...
The following configuration snippets illustrate the Fediz related configuration. The complete configuration file can be found in the example springPreAuthWebapp.
| Code Block | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| |||||||||
<bean id="preAuthenticatedUserDetailsService"
class="org.apache.cxf.fediz.spring.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService"/>
<bean id="j2eePreAuthFilter" class="org.apache.cxf.fediz.spring.preauth.FederationPreAuthenticatedProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationDetailsSource">
<bean class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
<property name="mappableRolesRetriever">
<bean class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever" />
</property>
<property name="userRoles2GrantedAuthoritiesMapper">
<bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">
<property name="convertAttributeToUpperCase" value="true"/>
</bean>
</property>
</bean>
</property>
</bean>
<bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
<property name="securityMetadataSource">
<sec:filter-invocation-definition-source>
<sec:intercept-url pattern="/secure/manager/**" access="ROLE_MANAGER"/>
<sec:intercept-url pattern="/secure/admin/**" access="ROLE_ADMIN"/>
<sec:intercept-url pattern="/secure/user/**" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER"/>
<sec:intercept-url pattern="/secure/fedservlet" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER,ROLE_AUTHENTICATED"/>
</sec:filter-invocation-definition-source>
</property>
</bean>
|
...
The following configuration snippets illustrate the Fediz related configuration. The complete configuration file can be found in the example springWebapp.
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<sec:http entry-point-ref="federationEntryPoint" use-expressions="true">
<sec:intercept-url pattern="/" access="permitAll"/>
<sec:intercept-url pattern="/fediz" access="permitAll"/>
<sec:intercept-url pattern="/index.html" access="permitAll"/>
<sec:intercept-url pattern="/secure/fedservlet" access="isAuthenticated()"/>
<sec:intercept-url pattern="/secure/manager/**" access="hasRole('ROLE_MANAGER')"/>
<sec:intercept-url pattern="/secure/admin/**" access="hasRole('ROLE_ADMIN')"/>
<sec:intercept-url pattern="/secure/user/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_MANAGER')"/>
<sec:custom-filter ref="federationFilter" after="BASIC_AUTH_FILTER" />
<sec:session-management session-authentication-strategy-ref="sas"/>
</sec:http>
<sec:authentication-manager alias="authManager">
<sec:authentication-provider ref="federationAuthProvider" />
</sec:authentication-manager>
<bean id="fedizConfig" class="org.apache.cxf.fediz.spring.FederationConfigImpl" init-method="init"
p:configFile="WEB-INF/fediz_config.xml" />
<bean id="federationEntryPoint"
class="org.apache.cxf.fediz.spring.web.FederationAuthenticationEntryPoint"
p:federationConfig-ref="fedizConfig" />
<bean id="federationFilter"
class="org.apache.cxf.fediz.spring.web.FederationAuthenticationFilter"
p:authenticationManager-ref="authManager">
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" />
</property>
</bean>
<bean id="federationAuthProvider" class="org.apache.cxf.fediz.spring.authentication.FederationAuthenticationProvider"
p:federationConfig-ref="fedizConfig">
<property name="authenticationUserDetailsService">
<bean class="org.apache.cxf.fediz.spring.authentication.GrantedAuthoritiesUserDetailsFederationService"/>
</property>
</bean>
|
...