Announcement Announcement Module
No announcement yet.
Delegating to a JBoss conainer with a SPNEGO domain Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Delegating to a JBoss conainer with a SPNEGO domain


    I've inherited a grails 1.1.1 application that uses spring 2.5.6 and spring security 2.0.4 within JBoss 5.1. I am not allowed to upgrade to spring 3.0 or change the application server.

    Our JBoss (on RHEL) is configured with a security domain that successfully accomplishes SSO via SPNEGO/Kerberos against Active Directory and also loads the user principal's roles from AD.

    The application currently uses spring security to configure CAS authentication. My task is to change the spring security configuration to make the application use the JBoss container's SPNEGO/Kerberos against MS AD. I don't know how to do this.

    I know spring security 2.0.x has container adapters, but the only JBoss adapter I could find was built against JBoss 3. Knowing that the JBoss team went to their microkernel architecture from 4 -> 5, I haven't even attempted this route.

    My best lead right now is to configure spring security to use the PreAuthenticatedEntryPoint and - somewhere within its configuration - write my own custom role & granted authtorities mappers that grab the current principal and his AD roles and map that to a spring Authentication and its GrantedAuthorities.

    Will this work? Has anyone done this before? Or, does someone have a better idea for how I might delegate authentication to the JBoss container? Ideally, I'm asking which spring interfaces I should be implementing and what the spring configuration would look like.

    I have been trying to follow this example: but the application fails to deploy because spring complains about beans not being defined - even though the bean is totally defined! For example, it might complain about bean "authenticationDetailsSource" not being defined, but you can see in the example configuration file in that URL that there is absolutely a bean with id "authenticationDetailsSource" defined!

    Please, please, help. Even if you don't have the full answer - if you know something about this problem, please post it!

    Thanks so much!

  • #2
    You have probably forgotten to inject the bean into one that requires it. Just because there is one in the application context, Spring won't automatically use it. If you post the actual stacktrace, then we can probably tell you which one it is.