Announcement Announcement Module
Collapse
No announcement yet.
multiple security:custom-authentication-provider Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • multiple security:custom-authentication-provider

    In applicationContext.xml, it is valid to defined multiple security:custom-authentication-provider ?

    for example

    <bean id="dummyAuthenticationProvider" class="com.user.sample.gwtspring.server.security.J DBCDummyAuthenticationProvider"> <security:custom-authentication-provider /> </bean>

    <bean id="dummyAuthenticationProvider2" class="com.user.sample.gwtspring.server.security.O penIdDummyAuthenticationProvider2"> <security:custom-authentication-provider /> </bean>

    will both be registered inside authenticationManager? I am thinking of using dummyAuthenticationProvider2 as openId. what other metaconfig i need to put inside applicationContext.xml?


    any demo sample on using <security:custom-authentication-provider /> with openID ? i came across few openid example ,but it's really long solution required to register with authenticationManager..etc.

  • #2
    I think the answer is "yes".

    Just a few more details here.

    I modified an open source project (JasperServer) using multiple AuthenticationProviders of my choice, but that was using classic Spring beans, not the Spring Security XSD-based namespace. It can be done either way. The good news is, it worked for me.

    Comment


    • #3
      Multiple auth mechanisms

      @Bron, is there any chance you could post your spring-security.xml. I'm trying to do what you describe you have done in yoru app. I want different auth providers for different URL patterns ) -- X509 auth for HttpClientInvoker URLs (e.g. /webinvoke/* ) and Password or X509 for normal web URLs (e.g. /admin/*) .

      I'm still a bit confused about which filters I need and which I don't need.

      Comment


      • #4
        Code posting

        OK, this is huge, but the original was bigger (900+ lines). I deleted a bunch of unrelated stuff, so it should be thoroughly broken but communicate the basics. It uses ACEGI Security instead of Spring Security, so it would require some modifications.

        I modified the original to allow CAS authentication, but if you want to see the original code, just download JasperServer, and look at applicationContext-security.xml. I believe the original file also used multiple AuthenticationProviders.

        Code:
        <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
          <property name="filterInvocationDefinitionSource">
            <value>
              CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
              PATTERN_TYPE_APACHE_ANT
              /xmla=httpSessionContextIntegrationFilter,basicProcessingFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,basicAuthExceptionTranslationFilter,filterInvocationInterceptor
              /services/**=httpSessionContextIntegrationFilter,portletAuthenticationProcessingFilter,basicProcessingFilter,passwordExpirationProcessingFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,basicAuthExceptionTranslationFilter,filterInvocationInterceptor
              /**=httpSessionContextIntegrationFilter,userPreferencesFilter,casProcessingFilter,userPreferencesFilter,basicProcessingFilter,requestParameterAuthenticationFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,switchUserProcessingFilter
            </value>
          </property>
        </bean>
        
         <!-- updater bean to insert a filter -->
        <bean id="insertFilter" class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdaterDefinition">
          <property name="order" value="10"/>
          <property name="beanName" value="filterChainProxy"/>
          <property name="propertyName" value="filterInvocationDefinitionSource"/>
          <property name="operation" value="insert"/>
        </bean>
        
        <!-- ======================== AUTHENTICATION ======================= -->
        <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
          <property name="providers">
            <list>
              <ref local="daoAuthenticationProvider"/>
              <ref local="anonymousAuthenticationProvider"/>
              <ref bean="casAuthenticationProvider"/>
            </list>
          </property>
        </bean>
          
        <!-- Begin CAS Authentication Configuration -->
        <bean id="casAuthenticationProvider" class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
          <property name="casAuthoritiesPopulator" ref="casAuthoritiesPopulator" />
          <property name="casProxyDecider" ref="casProxyDecider" />
          <property name="ticketValidator" ref="casProxyTicketValidator" />
          <property name="statelessTicketCache" ref="statelessTicketCache" />
          <property name="key" value="my_password_for_this_auth_provider_only" />
        </bean>
        <bean id="casAuthoritiesPopulator" class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator"> 
          <property name="userDetailsService" ref="userAuthorityService" /> 
        </bean> 
        <bean id="casProxyDecider" class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets" /> 
        <bean id="statelessTicketCache" class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache"> 
          <property name="cache" ref="ticketCacheBackend" /> 
        </bean> 
        <bean id="ticketCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean"> 
          <property name="cacheManager" ref="cacheManager" /> 
          <property name="cacheName" value="ticketCache" /> 
        </bean> 
        <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" /> 
        <bean id="serviceProperties" class="org.acegisecurity.ui.cas.ServiceProperties"> 
          <property name="service" value="${server.address}/jasperserver/j_acegi_cas_security_check" /> 
          <property name="sendRenew" value="false" /> 
        </bean> 
        <bean id="casProxyTicketValidator" class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator"> 
          <property name="casValidate" value="${cas.server.address}/cas/proxyValidate" /> 
          <property name="proxyCallbackUrl" value="${server.address}/jasperserver/casProxy/receptor" /> 
          <property name="serviceProperties" ref="serviceProperties" />
        </bean> 
        <bean id="casProcessingFilter" class="org.acegisecurity.ui.cas.CasProcessingFilter"> 
          <property name="authenticationManager" ref="authenticationManager" /> 
          <property name="authenticationFailureUrl" value="/login.html?error=1" /> 
          <property name="defaultTargetUrl" value="/" />
          <property name="filterProcessesUrl" value="/j_acegi_cas_security_check" /> 
        </bean> 
        <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> 
          <property name="authenticationEntryPoint"><ref local="casProcessingFilterEntryPoint"/></property> 
        </bean> 
        <bean id="casProcessingFilterEntryPoint" class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint"> 
          <property name="loginUrl" value="${cas.server.address}/cas/login" /> 
          <property name="serviceProperties" ref="serviceProperties" /> 
        </bean> 
        <!-- End CAS Authentication Configuration -->
          
        <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
          <property name="userDetailsService"><ref bean="userAuthorityService"/></property>
        </bean>
        
        <bean id="passwordEncoder" class="com.jaspersoft.jasperserver.api.metadata.common.service.impl.PasswordCipherer">
          <property name="allowEncoding"><value>false</value></property>
          <property name="keyInPlainText"><value>false</value></property>
          <property name="secretKey"><value>0xC8 0x43 0x29 0x49 0xAE 0x25 0x2F 0xA1 0xC1 0xF2 0xC8 0xD9 0x31 0x01 0x2C  0x52 0x54 0x0B 0x5E 0xEA 0x9E 0x37 0xA8 0x61</value></property>
          <property name="secretKeyAlgorithm"><value>DESede</value></property>
          <property name="cipherTransformation"><value>DESede/CBC/PKCS5Padding</value></property>
        </bean>
        
        <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
          <property name="key"><value>foobar</value></property>
          <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
        </bean>
        
        <bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
          <property name="key"><value>foobar</value></property>
        </bean>
        
        <bean id="JIAuthenticationSynchronizer" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthenticationProcessingFilter">
           <property name="externalUserService"><ref bean="userAuthorityService"/></property>
        </bean>
        
        <bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
          <property name="authenticationManager"><ref local="authenticationManager"/></property>
          <property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
        </bean>
        
        <bean id="passwordExpirationProcessingFilter" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.PasswordExpirationProcessingFilter">
          <property name="userService">
            <ref bean="userAuthorityService"/>
          </property>
          <property name="passwordExpirationInDays" value="0" />
        </bean>
        
        <bean id="basicAuthExceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
          <property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
        </bean>
        
        <bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
          <property name="realmName"><value>Protected Area</value></property>
        </bean>
        
        <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
          <property name="authenticationManager"><ref local="authenticationManager"/></property>
          <property name="authenticationFailureUrl"><value>/login.html?error=1</value></property>
          <property name="defaultTargetUrl"><value>/loginsuccess.html</value></property>
          <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
        </bean>
        
        <bean id="requestParameterAuthenticationFilter" class="com.jaspersoft.jasperserver.war.util.RequestParameterAuthenticationFilter">
          <property name="authenticationManager"><ref local="authenticationManager"/></property>
          <property name="authenticationFailureUrl"><value>/loginerror.html</value></property>
          <property name="excludeUrls">
            <list>
              <value>/j_acegi_switch_user</value>
            </list>
          </property>
        </bean>
        
        <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
          <property name="loginFormUrl"><value>/login.html</value></property>
          <property name="forceHttps"><value>false</value></property>
        </bean>

        Comment


        • #5
          Acegi to Spring 2.0

          Thanks allot! I have a fairly similar one from acegi that I'm trying to convert over to spring-security 2.0.

          I have found a more recent example, which is the fully expanded alternative to <http>:
          http://www.josso.org/confluence/disp...ng+application
          Last edited by honeybunny; Jun 11th, 2009, 06:27 PM. Reason: update

          Comment

          Working...
          X