Package org.summerboot.jexpress.security.auth

Class AuthConfig

java.lang.Object
org.summerboot.jexpress.boot.config.BootConfig
org.summerboot.jexpress.security.auth.AuthConfig
All Implemented Interfaces:
JExpressConfig
public class AuthConfig extends BootConfig
Author:
Changski Tie Zheng Zhang 张铁铮, 魏泽北, 杜旺财, 杜富贵

  • Field Details

    • cfg

      public static final AuthConfig cfg

    • typeAD

      @ConfigHeader(title="1.1 LDAP connection settings") @Config(key="ldap.type.AD", desc="set it true only when LDAP is implemented by Microsoft Active Directory (AD)\nfalse when use others like Open LDAP, IBM Tivoli, Apache") protected volatile boolean typeAD

    • ldapHost

      @Config(key="ldap.host", desc="LDAP will be disabled when host is not provided") protected volatile String ldapHost

    • ldapPort

      @Config(key="ldap.port", desc="LDAP 389, LDAP over SSL 636, AD global 3268, AD global voer SSL 3269") protected volatile int ldapPort

    • ldapBaseDN

      @Config(key="ldap.baseDN") protected volatile String ldapBaseDN

    • bindingUserDN

      @Config(key="ldap.bindingUserDN") protected volatile String bindingUserDN

    • bindingPassword

      @Config(key="ldap.bindingPassword", validate=Encrypted) protected volatile String bindingPassword

    • passwordAlgorithm

      @Config(key="ldap.PasswordAlgorithm", defaultValue="SHA3-256") protected volatile String passwordAlgorithm

    • ldapScheamTenantGroupOU

      @Config(key="ldap.schema.TenantGroup.ou") protected volatile String ldapScheamTenantGroupOU

    • kmf

      @ConfigHeader(title="1.2 LDAP Client keystore") @Config(key="ldap.ssl.KeyStore", StorePwdKey="ldap.ssl.KeyStorePwd", AliasKey="ldap.ssl.KeyAlias", AliasPwdKey="ldap.ssl.KeyPwd", desc="Path to key store file. Use SSL/TLS when keystore is provided, otherwise use plain socket") protected volatile KeyManagerFactory kmf

    • ldapTLSProtocol

      @Config(key="ldap.ssl.protocol") protected volatile String ldapTLSProtocol

    • ldapSSLConnectionFactoryClassName

      @Config(key="ldap.SSLConnectionFactoryClass") protected volatile String ldapSSLConnectionFactoryClassName

    • tmf

      @ConfigHeader(title="1.3 LDAP Client truststore") @Config(key="ldap.ssl.TrustStore", StorePwdKey="ldap.ssl.TrustStorePwd", desc="Path to trust store file. Auth the remote peer certificate when a truststore is provided, otherwise blindly trust all remote peer certificate") protected volatile TrustManagerFactory tmf

    • ldapConfig

      protected volatile Properties ldapConfig

    • KEY_privateKeyFile

      protected static final String KEY_privateKeyFile
      See Also:

    • KEY_privateKeyPwd

      protected static final String KEY_privateKeyPwd
      See Also:

    • KEY_publicKeyFile

      protected static final String KEY_publicKeyFile
      See Also:

    • JWT_PRIVATE_KEY_FILE

      protected static final String JWT_PRIVATE_KEY_FILE
      See Also:

    • JWT_PUBLIC_KEY_FILE

      protected static final String JWT_PUBLIC_KEY_FILE
      See Also:

    • privateKeyFile

      @ConfigHeader(title="2. JWT", example="To generate the keypair manually:\nstep1. generate keypair: openssl genrsa -des3 -out keypair.pem 4096 \nstep2. export public key: openssl rsa -in keypair.pem -outform PEM -pubout -out jwt_public.key \nstep3. export private key: openssl rsa -in keypair.pem -out private_unencrypted.pem -outform PEM \nstep4. encrypt and convert private key from PKCS#1 to PKCS#8: openssl pkcs8 -topk8 -inform PEM -outform PEM -in private_unencrypted.pem -out jwt_private.key") @Config(key="jwt.asymmetric.SigningKeyFile", desc="Path to an encrypted RSA private key file in PKCS#8 format with minimal 2048 key size", callbackMethodName4Dump="generateTemplate_privateKeyFile") protected volatile File privateKeyFile

    • privateKeyPwd

      @Config(key="jwt.asymmetric.SigningKeyPwd", validate=Encrypted, desc="The password of this private key", callbackMethodName4Dump="generateTemplate_privateKeyPwd") protected volatile String privateKeyPwd

    • publicKeyFile

      @Config(key="jwt.asymmetric.ParsingKeyFile", desc="Path to the public key file corresponding to this private key", callbackMethodName4Dump="generateTemplate_publicKeyFile") protected volatile File publicKeyFile

    • symmetricKey

      @Config(key="jwt.symmetric.key", validate=Encrypted, desc="HMAC-SHA key for bothe signing and parsing, it will be ignored when asymmetric one is specified.\nUse this command to generate this key: java -jar <app>.jar -jwt <HS256, HS384, HS512>") protected volatile String symmetricKey

    • jwtSigningKey

      protected volatile Key jwtSigningKey

    • jwtParser

      protected volatile io.jsonwebtoken.JwtParser jwtParser

    • jwtTTLMinutes

      @Config(key="jwt.ttl.minutes") protected volatile int jwtTTLMinutes

    • jwtIssuer

      @Config(key="jwt.issuer") protected volatile String jwtIssuer

    • roles

      @ConfigHeader(title="3. Role mapping", desc="Map the role (defined as @RolesAllowed({\"AppAdmin\"})) with user group (no matter the group is defined in LDAP or DB)", format="roles.<role name>.groups=csv list of groups\nroles.<role name>.users=csv list of users", example="the following example maps one group(AppAdmin_Group) and two users(johndoe, janejoe) to a role(AppAdmin)\nroles.AppAdmin.groups=AppAdmin_Group\nroles.AppAdmin.users=johndoe, janejoe", callbackMethodName4Dump="generateTemplate_DumpRoleMapping") protected Map<String,RoleMapping> roles

    • declareRoles

      protected final Set<String> declareRoles

  • Constructor Details

    • AuthConfig

      protected AuthConfig()

  • Method Details

    • main

      public static void main(String[] args)

    • temp

      public AuthConfig temp()
      Specified by:
      temp in interface JExpressConfig
      Overrides:
      temp in class BootConfig
      Returns:
      null - disable reload

    • shutdown

      public void shutdown()

    • generateTemplate_privateKeyFile

      protected void generateTemplate_privateKeyFile(StringBuilder sb)

    • generateTemplate_privateKeyPwd

      protected void generateTemplate_privateKeyPwd(StringBuilder sb)

    • generateTemplate_publicKeyFile

      protected void generateTemplate_publicKeyFile(StringBuilder sb)

    • generateTemplate_DumpRoleMapping

      protected void generateTemplate_DumpRoleMapping(StringBuilder sb)
      called by @ConfigHeader.callbackMethodName4Dump value
      Parameters:
      sb -

    • loadCustomizedConfigs

      protected void loadCustomizedConfigs(File cfgFile, boolean isReal, ConfigUtil helper, Properties props) throws IOException, org.bouncycastle.operator.OperatorCreationException, GeneralSecurityException
      Specified by:
      loadCustomizedConfigs in class BootConfig
      Throws:
      IOException
      org.bouncycastle.operator.OperatorCreationException
      GeneralSecurityException

    • getLdapHost

      public String getLdapHost()

    • getLdapPort

      public int getLdapPort()

    • getLdapBaseDN

      public String getLdapBaseDN()

    • getBindingUserDN

      public String getBindingUserDN()

    • getLdapScheamTenantGroupOU

      public String getLdapScheamTenantGroupOU()

    • getPasswordAlgorithm

      public String getPasswordAlgorithm()

    • setPasswordAlgorithm

      public void setPasswordAlgorithm(String passwordAlgorithm)

    • getLdapSSLConnectionFactoryClassName

      public String getLdapSSLConnectionFactoryClassName()

    • getLdapTLSProtocol

      public String getLdapTLSProtocol()

    • isTypeAD

      public boolean isTypeAD()

    • getLdapConfig

      public Properties getLdapConfig()

    • getJwtSigningKey

      public Key getJwtSigningKey()

    • getJwtParser

      public io.jsonwebtoken.JwtParser getJwtParser()

    • getJwtIssuer

      public String getJwtIssuer()

    • getJwtTTLMinutes

      public int getJwtTTLMinutes()

    • getRole

      public RoleMapping getRole(String role)

    • getRoles

      public Map<String,RoleMapping> getRoles()

    • getBindingPassword

      public String getBindingPassword()

    • getKmf

      public KeyManagerFactory getKmf()

    • getTmf

      public TrustManagerFactory getTmf()

    • getPrivateKeyFile

      public File getPrivateKeyFile()

    • getPrivateKeyPwd

      public String getPrivateKeyPwd()

    • getPublicKeyFile

      public File getPublicKeyFile()

    • getSymmetricKey

      public String getSymmetricKey()

    • addDeclareRoles

      public void addDeclareRoles(Set<String> scanedDeclareRoles)

    • getDeclareRoles

      public Set<String> getDeclareRoles()