequestMapping("/endpoint") +class SampleController { + + @GetMapping + String getIt() { + return "data from kerberized server"; + } +} diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/service/DummyUserDetailsService.java b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/service/DummyUserDetailsService.java new file mode 100644 index 0000000000..06942d8dc7 --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/java/kerberos/server/service/DummyUserDetailsService.java @@ -0,0 +1,16 @@ +package kerberos.server.service; + +import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; + +public class DummyUserDetailsService implements UserDetailsService { + + @Override + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + return new User(username, "notUsed", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_USER")); + } + +} diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/resources/application.properties b/spring-security-sso/spring-security-sso-kerberos/src/main/resources/application.properties new file mode 100644 index 0000000000..b36575460c --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/resources/application.properties @@ -0,0 +1,6 @@ +# make sure the same data is configured in KerberosMiniKdc +# otherwise configuration/communication error will occur +app.service-principal=HTTP/localhost +app.user-principal=client/localhost +app.keytab-location=@project.basedir@\\krb-test-workdir\\example.keytab +app.access-url=http://localhost:8080/endpoint diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/resources/minikdc-krb5.conf b/spring-security-sso/spring-security-sso-kerberos/src/main/resources/minikdc-krb5.conf new file mode 100644 index 0000000000..ea1e9d1ceb --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/resources/minikdc-krb5.conf @@ -0,0 +1,25 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +[libdefaults] +default_realm = {0} +udp_preference_limit = 1 + +[realms] +{0} = '{' + kdc = {1}:{2} + '}' \ No newline at end of file diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/resources/minikdc.ldiff b/spring-security-sso/spring-security-sso-kerberos/src/main/resources/minikdc.ldiff new file mode 100644 index 0000000000..603ccb5fd9 --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/resources/minikdc.ldiff @@ -0,0 +1,47 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +dn: ou=users,dc=${0},dc=${1} +objectClass: organizationalUnit +objectClass: top +ou: users + +dn: uid=krbtgt,ou=users,dc=${0},dc=${1} +objectClass: top +objectClass: person +objectClass: inetOrgPerson +objectClass: krb5principal +objectClass: krb5kdcentry +cn: KDC Service +sn: Service +uid: krbtgt +userPassword: secret +krb5PrincipalName: krbtgt/${2}.${3}@${2}.${3} +krb5KeyVersionNumber: 0 + +dn: uid=ldap,ou=users,dc=${0},dc=${1} +objectClass: top +objectClass: person +objectClass: inetOrgPerson +objectClass: krb5principal +objectClass: krb5kdcentry +cn: LDAP +sn: Service +uid: ldap +userPassword: secret +krb5PrincipalName: ldap/${4}@${2}.${3} +krb5KeyVersionNumber: 0 \ No newline at end of file diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/resources/templates/hello.html b/spring-security-sso/spring-security-sso-kerberos/src/main/resources/templates/hello.html new file mode 100644 index 0000000000..71a756386b --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/resources/templates/hello.html @@ -0,0 +1,10 @@ + + + + Spring Security Kerberos Example + + +

Hello [[${#httpServletRequest.remoteUser}]]!

+ + diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/resources/templates/home.html b/spring-security-sso/spring-security-sso-kerberos/src/main/resources/templates/home.html new file mode 100644 index 0000000000..d8e37e443d --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/resources/templates/home.html @@ -0,0 +1,10 @@ + + + + Spring Security Kerberos Example + + +

Welcome!

+

Click here to see a greeting.

+ + diff --git a/spring-security-sso/spring-security-sso-kerberos/src/main/resources/templates/login.html b/spring-security-sso/spring-security-sso-kerberos/src/main/resources/templates/login.html new file mode 100644 index 0000000000..b96252192f --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/main/resources/templates/login.html @@ -0,0 +1,20 @@ + + + + Spring Security Kerberos Example + + +
+ Invalid username and password. +
+
+ You have been logged out. +
+
+
+
+
+
+ + diff --git a/spring-security-sso/spring-security-sso-kerberos/src/test/java/kerberos/client/SampleServiceManualTest.java b/spring-security-sso/spring-security-sso-kerberos/src/test/java/kerberos/client/SampleServiceManualTest.java new file mode 100644 index 0000000000..d0d9f0ae4b --- /dev/null +++ b/spring-security-sso/spring-security-sso-kerberos/src/test/java/kerberos/client/SampleServiceManualTest.java @@ -0,0 +1,43 @@ +package kerberos.client; + +import org.junit.FixMethodOrder; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.web.client.RestClientException; +import org.springframework.web.client.RestTemplate; + +import static org.junit.Assert.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertThrows; + +/** + * Procedure to run this manual test: + *
    + *
  1. Start {@code KerberosMiniKdc}
    2. + *
  2. Start {@code KerberizedServerApp}
    3. + *
  3. Run the test
    4. + *
+ */ +@RunWith(SpringRunner.class) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) +@FixMethodOrder +public class SampleServiceManualTest { + + @Autowired + private SampleService sampleService; + + @Test + public void a_givenKerberizedRestTemplate_whenServiceCall_thenSuccess() { + assertNotNull(sampleService); + assertEquals("data from kerberized server", sampleService.getData()); + } + + @Test + public void b_givenRestTemplate_whenServiceCall_thenFail() { + sampleService.setRestTemplate(new RestTemplate()); + assertThrows(RestClientException.class, sampleService::getData); + } +} \ No newline at end of file