MULE –LDAP Provider for Spring Security

2

Setting Up an LDAP Provider for Spring Security

This page describes how you can configure a Spring Security LDAP

provider, which can be used by Mule 2.2 or later as follows:

As its security provider via SpringProviderAdapter

To perform component authorization

3

Setup

Before proceeding, ensure that you have the following .jar files in your project classpath:

spring-security-ldap-3.1.2.RELEASE.jar

spring-security-core-3.1.2.RELEASE.jar

spring-ldap-core-1.3.1.RELEASE.jar

If you do not already have these files, you can download them here:

link:https://repo.springsource.org/libs-release-local/org/springframework/security/spring-security/3.1.2.RELEASE/spring-security-3.1.2.RELEASE-dist.zip (this link contains spring-security-core-3.1.2.RELEASE.jar and spring-security-ldap-3.1.2.RELEASE under the "dist" directory)

http://s3.amazonaws.com/dist.springframework.org/release/LDAP/spring-ldap-1.3.1.RELEASE-minimal.zip (this contains spring-ldap-1.3.1.RELEASE.jar inside the "dist" directoy)

4

Declaring the Beans

You must set up two beans in Spring, a DefaultSpringSecurityContextSource and an LdapAuthenticationProvider. The DefaultSpringSecurityContextSource is the access point for obtaining an LDAP context where the LdapAuthenticationProvider provides integration with the LDAP server. For example:

You need to set up an LDAP context source that will be used by the spring security authentication provider to search and authenticate your users. Also, you need to define an authentication manager with an embedded LDAP authentication provider as shown:

5

WS-Security and SAML

<mule xmlns:ss="http://www.springframework.org/schema/security" xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security" xmlns:spring="http://www.springframework.org/schema/beans" ... version="EE-3.3.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ... xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd http://www.mulesoft.org/schema/mule/spring-security http://www.mulesoft.org/schema/mule/spring-security/current/mule-spring-security.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">...

6

WS-Security Example The WS-Security example demonstrates the different possibilities available for incorporating WS-Security into your Mule application. This example is available in the enterprise edition of Mule as of version 2.2.3.

Enabling WS-Security - Describes how to secure your CXF SOAP endpoints with WS-Security.

SAML Module - Mule now supports the SAML standard for exchange of security information between systems. This module is available in the enterprise edition of Mule as of version 2.2.3

7

<spring:beans> ... <spring:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <spring:constructor-arg value="${ldap.url}"/> <spring:property name="userDn" value="${ldap.adminDn}"/> <spring:property name="password" value="${ldap.adminPassword}"/> </spring:bean> <ss:authentication-manager alias="authenticationManager"> <ss:ldap-authentication-provider user-search-filter="(uid={0})" user-search-base="ou=People" group-search-base="ou=Group"/> </ss:authentication-manager> </spring:beans>

8

More information about the LDAP authentication provider and the different mechanisms to authenticate users against your LDAP server can be found here:

http://static.springsource.org/springsecurity/site/docs/3.1.x/reference/ldap.html