Security configuration
FEJ uses Spring Security for authentication purposes. Security configuration is stored in fej-security.xml file.
In-Memory Authentication
By default, FEJ container uses simple in-memory authentication.
<sec:authentication-manager id="authenticationManager">
<sec:authentication-provider>
<sec:user-service id="userDetailsService" properties="users.properties"/>
</sec:authentication-provider>
</sec:authentication-manager>
Users are stored in the external properties file named users.properties. It contains single user test with password test and role ROLE_ADMIN:
$ pwd /usr/share/fixedgej-1.0.0/conf $ cat users.properties test=test,ROLE_ADMIN,enabled
LDAP authentication
FEJ also supports authentication against an LDAP server.
Before getting deep into LDAP authentication, let’s get familiar with some LDAP terms.
| Term | Description |
|---|---|
Dn | Distinguished name, a unique name which is used to find user in LDAP server e.g. Microsoft Active Directory. |
Ou | Organization Unit. |
Bind | LDAP Bind is an operation in which LDAP clients sends bindRequest to LDAP user including username and password and if |
Search | LDAP search is the operation which is performed to retrieve Dn of user by using some user credentials. |
Root | LDAP directory’s top element, like root of a tree. |
BaseDn | a branch in LDAP tree which can be used as base for LDAP search operation. |
When the LDAP authentication option is activated, the default single user mode is turned off.