Announcement Announcement Module
Collapse
No announcement yet.
Injecting a single filter into the filter chain Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Injecting a single filter into the filter chain

    The situation I have is that we have internal roles to our web application that are too generic to publish externally, and we are stubbing out to allow administrators to use LDAP to define users and rights. We are providing three role names that control access to parts of the system, but these names are not the same names that our system uses internally. As an example, the global names could be GLOBAL_ADMIN, GLOBAL_USER, GLOBAL_GUEST. The matching internal names could be LOCAL_ADMIN, LOCAL_USER, LOCAL_GUEST. Nevermind that a simple rule in this case would be to replace the prefix, and assume some more complex logic needs to be applied to translate the global name to a local name.

    Our existing pages already are wired for the local names, such that jsp pages have blocks of code that say: if (request.isUserInRole("LOCAL_ADMIN") { ... }

    I am not changing the jsp pages right now--I'm simply replacing our current Tomcat authentication scheme with spring-security, with a possible authentication implementation of LDAP.

    So what I need is a way intercept the calls to "isUserInRole", look up the global equivalent of the role name provided, and validate on the global role instead.

    I think this can be done with a custom filter. I read this article here, and it has something similar to this entry:

    HTML Code:
        <beans:bean id="filterChainProxy"
                    class="org.springframework.security.web.FilterChainProxy">
            <filter-chain-map path-type="ant">
                <filter-chain pattern="/login.jsp*" filters="none"/>
                <filter-chain pattern="/**" filters="securityContextFilter,logoutFilter,
                   formLoginFilter,requestCacheFilter,servletApiFilter, 
                   anonFilter,sessionMgmtFilter,exceptionTranslator,filterSecurityInterceptor"/>
            </filter-chain-map>
        </beans:bean>
    All I want to do is inject one filter, but this example confuses me. That is a great many filters, and some of them are custom as I see in the article. But what entry do I need to just inject a single filter that keeps the filter chain in all other ways intact?

  • #2
    Hi,
    Please read the "3.3.5 Adding in Your Own Filters" section of spring security reference guide. It explains how you can add your own filter.

    Example from the reference guide,

    Code:
    <http>
         <custom-filter position="FORM_LOGIN_FILTER" ref="myFilter" />
    </http>
    
    <beans:bean id="myFilter" class="com.mycompany.MySpecialAuthenticationFilter"/>

    Comment


    • #3
      Thanks for the reply--been on vacation.

      I found the documentation hard to understand, but I did finally get something working, and with a custom FORM_LOGIN_FILTER as you've posted above. I wrapped the Authentication object with my own since I couldn't override the roles that the instance was holding. My wrapper translates the provided role names to the names that are known to my application, then everything runs smooth.

      Thanks again,

      Scott

      Comment

      Working...
      X