Discussion:
ServiceMix and Spring Security bundles
blackman
2016-07-01 08:42:32 UTC
Permalink
Hello

I'm using ServiceMix 6.1.1 and build a bundles wich uses Spring Security
Librairies to connect to an LDAP.

I'm sorry i'm new to OSGI..


I'm using theses dependencies :

Spring security core

Spring security web

Spring security util

Spring security ldap


ServicesMix 6.1.1 uses Spring 3.1.4.RELEASE and there is already bundles for
spring security-ldap..

I've tried to use it but i'd a problem the a dependency : spring.ldap.core

So i'm tring version 4.1.0.RELEASE_1 .

is that correct ? Can'i uses a diffrent version of spring bundles of

the one Servicemix comes with (3.1.4.RELEASE_) ?

I've found the bundles for the firss three

https://repo1.maven.org/maven2/org/apache/servicemix/bundles/

but for spring secuity ldap, no way to find a bundle..

Where can'i find that bundle or how can'i build one ?


Kind regards








--
View this message in context: http://servicemix.396122.n5.nabble.com/ServiceMix-and-Spring-Security-bundles-tp5723824.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Cristiano Costantini
2016-07-01 12:35:27 UTC
Permalink
We use spring security in our project,
we have spent some time to find the right versions to use in order to make
it work,
give me some time and I'll send you the list of the bundle and feature we
do use.

Cristiano
Post by blackman
Hello
I'm using ServiceMix 6.1.1 and build a bundles wich uses Spring Security
Librairies to connect to an LDAP.
I'm sorry i'm new to OSGI..
Spring security core
Spring security web
Spring security util
Spring security ldap
ServicesMix 6.1.1 uses Spring 3.1.4.RELEASE and there is already bundles for
spring security-ldap..
I've tried to use it but i'd a problem the a dependency : spring.ldap.core
So i'm tring version 4.1.0.RELEASE_1 .
is that correct ? Can'i uses a diffrent version of spring bundles of
the one Servicemix comes with (3.1.4.RELEASE_) ?
I've found the bundles for the firss three
https://repo1.maven.org/maven2/org/apache/servicemix/bundles/
but for spring secuity ldap, no way to find a bundle..
Where can'i find that bundle or how can'i build one ?
Kind regards
--
http://servicemix.396122.n5.nabble.com/ServiceMix-and-Spring-Security-bundles-tp5723824.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Cristiano Costantini
2016-07-01 13:10:41 UTC
Permalink
Hello again,

So, here is the list of spring based bundles we are using,

***@root>la -l | grep spring
47 | Active | 50 | 2.16.3 | mvn:org.apache.camel/camel-spring/2.16.3
101 | Active | 30 | 4.0.5 |
mvn:org.apache.karaf.bundle/org.apache.karaf.bundle.springstate/4.0.5
106 | Active | 30 | 4.0.5 |
mvn:org.apache.karaf.deployer/org.apache.karaf.deployer.spring/4.0.5
147 | Active | 30 | 3.2.14.RELEASE_1 |
mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-aop/3.2.14.RELEASE_1

148 | Active | 30 | 3.2.14.RELEASE_1 |
mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-beans/3.2.14.RELEASE_1

149 | Active | 30 | 3.2.14.RELEASE_1 |
mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-context/3.2.14.RELEASE_1

150 | Active | 30 | 3.2.14.RELEASE_1 |
mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-context-support/3.2.14.RELEASE_1

151 | Active | 30 | 3.2.14.RELEASE_1 |
mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-core/3.2.14.RELEASE_1

152 | Active | 30 | 3.2.14.RELEASE_1 |
mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-expression/3.2.14.RELEASE_1

153 | Active | 30 | 3.2.14.RELEASE_1 |
mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-jms/3.2.14.RELEASE_1

154 | Active | 30 | 3.2.14.RELEASE_1 |
mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-tx/3.2.14.RELEASE_1

171 | Active | 50 | 3.18.0 | mvn:org.apache.xbean/xbean-spring/3.18
214 | Active | 30 | 1.2.1 |
mvn:org.springframework.osgi/spring-osgi-core/1.2.1
215 | Active | 30 | 1.2.1 |
mvn:org.springframework.osgi/spring-osgi-extender/1.2.1
216 | Active | 30 | 1.2.1 |
mvn:org.springframework.osgi/spring-osgi-annotation/1.2.1
217 | Active | 30 | 1.2.1 |
mvn:org.springframework.osgi/spring-osgi-io/1.2.1
288 | Active | 80 | 3.2.14.RELEASE_1 |
mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-jdbc/3.2.14.RELEASE_1

289 | Active | 80 | 1.3.2.RELEASE_3 |
mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-ldap/1.3.2.RELEASE_3
290 | Active | 80 | 3.2.14.RELEASE_1 |
mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-orm/3.2.14.RELEASE_1

299 | Active | 80 | 3.2.8.RELEASE |
mvn:org.springframework.security/spring-security-core/3.2.8.RELEASE
300 | Active | 80 | 3.2.8.RELEASE |
mvn:org.springframework.security/spring-security-ldap/3.2.8.RELEASE


please note:
- we are using ServiceMix 7.0.0.M2, not the same version as you
- with these bundles, we do successfully integrate ldap authentication in
ServiceMix via spring security
- we don't use Spring Web or Spring security Web in ServiceMix (we use them
in our web application that is connected to Servicemix, but core
authentication is managed in Servicemix)
- there was an issue with org.apache.servicemix.bundles.spring-ldap bundle:
it didn't started because it requires Spring Batch, but installing Spring
Batch is a mess. We don't use some spring-ldap feature that need Spring
Batch, so we hacked the manifest in order to make this Import-Package
optional.

Sorry I'm in a hurry and I cannot be more precise, I hope this info is
helpful to make at lest a step forward.
If you have other issues try to ask again here in the mailing list.

Regards,
Cristiano


PS. This is the imports after the modification in
org.apache.servicemix.bundles.spring-ldap,
what do think the core team? Maybe it could be applied also to the main
trunk of the Servicemix bundles project?

Import-Package =
com.sun.jndi.ldap;resolution:=optional,
com.sun.jndi.ldap.ctl;resolution:=optional,
freemarker.template;resolution:=optional,
javax.naming,
javax.naming.directory,
javax.naming.ldap,
javax.naming.spi,
javax.net.ssl,
org.apache.commons.cli;resolution:=optional;version="[1.2,2)",
org.apache.commons.lang;version="[2.4,3)",
org.apache.commons.lang.builder;version="[2.4,3)",
org.apache.commons.logging;resolution:=optional,
org.apache.commons.pool,
org.apache.commons.pool.impl,
org.springframework.batch.item.file;resolution:=optional;version="[2.0,3)",
org.springframework.batch.item.file.transform;resolution:=optional;version="[2.0,3)",
org.springframework.batch.item.support;resolution:=optional;version="[2.0,3)",
org.springframework.beans;version="[3.0,4)",
org.springframework.beans.factory;version="[3.0,4)",
org.springframework.beans.factory.config;version="[3.0,4)",
org.springframework.context;version="[3.0,4)",
org.springframework.core;version="[3.0,4)",
org.springframework.core.io;version="[3.0,4)",
org.springframework.dao;version="[3.0,4)",
org.springframework.jdbc.datasource;version="[3.0,4)",
org.springframework.orm.hibernate3;resolution:=optional;version="[3.0,4)",
org.springframework.transaction;version="[3.0,4)",
org.springframework.transaction.support;version="[3.0,4)",
org.springframework.util;version="[3.0,4)",
sun.misc;resolution:=optional







Il giorno ven 1 lug 2016 alle ore 14:35 Cristiano Costantini <
Post by Cristiano Costantini
We use spring security in our project,
we have spent some time to find the right versions to use in order to make
it work,
give me some time and I'll send you the list of the bundle and feature we
do use.
Cristiano
Post by blackman
Hello
I'm using ServiceMix 6.1.1 and build a bundles wich uses Spring Security
Librairies to connect to an LDAP.
I'm sorry i'm new to OSGI..
Spring security core
Spring security web
Spring security util
Spring security ldap
ServicesMix 6.1.1 uses Spring 3.1.4.RELEASE and there is already bundles for
spring security-ldap..
I've tried to use it but i'd a problem the a dependency : spring.ldap.core
So i'm tring version 4.1.0.RELEASE_1 .
is that correct ? Can'i uses a diffrent version of spring bundles of
the one Servicemix comes with (3.1.4.RELEASE_) ?
I've found the bundles for the firss three
https://repo1.maven.org/maven2/org/apache/servicemix/bundles/
but for spring secuity ldap, no way to find a bundle..
Where can'i find that bundle or how can'i build one ?
Kind regards
--
http://servicemix.396122.n5.nabble.com/ServiceMix-and-Spring-Security-bundles-tp5723824.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
blackman
2016-07-01 16:18:54 UTC
Permalink
thank you very much

it really Kind of you.

Are you using servicemix 7 in production?

can we use it production?

could please give a snipet of your spring ldap servicemix configuration?

and last could we use blueprint ans is it as powerful as spring under Karaf?

thank you by advance



--
View this message in context: http://servicemix.396122.n5.nabble.com/ServiceMix-and-Spring-Security-bundles-tp5723824p5723827.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Cristiano Costantini
2016-07-04 06:45:36 UTC
Permalink
Hi Blackman,
Post by blackman
Are you using servicemix 7 in production?
no, we are confident to have version 7.0.0 released before we need to
install this current development release (before we were using servicemix
5.3.0 but basically on the spring, spring ldap and spring security
ecosystem few has changed when upgrading).

Consider anyhow that ServiceMix 7.0.0.M2 is based on the stable release of
Karaf 4.0.5.
Post by blackman
can we use it production?
I cannot give warranties, for ourself, we hope to upgrade to final 7.0.0
before using in production, anyhow we have tested it quite well and for our
usage it is stable, so I don't exclude to use it in production.
Post by blackman
could please give a snipet of your spring ldap servicemix configuration?
as told you, we don't use the Spring Security Web.

In one bundle dedicated to authentication we use the the Spring Security
LDAP interface:
org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

We have tested it to work with LDAP or Active Directory:
- For LDAP we use: a
org.springframework.security.ldap.authentication.LdapAuthenticationProvider

and we initialize it this way:
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="${aocc.ldap.url}" />
<property name="userDn" value="${aocc.ldap.login.userDn}" />
<property name="password" value="${aocc.ldap.login.password}" />
</bean>

<bean id="userSearchFilter"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg value="${aocc.ldap.search.dn}" />
<constructor-arg value="${aocc.ldap.search.filter}" />
<constructor-arg ref="contextSource" />
</bean>

<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userSearch" ref="userSearchFilter"/>
</bean>
</constructor-arg>
</bean>


- For Active Directory we use:
org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider

and we initialize it this way:

<bean id="adAuthProvider"
class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<constructor-arg value="${aocc.ad.domain}" />
<constructor-arg value="${aocc.ad.url}" />
<property name="convertSubErrorCodesToExceptions" value="true" />
</bean>



and last could we use blueprint ans is it as powerful as spring under Karaf?
In theory you should be able to use Blueprint, for this bundle we use
Spring.


Hope this is of any help,
Regards

Cristiano

Loading...