Integration of LDAP with java melody authentication.....

354 views
Skip to first unread message

svs.te...@gmail.com

unread,
Apr 13, 2016, 8:11:26 AM4/13/16
to javamelody

I am using the following filter in web.xml of my application...With the below filter am able to get authentication feature over java melody page..But is it possible integrate this authentication with LDAP.


In short when i login in localhost:8080/application/monitoring..It will ask credentials and they should be validated against LDAP instead of hardcoded values in web.xml..Is it possible to achieve this?


<filter>
        <filter-name>monitoring</filter-name>
        <filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
        <init-param>
            <param-name>allowed-addr-pattern</param-name>
            <param-value>10\.10\.10\..*|10\.10\.10\.10|10\.10\.10\..*</param-value>
        </init-param>
        <init-param>
            <param-name>authorized-users</param-name>
            <param-value>user1:pwd1, user2:pwd2</param-value>
        </init-param>

    </filter>
    <filter-mapping>
        <filter-name>monitoring</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <listener>
        <listener-class>net.bull.javamelody.SessionListener</listener-class>
    </listener>

evernat

unread,
Apr 15, 2016, 12:14:11 PM4/15/16
to javamelody
Hi,

javamelody can not integrate with LDAP by itself.

But I think that you could integrate BASIC auth with LDAP on the /monitoring URL like this :

1. add a security constraint in the WEB-INF/web.xml of your webapp :
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Monitoring</realm-name>
</login-config>
<security-role>
    <role-name>monitoring</role-name>
</security-role>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>Monitoring</web-resource-name>
        <url-pattern>/monitoring</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>monitoring</role-name>
    </auth-constraint>
    <!-- if SSL enabled (SSL and certificate must then be configured in the server)
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint> 
    -->
</security-constraint>

2. Then add a LDAP realm in Tomcat (if you are using Tomcat).
See for example:
http://www.coderanch.com/t/558205/Tomcat/Tomcat-authentication-LDAP
and https://ldapwiki.willeke.com/wiki/Tomcat%20And%20LDAP

To have access to the "/monitoring" url, authenticated users must have the "monitoring" role in LDAP, as said in the security constraint above.

Let us know what configuration works for you, it can be a good documentation to add in the user's guide.

bye,
Emeric

dileep...@gmail.com

unread,
Jul 4, 2017, 2:58:47 AM7/4/17
to javamelody
Hello Emeric,

I have tried the step you have mentioned, but this is not working for me completely. Now I am getting the authentication page but the login fails even with the AD account I have mentioned or with the generic user account used.

Could you please explain me in details how this can be done, here I am using javamelody to monitor the JIRA threads and so I want restrict the usage of Javamelody access to certain users. How this can be done?

Could you please elaborate this point "To have access to the "/monitoring" url, authenticated users must have the "monitoring" role in LDAP, as said in the security constraint above."

Thank you,

Dileep  
Reply all
Reply to author
Forward
0 new messages