Tag: LDAP

Activiti BPM Tutorial – LDAP

1.1 LDAP Configuration using XML
1.2 LDAP Configuration XML User Test
1.3 LDAP Configuration XML Group Test
2.1 LDAP Configuration using Annotations
2.2 LDAP Configuration Annotations User Test
2.3 LDAP Configuration Annotations Group Test

1.1 LDAP Configuration using XML

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		xsi:schemaLocation="http://www.springframework.org/schema/beans
				http://www.springframework.org/schema/beans/spring-beans.xsd">

	<bean id="processEngineConfiguration" class="org.activiti.engine.impl.cfg.StandaloneProcessEngineConfiguration">
  
    <property name="jdbcUrl" value="jdbc:h2:mem:activiti;DB_CLOSE_DELAY=1000" />
    <property name="jdbcDriver" value="org.h2.Driver" />
    <property name="jdbcUsername" value="sa" />
    <property name="jdbcPassword" value="" />
    <property name="history" value="full" />
    <property name="databaseSchemaUpdate" value="true" />
    
    <property name="jobExecutorActivate" value="true" />
    
    <property name="configurators">
          <list>
              <bean class="org.activiti.ldap.LDAPConfigurator">
              
                <!-- Server connection params -->
                <property name="server" value="ldap://localhost" />
                <property name="port" value="10389" />
                <property name="user" value="uid=admin,ou=system" />
                <property name="password" value="secret" />
                
                <!-- Query params -->
                <property name="baseDn" value="" /> 
                <property name="queryUserByUserId" value="(&amp;(objectClass=inetOrgPerson)(uid={0}))" />
                <property name="queryUserByFullNameLike" value="(&amp;(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))" />
                <property name="queryGroupsForUser" value="(&amp;(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />
                
                <!-- Attribute config -->
                <property name="userIdAttribute" value="uid" />
                <property name="userFirstNameAttribute" value="cn" />
                <property name="userLastNameAttribute" value="sn" />
                
                <property name="groupIdAttribute" value="cn" />
                <property name="groupNameAttribute" value="cn" />
                
              </bean>
          </list>
      </property>
  </bean>
  
</beans>

1.2 LDAP Configuration XML Test

package com.nuke.activiti.ldap;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;

import org.activiti.engine.identity.User;
import org.activiti.engine.test.ActivitiRule;
import org.junit.Rule;
import org.junit.Test;

import com.nuke.activiti.common.AbstractTest;

public class LDAPUserTest extends AbstractTest {

	@Rule
	public ActivitiRule activitiRule = new ActivitiRule("activiti.cfg.xml");

	@Test
	public void testCheckLogin() {
		boolean validated = activitiRule.getIdentityService().checkPassword("kermit", "kermit");
		assertTrue(validated);
	}
	
	@Test
	public void testCheckLoginFailure() {
		boolean validated = activitiRule.getIdentityService().checkPassword("kermit", "kermit2");
		assertFalse(validated);
	}
	
	@Test
	public void findUserById() throws Exception {
		User user = activitiRule.getIdentityService().createUserQuery().userId("kermit").singleResult();
		assertNotNull(user);
		assertEquals("kermit", user.getId());
		assertEquals("kermit", user.getLastName());
	}
}

1.3 LDAP Configuration XML Group Test

package com.nuke.activiti.ldap;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;

import java.util.List;

import org.activiti.engine.identity.Group;
import org.activiti.engine.test.ActivitiRule;
import org.junit.Rule;
import org.junit.Test;

import com.nuke.activiti.common.AbstractTest;

public class LDAPGroupTest extends AbstractTest {

	@Rule
	public ActivitiRule activitiRule = new ActivitiRule("activiti.cfg.xml");
		
	@Test
	public void findGroupByMember() throws Exception {
		List<Group> groupList = activitiRule.getIdentityService().createGroupQuery().groupMember("kermit").list();
		for (Group group : groupList){
			System.out.println(group.getName());
		}
		assertNotNull(groupList);
		assertEquals(3, groupList.size());
	}

}

2.1 LDAP Configuration using Annotations

package com.nuke.ldap;

import org.activiti.ldap.LDAPConfigurator;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;

@Configuration
public class LDAPConfiguration {

	@Bean
	public LDAPConfigurator LDAPConfig(){
		LDAPConfigurator ldapConfig = new LDAPConfigurator();
		
		ldapConfig.setServer("localhost");
		ldapConfig.setPort(10389);
		ldapConfig.setUser("uid=admin,ou=system");
		ldapConfig.setPassword("secret");
		
		ldapConfig.setBaseDn("");
		ldapConfig.setQueryUserByUserId("(&(objectClass=inetOrgPerson)(uid={0}))");
		ldapConfig.setQueryUserByFullNameLike("(&(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))");
		ldapConfig.setQueryGroupsForUser("(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))");
		
		ldapConfig.setUserIdAttribute("uid");
		ldapConfig.setUserFirstNameAttribute("cn");
		ldapConfig.setUserLastNameAttribute("sn");
		
		ldapConfig.setGroupIdAttribute("cn");
		ldapConfig.setGroupNameAttribute("cn");
		
		return ldapConfig;
	}
}

package com.nuke.config;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;

import javax.persistence.EntityManagerFactory;
import javax.sql.DataSource;

import org.activiti.engine.ProcessEngineConfiguration;
import org.activiti.engine.cfg.ProcessEngineConfigurator;
import org.activiti.engine.impl.HistoryServiceImpl;
import org.activiti.engine.impl.IdentityServiceImpl;
import org.activiti.engine.impl.ManagementServiceImpl;
import org.activiti.engine.impl.RepositoryServiceImpl;
import org.activiti.engine.impl.RuntimeServiceImpl;
import org.activiti.engine.impl.TaskServiceImpl;
import org.activiti.engine.impl.cfg.ProcessEngineConfigurationImpl;
import org.activiti.engine.impl.history.HistoryLevel;
import org.activiti.engine.test.ActivitiRule;
import org.activiti.ldap.LDAPConfigurator;
import org.activiti.spring.SpringProcessEngineConfiguration;
import org.activiti.spring.annotations.AbstractActivitiConfigurer;
import org.activiti.spring.annotations.EnableActiviti;
import org.apache.commons.dbcp.BasicDataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.orm.jpa.JpaTransactionManager;
import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean;
import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;

import com.nuke.ldap.LDAPConfiguration;

@Configuration
@EnableActiviti
@EnableTransactionManagement(proxyTargetClass = true)
@Import({LDAPConfiguration.class})
//@PropertySource("file:conf/lc-merged.properties")
public class ActivitConfiguration {
 
	@Autowired
	LDAPConfigurator ldapConfigurator;
	
    @Bean
    public DataSource inMemoryDataSource() {
        BasicDataSource basicDataSource = new BasicDataSource();
        basicDataSource.setUsername("sa");
        basicDataSource.setUrl("jdbc:h2:mem:activiti");
        basicDataSource.setDefaultAutoCommit(false);
        basicDataSource.setDriverClassName(org.h2.Driver.class.getName());
        basicDataSource.setPassword("");
        return basicDataSource;
    }

    @Bean
    public LocalContainerEntityManagerFactoryBean entityManagerFactoryBean(DataSource inMemoryDataSource) {
	  LocalContainerEntityManagerFactoryBean localContainerEntityManagerFactoryBean = new LocalContainerEntityManagerFactoryBean();
      localContainerEntityManagerFactoryBean.setDataSource(inMemoryDataSource);
      localContainerEntityManagerFactoryBean.setPackagesToScan(new String[]{"com.nuke.model"});
      localContainerEntityManagerFactoryBean.setPersistenceUnitName("nuke");
      HibernateJpaVendorAdapter jpaVendorAdapter = new HibernateJpaVendorAdapter();
      
      jpaVendorAdapter.setGenerateDdl(false);
      jpaVendorAdapter.setShowSql(false);
      jpaVendorAdapter.setDatabasePlatform("org.hibernate.dialect.H2Dialect");
      localContainerEntityManagerFactoryBean.setJpaVendorAdapter(jpaVendorAdapter);
      return localContainerEntityManagerFactoryBean;
    }

    @Bean
    public PlatformTransactionManager jpaTransactionManager(EntityManagerFactory entityManagerFactoryBean) {
        return new JpaTransactionManager(entityManagerFactoryBean);
    } 
    
       
	@Value("${LC_NUKE_MAIL_HOST}")
	private String mailHost;
	@Value("${LC_NUKE_MAIL_USERNAME}")
	private String mailUsername;
	@Value("${LC_NUKE_MAIL_PASSWORD}")
	private String mailServerPassword;
	
    @Bean
    public AbstractActivitiConfigurer abstractActivitiConfigurer(final EntityManagerFactory entityManagerFactoryBean, final PlatformTransactionManager jpaTransactionManager) {
        return new AbstractActivitiConfigurer() {
            @Override
            public void postProcessSpringProcessEngineConfiguration(SpringProcessEngineConfiguration engine) {
            	engine.setDatabaseType("h2");
            	engine.setDataSource(inMemoryDataSource());
                engine.setTransactionManager(jpaTransactionManager);
                engine.setJpaEntityManagerFactory(entityManagerFactoryBean);
                engine.setJpaHandleTransaction(true);
                engine.setJobExecutorActivate(true);
                engine.setJpaCloseEntityManager(false);
                engine.setMailServerDefaultFrom("nucleus@lc.com");
                engine.setMailServerHost(mailHost);
                engine.setMailServerPort(587);
                engine.setMailServerUsername(mailUsername);
                engine.setMailServerPassword(mailServerPassword);
                engine.setMailServerUseSSL(true);
                engine.setMailServerUseTLS(true);
                engine.setRepositoryService(repositoryService());
                engine.setTaskService(taskService());
                engine.setManagementService(managementService());
                engine.setRuntimeService(runtimeService());
                engine.setIdentityService(identityService());
                engine.setHistoryService(historyService());
                engine.setHistoryLevel(HistoryLevel.AUDIT);
                Resource[] processResources = new Resource[1] ;
                Resource underwritingQueueProcess = new ClassPathResource("diagrams/underwriting_queue.bpmn");
                processResources[0]=underwritingQueueProcess;
                engine.setDeploymentResources(processResources);
                engine.setConfigurators(new ArrayList<ProcessEngineConfigurator>(Arrays.asList(ldapConfigurator)));
                engine.setDatabaseSchemaUpdate(ProcessEngineConfiguration.DB_SCHEMA_UPDATE_TRUE);
            }
        };
    }
    
    @Bean
    public RepositoryServiceImpl repositoryService(){
    	RepositoryServiceImpl repositoryService = new RepositoryServiceImpl();
    	return repositoryService;
    }
    
    @Bean
    public TaskServiceImpl taskService(){
    	TaskServiceImpl taskService = new TaskServiceImpl();
    	return taskService;
    }
    
    @Bean
    public ManagementServiceImpl managementService(){
    	ManagementServiceImpl managementService = new ManagementServiceImpl();
    	return managementService;
    }
    
    @Bean
    public RuntimeServiceImpl runtimeService(){
    	RuntimeServiceImpl runtimeService = new RuntimeServiceImpl();
    	return runtimeService;
    }
    
    @Bean
    public HistoryServiceImpl historyService(){
    	HistoryServiceImpl historyService = new HistoryServiceImpl();
    	return historyService;
    }
    
    @Bean
    public IdentityServiceImpl identityService(){
    	IdentityServiceImpl identityService = new IdentityServiceImpl();
    	return identityService;
    }
    
    @Bean
    public ActivitiRule activityRule(ProcessEngineConfigurationImpl abstractActivitiConfigurer){
    	ActivitiRule activityRule = new ActivitiRule();
    	activityRule.setProcessEngineConfiguration(abstractActivitiConfigurer);
    	return activityRule;
    }
}

2.2 LDAP Configuration Annotations User Test

package com.nuke.activiti.ldap;

import static org.junit.Assert.*;

import org.activiti.engine.identity.User;
import org.activiti.engine.test.ActivitiRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;

import com.nuke.config.ActivitConfiguration;

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(classes=ActivitConfiguration.class)
public class SpringLDAPUserTest {

	@Autowired
	@Rule
	public ActivitiRule activitiSpringRule;
	
	@Test
	public void testCheckLogin() {
		boolean validated = activitiSpringRule.getIdentityService().checkPassword("kermit", "kermit");
		assertTrue(validated);
	}
	
	@Test
	public void testCheckLoginFailure() {
		boolean validated = activitiSpringRule.getIdentityService().checkPassword("kermit", "kermit2");
		assertFalse(validated);
	}
	
	@Test
	public void findUserById() throws Exception {
		User user = activitiSpringRule.getIdentityService().createUserQuery().userId("kermit").singleResult();
		assertNotNull(user);
		assertEquals("kermit", user.getId());
		assertEquals("kermit", user.getLastName());
	}

}

2.3 LDAP Configuration Annotations Group Test

package com.nuke.activiti.ldap;

import static org.junit.Assert.*;

import java.util.List;

import org.activiti.engine.identity.Group;
import org.activiti.engine.test.ActivitiRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;

import com.nuke.config.ActivitConfiguration;

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(classes=ActivitConfiguration.class)
public class SpringLDAPGroupTest {

	@Autowired
	@Rule
	public ActivitiRule activitiSpringRule;
	
	@Test
	public void findGroupByMember() throws Exception {
		List<Group> groupList = activitiSpringRule.getIdentityService().createGroupQuery().groupMember("kermit").list();
		for (Group group : groupList){
			System.out.println(group.getName());
		}
		assertNotNull(groupList);
		assertEquals(3, groupList.size());
	}
}

Datapower Active Directory RBM Authentication

Below is good resources on setting up Datapower Active Directory for login into a Datapower Appliance:

http://asimsaddal.sys-con.com/node/1103557/mobile

Below is my version on setting up Active Directory for Datapower and it works:

Step 1: Navigate to Administration -> RBM Settings

Step 2: Make sure your Main page looks like the following:

Step 3: Navigate to the Authentication Tab

Specify your Active Directory Server Host, Port Number (default 389), LDAP version and enable Search LDAP for DN

Your Bind DN will look something like:

CN=,OU=Application Specific Resources,OU=Enterprise Configuration & Resources,DC=,DC=,DC=

Note: Set Local Login as Fallback to login to your appliance. This is for when LDAP fails you still have access to the appliance.

Your LDAP Search Parameter will looks like follows:

Your LDAP Base DN will look something like:

OU=User Accounts,DC=,DC=,DC=

Step 4: Navigate to the Credentials Tab and select Mapping Credentials Method -> xmlfile

Disable: Search LDAP for Group Name

Create a new RBM Policy URL by clicking on the + . Navigate to the wizard till u get to: Access Profile Mapping.

Your Credential Name will look something like: OU=User,OU=Business Unit,OU=User Account,DC=,DC=,DC=

LDAP Authentication with Datapower XI50

LDAP authentication can be done through the a AAA (Authentication, Authorization, and Accounting) node on a Datapower Policy. LDAP authentication can be done using Active Directory, Tivoli Directory Server or TIM/TAM and many more open source LDAP applications. The first step is to add the AAA node to your policy:

Configure your AAA node by dubble clicking on the node and creating a new AAA policy. The settings below was for Tivoli Directory Server.