To integrate spring security with the enterprise application you need to add one filter to your web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
DelegatingFilterProxy is a spring class which delegates all intercepted http request to the bean name same as filter name (in this case to the bean name springSecurityFilterChain) configured in the global spring context. Global spring context can be configured by adding the following lines in the web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:Main-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
The bean with name springSecurityFilterChain can be created automatically by adding the following lines in the spring context file
<http auto-config='true'><intercept-url pattern="/**" access="ROLE_USER" />
</http>
There are few more namespace that you need to add to tell which database provider to use for authentication. These namespace configuration automatically create the required beans.
The other way to use spring authentication is to create all the beans manually. I prefer this way it actually help to customize spring security as per your needs. Example, to create springSecurityFilterChain bean you need to add following line in your context file <b:bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<b:property name="filterInvocationDefinitionSource">
<b:value><![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login.jsp=#NONE#
/**/*.jsp=concurrentSessionFilter,httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter, filterInvocationInterceptor, securityTransalationFilter
]]></b:value>
</b:property>
</b:bean>
In this way you have you specify all the names of the filter beans from which you want a particular web request need to pass. For all the beans name you specify in this method, you have to create a beans with same using spring bean classes or you can also add your custom bean by extending your bean class with .
Spring security for authentication provide the following filters
- ChannelProcessingFilter
- ConcurrentSessionFilter
- HttpSessionContextIntegrationFilter
- LogoutFilter
- X509PreAuthenticatedProcessigFilter
- AbstractPreAuthenticatedProcessingFilter
- CasProcessingFilter
- AuthenticationProcessingFilter
- BasicProcessingFilter
- SecurityContextHolderAwareRequestFilter
- RememberMeProcessingFilter
- AnonymousProcessingFilter
- ExceptionTranslationFilter
- NtlmProcessingFilter
- FilterSecurityInterceptor
- SwitchUserProcessingFilter
Each of these filter have there own task as suggested by there name. Note you need to add them in filter chain in a sequence as suggested by there position attribute.
No comments:
Post a Comment