...
The following configuration snippets illustrate the Fediz related configuration. The complete configuration file can be found in the example springPreAuthWebapp.
Code Block | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
<bean id="preAuthenticatedUserDetailsService" class="org.apache.cxf.fediz.spring.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService"/> <bean id="j2eePreAuthFilter" class="org.apache.cxf.fediz.spring.preauth.FederationPreAuthenticatedProcessingFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationDetailsSource"> <bean class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"> <property name="mappableRolesRetriever"> <bean class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever" /> </property> <property name="userRoles2GrantedAuthoritiesMapper"> <bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper"> <property name="convertAttributeToUpperCase" value="true"/> </bean> </property> </bean> </property> </bean> <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/> <property name="securityMetadataSource"> <sec:filter-invocation-definition-source> <sec:intercept-url pattern="/secure/manager/**" access="ROLE_MANAGER"/> <sec:intercept-url pattern="/secure/admin/**" access="ROLE_ADMIN"/> <sec:intercept-url pattern="/secure/user/**" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER"/> <sec:intercept-url pattern="/secure/fedservlet" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER,ROLE_AUTHENTICATED"/> </sec:filter-invocation-definition-source> </property> </bean> |
...
The following configuration snippets illustrate the Fediz related configuration. The complete configuration file can be found in the example springWebapp.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<sec:http entry-point-ref="federationEntryPoint" use-expressions="true"> <sec:intercept-url pattern="/" access="permitAll"/> <sec:intercept-url pattern="/fediz" access="permitAll"/> <sec:intercept-url pattern="/index.html" access="permitAll"/> <sec:intercept-url pattern="/secure/fedservlet" access="isAuthenticated()"/> <sec:intercept-url pattern="/secure/manager/**" access="hasRole('ROLE_MANAGER')"/> <sec:intercept-url pattern="/secure/admin/**" access="hasRole('ROLE_ADMIN')"/> <sec:intercept-url pattern="/secure/user/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_MANAGER')"/> <sec:custom-filter ref="federationFilter" after="BASIC_AUTH_FILTER" /> <sec:session-management session-authentication-strategy-ref="sas"/> </sec:http> <sec:authentication-manager alias="authManager"> <sec:authentication-provider ref="federationAuthProvider" /> </sec:authentication-manager> <bean id="fedizConfig" class="org.apache.cxf.fediz.spring.FederationConfigImpl" init-method="init" p:configFile="WEB-INF/fediz_config.xml" /> <bean id="federationEntryPoint" class="org.apache.cxf.fediz.spring.web.FederationAuthenticationEntryPoint" p:federationConfig-ref="fedizConfig" /> <bean id="federationFilter" class="org.apache.cxf.fediz.spring.web.FederationAuthenticationFilter" p:authenticationManager-ref="authManager"> <property name="authenticationFailureHandler"> <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" /> </property> </bean> <bean id="federationAuthProvider" class="org.apache.cxf.fediz.spring.authentication.FederationAuthenticationProvider" p:federationConfig-ref="fedizConfig"> <property name="authenticationUserDetailsService"> <bean class="org.apache.cxf.fediz.spring.authentication.GrantedAuthoritiesUserDetailsFederationService"/> </property> </bean> |
...