Announcement Announcement Module
Collapse
No announcement yet.
pre-authentication, kerberos, ldap Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • pre-authentication, kerberos, ldap

    Hi i have a scenario in which user will be pre-authenticated using kerberos provider in weblogic then user roles fetched from LDAP.

    This approch requires lots of things to work correctly so i am taking baby steps. In my first round i wanted to achive following


    1)get user name from header (like show in siteminder example)
    2) map user name to roles defined in web.xml (preauth example)


    applicationContext-security.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
    <!--
      - Sample namespace-based configuration
      -
      - $Id: applicationContext-security-ns.xml 2396 2007-12-23 16:36:44Z luke_t $
      -->
    
    <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:sec="http://www.springframework.org/schema/security"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
    
        <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
            <sec:filter-chain-map path-type="ant">
                <sec:filter-chain pattern="/**" filters="sif,siteminderFilter,logoutFilter,etf,fsi"/>
            </sec:filter-chain-map>
        </bean>
    <!-- ***************what is sec context presistance filter doing? -->
        <bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
    
    	<sec:authentication-manager alias="authenticationManager" />
    
        
    
        <bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationProvider">
            <sec:custom-authentication-provider />
            <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/>
        </bean>
    
        <bean id="preAuthenticatedUserDetailsService"
                class="org.springframework.security.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
                
        <!-- passing auth manager and auth details
        <bean id="j2eePreAuthFilter" class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
            <property name="authenticationManager" ref="authenticationManager"/>  
            <property name="authenticationDetailsSource" ref="authenticationDetailsSource"/>
        </bean>
    	-->
    	<!-- Take the user info from request, and submit to authentication Manager -->
    	<bean id="siteminderFilter"
    		      class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter">
    	    <sec:custom-filter position="PRE_AUTH_FILTER" />
    	    <property name="principalRequestHeader" value="SM_USER"/>
    	    <property name="authenticationManager" ref="authenticationManager" />
    	    <property name="authenticationDetailsSource" ref="authenticationDetailsSource"/>
    	</bean>
    	
     
     
        <bean id="preAuthenticatedProcessingFilterEntryPoint"
                class="org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint"/>
    
        <bean id="logoutFilter" class="org.springframework.security.web.logout.LogoutFilter">
            <constructor-arg value="/"/>
            <constructor-arg>
                <list>
                    <bean class="org.springframework.security.web.logout.SecurityContextLogoutHandler"/>
                </list>
            </constructor-arg>
        </bean>
    
        <bean id="authenticationDetailsSource" class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
            <property name="mappableRolesRetriever" ref="j2eeMappableRolesRetriever"/>
            <property name="userRoles2GrantedAuthoritiesMapper" ref="j2eeUserRoles2GrantedAuthoritiesMapper"/>
        </bean>
    
        <bean id="j2eeUserRoles2GrantedAuthoritiesMapper" class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">
            <property name="convertAttributeToUpperCase" value="true"/>
        </bean>
    
        <bean id="j2eeMappableRolesRetriever" class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever">
    
        <property name="webXmlInputStream"><bean factory-bean="webXmlResource" factory-method="getInputStream"/>
        </property>
        </bean>
    
        <bean id="webXmlResource" class="org.springframework.web.context.support.ServletContextResource">
            <constructor-arg ref="servletContext"/>
            <constructor-arg value="/WEB-INF/web.xml"/>
        </bean>
    
        <bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/>
    
        <bean id="etf" class="org.springframework.security.web.ExceptionTranslationFilter">
            <property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/>
        </bean>
    
        <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
            <property name="allowIfAllAbstainDecisions" value="false"/>
            <property name="decisionVoters">
                <list>
                    <ref bean="roleVoter"/>
                </list>
            </property>
        </bean>
    
        <bean id="fsi" class="org.springframework.security.web.intercept.FilterSecurityInterceptor">
            <property name="authenticationManager" ref="authenticationManager"/>
            <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
            <property name="securityMetadataSource">
                <sec:filter-invocation-definition-source>
                    <sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
                    <sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
                    <sec:intercept-url pattern="/**" access="ROLE_USER"/>
                </sec:filter-invocation-definition-source>
            </property>
        </bean>
    
    
    
      <bean id="preauthAuthProvider"
          class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
        
        <sec:custom-authentication-provider />      
        
        <property name="preAuthenticatedUserDetailsService">
          <bean id="userDetailsServiceWrapper" 
                class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper">
            <property name="userDetailsService" ref="authenticationDetailsSource"/>
          </bean>    
        </property>
    	</bean>
    	
    
    
        <bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/>
    
        <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter">
            <property name="wrapperClass" value="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestWrapper"/>
        </bean>
    
    </beans>



    I am getting following exception
    Code:
    SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterChainProxy' defined in ServletContext resource [/WEB-INF/applicationContext-security.xml]: Cannot resolve reference to bean 'siteminderFilter' while setting bean property 'filterChainMap' with key [/**] with key [1]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'siteminderFilter' defined in ServletContext resource [/WEB-INF/applicationContext-security.xml]: Initialization of bean failed; nested exception is org.springframework.beans.TypeMismatchException: Failed to convert property value of type [org.springframework.security.config.NamespaceAuthenticationManager] to required type [org.springframework.security.AuthenticationManager] for property 'authenticationManager'; nested exception is java.lang.IllegalArgumentException: Cannot convert value of type [org.springframework.security.config.NamespaceAuthenticationManager] to required type [org.springframework.security.AuthenticationManager] for property 'authenticationManager': no matching editors or conversion strategy found
    	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:288)
    	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:103)
    	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:301)
    	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:126)

  • #2
    Testing preauth

    Can you please let me know how are testing this feature (preauth).

    Thank you.

    Comment

    Working...
    X