Versions Compared

Old Version 3

changes.mady.by.user Oliver Wulff

Saved on

compared with

New Version 4

changes.mady.by.user Oliver Wulff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Fediz related configuration is done in a Servlet Container independent configuration file which is described here.

Spring Security Configuration

The following configuration snippets illustrate the Fediz related configuration. The complete configuration file can be found in the example springPreAuthWebapp.

Code Block
xml
xml
titleapplicationContext-security.xml
borderStyle

Web Application deployment

...

solid


    <bean id="preAuthenticatedUserDetailsService"
            class="org.apache.cxf.fediz.spring.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService"/>    
    
    <bean id="j2eePreAuthFilter" class="org.apache.cxf.fediz.spring.preauth.FederationPreAuthenticatedProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationDetailsSource">
            <bean class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
                <property name="mappableRolesRetriever">
                    <bean class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever" />
                </property>
                <property name="userRoles2GrantedAuthoritiesMapper">
                    <bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">
                        <property name="convertAttributeToUpperCase" value="true"/>
                    </bean>
                </property>
            </bean>
        </property>
    </bean>

    <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
        <property name="securityMetadataSource">
            <sec:filter-invocation-definition-source>
                <sec:intercept-url pattern="/secure/manager/**" access="ROLE_MANAGER"/>
                <sec:intercept-url pattern="/secure/admin/**" access="ROLE_ADMIN"/>
                <sec:intercept-url pattern="/secure/user/**" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER"/>
                <sec:intercept-url pattern="/secure/fedservlet" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER,ROLE_AUTHENTICATED"/>
            </sec:filter-invocation-definition-source>
        </property>
    </bean>

The beans preAuthenticatedUserDetailsService and j2eePreAuthFilter are required to provide the Fediz related security information (claims, login token) to the Spring Security Context. The bean fsi defines the authorization for the web requests which looks similar to security constraints definition in web.xml.

The following code snippet of the FederationServlet example illustrates how to get access to the Spring Security Context of the current user.

Code Block
titleFederationServlet.java
borderStylesolid

    Authentication obj = SecurityContextHolder.getContext().getAuthentication();

The Authentication object can be casted to the FederationAuthentiationToken which provides access to Claims, login token, etc.

Web Application deployment

Federation Metadata document

...