...
Prior to doing this configuration, make sure you've first deployed the Fediz IDP and STS on the Tomcat IDP instance as discussed here, and can view the STS WSDL at the URL given on that page.
...
The following configuration snippets illustrate the Fediz related configuration. The complete configuration file can be found in the example springPreAuthWebapp.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<bean id="preAuthenticatedUserDetailsService" class="org.apache.cxf.fediz.spring.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService"/> <bean id="j2eePreAuthFilter" class="org.apache.cxf.fediz.spring.preauth.FederationPreAuthenticatedProcessingFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationDetailsSource"> <bean class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"> <property name="mappableRolesRetriever"> <bean class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever" /> </property> <property name="userRoles2GrantedAuthoritiesMapper"> <bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper"> <property name="convertAttributeToUpperCase" value="true"/> </bean> </property> </bean> </property> </bean> <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/> <property name="securityMetadataSource"> <sec:filter-invocation-definition-source> <sec:intercept-url pattern="/secure/manager/**" access="ROLE_MANAGER"/> <sec:intercept-url pattern="/secure/admin/**" access="ROLE_ADMIN"/> <sec:intercept-url pattern="/secure/user/**" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER"/> <sec:intercept-url pattern="/secure/fedservlet" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER,ROLE_AUTHENTICATED"/> </sec:filter-invocation-definition-source> </property> </bean> |
...
The following configuration snippets illustrate the Fediz related configuration. The complete configuration file can be found in the example springWebapp.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<sec:http entry-point-ref="federationEntryPoint" use-expressions="true"> <sec:intercept-url pattern="/" access="permitAll"/> <sec:intercept-url pattern="/fediz" access="permitAll"/> <sec:intercept-url pattern="/index.html" access="permitAll"/> <sec:intercept-url pattern="/secure/fedservlet" access="isAuthenticated()"/> <sec:intercept-url pattern="/secure/manager/**" access="hasRole('ROLE_MANAGER')"/> <sec:intercept-url pattern="/secure/admin/**" access="hasRole('ROLE_ADMIN')"/> <sec:intercept-url pattern="/secure/user/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_MANAGER')"/> <sec:custom-filter ref="federationFilter" after="BASIC_AUTH_FILTER" /> <sec:session-management session-authentication-strategy-ref="sas"/> </sec:http> <sec:authentication-manager alias="authManager"> <sec:authentication-provider ref="federationAuthProvider" /> </sec:authentication-manager> <bean id="fedizConfig" class="org.apache.cxf.fediz.spring.FederationConfigImpl" init-method="init" p:configFile="WEB-INF/fediz_config.xml" /> <bean id="federationEntryPoint" class="org.apache.cxf.fediz.spring.web.FederationAuthenticationEntryPoint" p:federationConfig-ref="fedizConfig" /> <bean id="federationFilter" class="org.apache.cxf.fediz.spring.web.FederationAuthenticationFilter" p:authenticationManager-ref="authManager"> <property name="authenticationFailureHandler"> <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" /> </property> </bean> <bean id="federationAuthProvider" class="org.apache.cxf.fediz.spring.authentication.FederationAuthenticationProvider" p:federationConfig-ref="fedizConfig"> <property name="authenticationUserDetailsService"> <bean class="org.apache.cxf.fediz.spring.authentication.GrantedAuthoritiesUserDetailsFederationService"/> </property> </bean> |
...