Announcement Announcement Module
Collapse
No announcement yet.
WAS 7 preauthentication followed by Spring Security 3.1 authorization Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • WAS 7 preauthentication followed by Spring Security 3.1 authorization

    I am trying to perform Authentication through container managed Websphere Application Server 7.0 security that has LDAP Active directory configured for users. On successful authentication Spring Security should take over and call my custom authentication manager to retrieve all the functionalities accessible to the user from security database.


    I tried to use WebSpherePreAuthenticatedProcessingFilter, but I am not able to successfully authenticate. I did follow the threads to remove the UNAUTHENTICATED problem by extending the WebSpherePreAuthenticatedProcessingFilter.

    Do I need to configure anything additional in Application Server side.

    If anybody has successfully done this integration then please help me.


    Please let me know if I am missing anything. My security context file is as follows:
    <bean id="filterChainProxy" class="org.springframework.security.web.FilterChai nProxy">
    <sec:filter-chain-map path-type="ant">
    <sec:filter-chain pattern="/**" filters="
    securityContextPersistenceFilter,
    webspherePreAuthFilter,
    logoutFilter,
    anonymousProcessingFilter,
    exceptionTranslationFilter,
    filterSecurityInterceptor" />
    </sec:filter-chain-map>
    </bean>

    <!-- <sec:authentication-manager alias="authenticationManager" /> -->

    <bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.Se curityContextPersistenceFilter"/>

    <bean id="authenticationManager" class="org.springframework.security.authentication .ProviderManager">
    <property name="providers">
    <list>
    <ref local="preAuthenticatedAuthenticationProvider" />
    </list>
    </property>
    </bean>

    <bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.web.authentica tion.preauth.PreAuthenticatedAuthenticationProvide r">
    <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService" />
    </bean>

    <bean id="preAuthenticatedUserDetailsService"
    class="org.springframework.security.web.authentica tion.preauth.PreAuthenticatedGrantedAuthoritiesUse rDetailsService" />

    <bean id="webspherePreAuthFilter" class="com.cas.fw.CustomWebSpherePreAuthenticatedP rocessingFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationDetailsSource" ref="authenticationDetailsSource"/>
    </bean>

    <bean id="authenticationDetailsSource" class="org.springframework.security.web.authentica tion.preauth.websphere.WebSpherePreAuthenticatedWe bAuthenticationDetailsSource">
    <property name="webSphereGroups2GrantedAuthoritiesMapper" ref="websphereUserGroups2GrantedAuthoritiesMapper" />
    </bean>

    <bean id="websphereUserGroups2GrantedAuthoritiesMapper" class="org.springframework.security.core.authority .mapping.SimpleAttributes2GrantedAuthoritiesMapper ">
    <property name="convertAttributeToUpperCase" value="true" />
    </bean>

    <bean id="servletContext" class="org.springframework.web.context.support.Ser vletContextFactoryBean"/>

    <!-- Note the construction of the logout filter differs from most others -->
    <bean id="logoutFilter" class="org.springframework.security.web.authentica tion.logout.LogoutFilter">
    <!-- the post-logout destination -->
    <constructor-arg value="/"/>
    <constructor-arg ref="logoutHandler"/>
    <property name="filterProcessesUrl" value="/j_spring_security_logout" />
    </bean>

    <bean id="logoutHandler" class="org.springframework.security.web.authentica tion.logout.SecurityContextLogoutHandler"/>

    <bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.Exc eptionTranslationFilter">
    <property name="authenticationEntryPoint" ref="loginUrlAuthenticationEntryPoint"/>
    <property name="accessDeniedHandler" ref="accessDeniedHandler"/>
    </bean>

    <!-- <bean id="preAuthenticatedProcessingFilterEntryPoint" class="org.springframework.security.web.authentica tion.Http403ForbiddenEntryPoint" /> -->

    <bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentica tion.LoginUrlAuthenticationEntryPoint" >
    <constructor-arg name="loginFormUrl" value="/login.jsp"/>
    <property name="forceHttps" value="true" />
    </bean>

    <bean id="accessDeniedHandler" class="org.springframework.security.web.access.Acc essDeniedHandlerImpl">
    <property name="errorPage" value="/error.jsp"/>
    </bean>

    <bean id="anonymousProcessingFilter" class="org.springframework.security.web.authentica tion.AnonymousAuthenticationFilter">
    <!-- Both of these are required -->
    <!-- username, default role -->
    <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
    <!-- randomly generated key -->
    <property name="key" value="BF93JFJ091N00Q7HF"/>
    </bean>

    <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.int ercept.FilterSecurityInterceptor">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
    <property name="securityMetadataSource">
    <!-- SEC-1256 -->
    <sec:filter-security-metadata-source use-expressions="true">
    <sec:intercept-url pattern="/login" access='permitAll'/>
    <sec:intercept-url pattern="/images/**" access='permitAll'/>
    <sec:intercept-url pattern="/css/**" access='permitAll'/>
    <sec:intercept-url pattern="/login.jsp" access='permitAll'/>
    <sec:intercept-url pattern="/js/**" access='permitAll'/>
    <sec:intercept-url pattern="/**" access='fullyAuthenticated' />
    </sec:filter-security-metadata-source>
    </property>
    </bean>

    <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.Af firmativeBased">
    <property name="allowIfAllAbstainDecisions" value="false"/>
    <property name="decisionVoters">
    <list>
    <ref bean="roleVoter"/>
    <ref bean="expressionVoter"/>
    </list>
    </property>
    </bean>
    <bean class="org.springframework.security.access.vote.Ro leVoter" id="roleVoter"/>
    <!-- Used for expressions -->
    <bean class="org.springframework.security.web.access.exp ression.DefaultWebSecurityExpressionHandler" id="expressionHandler"/>
    <bean class="org.springframework.security.web.access.exp ression.WebExpressionVoter" id="expressionVoter">
    <property name="expressionHandler" ref="expressionHandler"/>
    </bean>

    <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.servletapi .SecurityContextHolderAwareRequestFilter"/>
Working...
X