You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Spring Security Plugin (1.1 SNAPSHOT)

This page describes how to enable Federation for a Spring Security based Web Application. Spring Security provides more authorization capabilities than defined in the Java Servlet specification. Beyond authorizing web requests Spring Security supports authorizing whether methods can be invoked and authorizing access to individual domain object instances. Further, Spring Security supports two deployment options. On the one hand, authentication and authorization is enforced by the underlying Servlet Container or on the other hand by Spring Security embedded with the application. The former ensures that the application is only called if authentication is successful. This can be controlled by an administrator/operator. This option is called Pre-Authentication. The latter gives all the control to the application developer and removes the dependency to security configuration in the Servlet Container. This simplifies deploying an application into different Serlvet Container environments.

Both options are valid and it mainly depends on the policies/requirements within a company which is a better fit. Questions to be answered are: Who should manage the security enforcement (Application developer, Administrator)? Do you have to deploy the application into different Servlet Container environments?

Prior to doing this configuration, make sure you've first deployed the Fediz IDP and STS on the Tomcat IDP instance as discussed here, and can view the STS WSDL at the URL given on that page.

Installation

You can either build the Fediz plugin on your own, download the package here or add the dependency to your Maven project. If you have built the plugin on your own you'll find the required libraries in plugins/spring/target/...zip-with-dependencies.zip

It's recommended to use Maven to resolve all the dependencies as illustrated in the two examples springWebapp and springPreAuthWebapp. Each example contains a README with instructions for building and deployment.

Configure Web Application (Pre-Authentication)

The role of the Fediz Spring plugin in the case of Servlet Container managed security is to adapt the security context of the Servlet Container to the Spring Security Context. This allows to configure authorization for web requests and method calls based on Spring Security.

Fediz Plugin configuration for Your Web Application

The Fediz related configuration is done in a Servlet Container independent configuration file which is described here.

Web Application deployment

Deploy your Web Application to your Jetty installation (<jetty.home>/webapps). If you're running the Fediz examples, their README files will have instructions on how to do this.

Federation Metadata document

The Jetty Fediz plugin supports publishing the WS-Federation Metadata document which is described here.

  • No labels