0

I need to implement spring security for my api-controller.

-> Each page should contain a header with username (like in Siteminder?).
-> Every user has been already registered in SpringConfiguration

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
                ... gets all users from database with their authorities
}

-> For every page it's configured, which authorities a user should have

@Override
protected void configure(HttpSecurity http) throws Exception { 
        http.authorizeRequests()
            .antMatchers("**/Pagename/**").hasAuthority("authorityName");
    }

I cannot understand now, what should I add to make the program read a username from page header. RequestHeaderAuthenticationFilter? Another kind of filter?

The other question is if you could give me a link to tutorial/examle how to build it in without using XML.

user2957954
  • 1,221
  • 2
  • 18
  • 39
  • I found a good configuration example: http://stackoverflow.com/questions/22844236/spring-security-java-config-for-siteminder – user2957954 May 07 '15 at 08:37

2 Answers2

0

try to put the following JSTL where you need to get the username "${pageContext.request.remoteUser}"

Alaa Abuzaghleh
  • 1,023
  • 6
  • 11
-1

take a look at This Guide : Hello Spring Security Java Config

Neeraj Verma
  • 330
  • 2
  • 6
BH-Ayb
  • 1
  • 2
  • How does it help me? There are no examples with username in the page-header and filters. The other stuff, as you see above, I have already implemented by myself. – user2957954 May 06 '15 at 15:53
  • if you need userName ((HttpServletRequest)request).getUserPrincipal().getName() if you need authorities SecurityContextHolder.getContext().getAuthentication().getAuthorities() a link to the first method is in that guide – BH-Ayb May 06 '15 at 16:07
  • I need to extract username from page-header – user2957954 May 06 '15 at 16:10
  • Then you can get it from HttpServletrequest ((HttpServletRequest)request).getUserPrincipal().getName() – BH-Ayb May 06 '15 at 16:13