Versions Compared

Old Version 10

changes.mady.by.user Oliver Wulff

Saved on

compared with

New Version 11

changes.mady.by.user Oliver Wulff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

Prior to doing this configuration, make sure you've first deployed the Fediz IDP and STS on the Tomcat IDP instance as discussed here, and can view the STS WSDL at the URL given on that page.

...

The following configuration snippets illustrate the Fediz related configuration. The complete configuration file can be found in the example springPreAuthWebapp.

Code Block
xml
xml
titleapplicationContext-security.xml
borderStylesolidxml

    <bean id="preAuthenticatedUserDetailsService"
            class="org.apache.cxf.fediz.spring.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService"/>    
    
    <bean id="j2eePreAuthFilter" class="org.apache.cxf.fediz.spring.preauth.FederationPreAuthenticatedProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationDetailsSource">
            <bean class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
                <property name="mappableRolesRetriever">
                    <bean class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever" />
                </property>
                <property name="userRoles2GrantedAuthoritiesMapper">
                    <bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">
                        <property name="convertAttributeToUpperCase" value="true"/>
                    </bean>
                </property>
            </bean>
        </property>
    </bean>

    <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
        <property name="securityMetadataSource">
            <sec:filter-invocation-definition-source>
                <sec:intercept-url pattern="/secure/manager/**" access="ROLE_MANAGER"/>
                <sec:intercept-url pattern="/secure/admin/**" access="ROLE_ADMIN"/>
                <sec:intercept-url pattern="/secure/user/**" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER"/>
                <sec:intercept-url pattern="/secure/fedservlet" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER,ROLE_AUTHENTICATED"/>
            </sec:filter-invocation-definition-source>
        </property>
    </bean>

...

The following configuration snippets illustrate the Fediz related configuration. The complete configuration file can be found in the example springWebapp.

Code Block
xml
xml
titleapplicationContext-security.xml
borderStylesolidxml
    <sec:http entry-point-ref="federationEntryPoint" use-expressions="true">
        <sec:intercept-url pattern="/" access="permitAll"/>
        <sec:intercept-url pattern="/fediz" access="permitAll"/>
        <sec:intercept-url pattern="/index.html" access="permitAll"/>
        <sec:intercept-url pattern="/secure/fedservlet" access="isAuthenticated()"/>
        <sec:intercept-url pattern="/secure/manager/**" access="hasRole('ROLE_MANAGER')"/>
        <sec:intercept-url pattern="/secure/admin/**" access="hasRole('ROLE_ADMIN')"/>
        <sec:intercept-url pattern="/secure/user/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_MANAGER')"/>
        <sec:custom-filter ref="federationFilter" after="BASIC_AUTH_FILTER" />
        <sec:session-management session-authentication-strategy-ref="sas"/>
    </sec:http>

    <sec:authentication-manager alias="authManager">
        <sec:authentication-provider ref="federationAuthProvider" />
    </sec:authentication-manager>

    <bean id="fedizConfig" class="org.apache.cxf.fediz.spring.FederationConfigImpl" init-method="init"
        p:configFile="WEB-INF/fediz_config.xml" />

    <bean id="federationEntryPoint"
        class="org.apache.cxf.fediz.spring.web.FederationAuthenticationEntryPoint"
        p:federationConfig-ref="fedizConfig" />
 
    <bean id="federationFilter"
        class="org.apache.cxf.fediz.spring.web.FederationAuthenticationFilter"
        p:authenticationManager-ref="authManager">
        <property name="authenticationFailureHandler">
            <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" />
        </property>
    </bean>
    
    <bean id="federationAuthProvider" class="org.apache.cxf.fediz.spring.authentication.FederationAuthenticationProvider"
        p:federationConfig-ref="fedizConfig">
        <property name="authenticationUserDetailsService">
            <bean class="org.apache.cxf.fediz.spring.authentication.GrantedAuthoritiesUserDetailsFederationService"/>
        </property>
    </bean>

...