Pages

Thursday, July 7, 2016

Connect Ldap using Java

LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet. LDAP is a "lightweight" (smaller amount of code) version of Directory Access Protocol (DAP), which is part of X.500, a standard for directory services in a network.
Directory structure strings:
rdnRelative Distinguished Name
dnDistinguished Name
cnCommon Name
ouOrganizational Unit
dcDomain Component
snSurName
As an example, the Entry look like was:
dn: cn=Joe Smith,ou=East,dc=MyDomain,dc=com
 cn: John Doe
 givenName: John
 sn: Doe
 telephoneNumber: +1 888 555 6789
 telephoneNumber: +1 888 555 1232
 mail: john@example.com
 manager: cn=Barbara Doe,dc=example,dc=com
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 objectClass: person
 objectClass: top

Thursday, January 28, 2016

Convert JKS into PEM using Keytool


Below are the steps to convert the JKS keystore file into CRT / PEM files(certs/keys)

  1. Generate PKCS12 file format with the Keystore jks file
    keytool -importkeystore -srckeystore <keystore.jks> -destkeystore <keystore.p12> -deststoretype PKCS12 -srcalias <aliasName> -deststorepass <password> -destkeypass <password>In above keystore.jks is input Keystore file
             keystore.p12 is the output PKCS12 file.
             aliasName was the entry name in keystore file.
             password is the password for the output file.
    Example:
    >keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias selfsigned -deststorepass password -destkeypass password
    Enter source keystore password:
  2. Now convert the PKCS12 format into PEM format:
    1. Generate certificate in pem format without private keys:
      >openssl pkcs12 -in <keystore.p12>  -nokeys -out <cert.pem>
      in above keystore.p12 is the input file in PKCS12 format
                     cert.pem is the output file in PEM format.
      example:
      >openssl pkcs12 -in keystore.p12  -nokeys -out cert.pem
      Enter Import Password:
      MAC verified OK
    2. Generate private key in pem format without certificate:
      >openssl pkcs12 -in keystore.p12  -nodes -nocerts -out key.pem
      Enter Import Password:
      MAC verified OK
  3. Additionally convert the keystore jks file into CRT format:
    keytool -exportcert -file <keystore.crt> -keystore <keystore.jks> -alias <aliasName>
    in above keystore.jks is the input Keystore jks file
                 aliasName is the entry name in the keystore file
                 keystore.crt is the output CRT file.
    >keytool -exportcert -file keystore.crt -keystore keystore.jks -alias selfsigned
    Enter keystore password:
    Certificate stored in file <keystore.crt>

Friday, December 11, 2015

Spring Security with Md5 password encoder Authentication


Spring Security to a web application with md5 password encoder


  1. Required Maven Libraries:
  2.  1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    <dependency>
     <groupId>org.springframework</groupId>
     <artifactId>spring-core</artifactId>
    </dependency>
    <dependency>
     <groupId>org.springframework</groupId>
     <artifactId>spring-beans</artifactId>
    </dependency>
    <dependency>
     <groupId>org.springframework</groupId>
     <artifactId>spring-context</artifactId>
    </dependency>
    <dependency>
     <groupId>org.springframework</groupId>
     <artifactId>spring-web</artifactId>
    </dependency>
    <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-web</artifactId>
    </dependency>
    <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-config</artifactId>
    </dependency>
    
  3. Configuration files:
    1. MD5 Password Encoder script(md5encoder.sh)
    2. 1
      2
      3
      4
      5
      6
      7
      #!/bin/bash
      ##########################################################################
      # Name  : MD5 Password Encoder for PRISM API 
      ##########################################################################
      echo "Please enter password to be encoded:"
      read md5pass
      echo -n $md5pass | md5sum | awk '{print $1}'
      
    3. User Profiles(profiles.properties)
    4. 1
      2
      3
      # Basic Authentication credentials in APP
      # Format  is <username> = <md5encodedpassword>,<userRole>,<isUserEnabled> 
      candy=5f4dcc3b5aa765d61d8327deb882cf99,ROLE_USER,enabled
      
    5. Spring context xml(security-app-context.xml)
    6.  1
       2
       3
       4
       5
       6
       7
       8
       9
      10
      11
      12
      13
      14
      15
      16
      17
      18
      19
      20
      21
      22
      23
      24
      25
      26
      27
      28
      29
      30
      31
      32
      33
      34
      35
      <?xml version="1.0" encoding="UTF-8"?>
      <beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
                 http://www.springframework.org/schema/security
                 http://www.springframework.org/schema/security/spring-security-3.1.xsd">
      
       <security:http entry-point-ref="authenticationEntryPoint"
        use-expressions="true">
        <security:intercept-url pattern="/**"  access="hasAnyRole ( 'ROLE_USER')" />
         <security:logout invalidate-session="true" delete-cookies="JSESSIONID,SPRING_SECURITY_REMEMBER_ME_COOKIE" />
        <security:custom-filter ref="basicAuthenticationFilter" position="BASIC_AUTH_FILTER" />
       </security:http>
       
       <bean id="basicAuthenticationFilter"
        class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
        <property name="authenticationManager" ref="authManager" />
        <property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
       </bean>
       <bean id="authenticationEntryPoint"
        class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
        <property name="realmName" value="PRISM" />
       </bean>
      
       <bean id="md5encoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder">
       </bean>
       <security:authentication-manager alias="authManager"> 
        <security:authentication-provider>
            <security:password-encoder ref="md5encoder" />
         <security:user-service id="userDetailsService" properties="file:{path}/profiles.properties"/>
        </security:authentication-provider>
       </security:authentication-manager>
      </beans>
      
    7. Web application xml(web.xml)
    8.  1
       2
       3
       4
       5
       6
       7
       8
       9
      10
      11
      12
      13
      14
      <context-param>  
       <param-name>contextConfigLocation</param-name>  
       <param-value>file:{path}/security-app-context.xml</param-value>
      </context-param>
      <!-- security start -->
      <filter>
       <filter-name>springSecurityFilterChain</filter-name>
       <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      </filter>
      <filter-mapping>
       <filter-name>springSecurityFilterChain</filter-name>
       <url-pattern>/*</url-pattern>
      </filter-mapping>
      <!-- security end -->