FEJ uses Spring Security for authentication purposes. Security configuration is stored in fej-security.xml
file.
In-Memory Authentication
By default, FEJ container uses simple in-memory authentication.
<sec:authentication-manager id="authenticationManager"> <sec:authentication-provider> <sec:user-service id="userDetailsService" properties="users.properties"/> </sec:authentication-provider> </sec:authentication-manager>
Users are stored in the external properties file named users.properties
. It contains single user test
with password test
and role ROLE_ADMIN
:
$ pwd /usr/share/fixedgej-1.0.0/conf $ cat users.properties test=test,ROLE_ADMIN,enabled
LDAP authentication
FEJ also supports authentication against an LDAP server.
Before getting deep into LDAP authentication, let’s get familiar with some LDAP terms.
Term | Description |
---|---|
Dn | Distinguished name, a unique name which is used to find user in LDAP server e.g. Microsoft Active Directory. |
Ou | Organization Unit. |
Bind | LDAP Bind is an operation in which LDAP clients sends bindRequest to LDAP user including username and password and if |
Search | LDAP search is the operation which is performed to retrieve Dn of user by using some user credentials. |
Root | LDAP directory’s top element, like root of a tree. |
BaseDn | a branch in LDAP tree which can be used as base for LDAP search operation. |
When the LDAP authentication option is activated, the default single user mode is turned off.