6

I am converting an old version based Spring application to annotation based Spring4 application. As a first step I converted all xmls to java configuration based annotations. The application is working fine, but the only issue is with the site minder xml configuration. I don't know how to convert the below siteminder configuration which is there in the web.xml into java based.

<login-config>
   <auth-method>CLIENT-CERT</auth-method>
   <realm-name>SiteMinderRealm</realm-name>
</login-config>

The above siteminder configuration is in web.xml,

Can anyone please tell me how to write the java based configuration for the above xml in AppInitializer.java

my web.xml and its corresponding substituted AppInitializer.java code is as shown below

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
        http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    id="WebApp_ID" version="3.0">

    <display-name>SpringWebMVCApp</display-name>
    <context-param>
        <param-name>contextClass</param-name>
        <param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
    </context-param>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>com.helloworld.config.AppConfig</param-value>
    </context-param>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <servlet>
        <servlet-name>DispatcherServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextClass</param-name>
            <param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>DispatcherServlet</servlet-name>
        <url-pattern>/rest/</url-pattern>
    </servlet-mapping>

    <login-config>
        <auth-method>CLIENT-CERT</auth-method>
        <realm-name>SiteMinderRealm</realm-name>
    </login-config>
</web-app>

AppInitializer.java

public class AppInitializer implements WebApplicationInitializer {
    @Override
    public void onStartup(ServletContext servletContext) throws ServletException {
        WebApplicationContext context = getContext();
        servletContext.addListener(new ContextLoaderListener(context));
        ServletRegistration.Dynamic dispatcher = servletContext.addServlet("DispatcherServlet", new DispatcherServlet(context));
        dispatcher.setLoadOnStartup(1);
        dispatcher.addMapping("/rest/");
    }

    private AnnotationConfigWebApplicationContext getContext() {
        AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
        context.register(AppConfig.class);
        return context;
    }
}

Update 1

public class AppInitializer extends WebSecurityConfigurerAdapter implements WebApplicationInitializer {
    @Override
    public void onStartup(ServletContext servletContext) throws ServletException {
        WebApplicationContext context = getContext();
        servletContext.addListener(new ContextLoaderListener(context));
        ServletRegistration.Dynamic dispatcher = servletContext.addServlet("DispatcherServlet", new DispatcherServlet(context));
        dispatcher.setLoadOnStartup(1);
        dispatcher.addMapping("/rest/");
    }

    private AnnotationConfigWebApplicationContext getContext() {
        AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
        context.register(AppConfig.class);
        return context;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
       http.httpBasic().realmName("SiteMinderRealm").and().x509();
    }

}
Alex Man
  • 4,746
  • 17
  • 93
  • 178
  • Why do you have both a `web.xml` and a `WebApplicationInitializer`? Which aren't even the same? – M. Deinum Sep 08 '15 at 10:58
  • @M.Deinum I am using only WebApplicationInitializer not web.xml, web.xml shown which is from my old spring application, which I am trying to convert to spring4 java config, Only thing is that I dont know how to convert those siteminder stuff to java config – Alex Man Sep 08 '15 at 11:01
  • For `login-config` there is no java equivalent, that is left out of the java servlet spec not sure why. You would need both a `web.xml` (for the `login-config`) and Java stuff you have for configuration Spring (Although I would suggest extending`AbstractAnnotationConfigDispatcherServletInitializer`). – M. Deinum Sep 08 '15 at 11:28
  • What isn't clear about *there is no java equivalent*? So no there is no work around... – M. Deinum Sep 08 '15 at 11:44
  • so we have to use only xml – Alex Man Sep 08 '15 at 12:46
  • No... As I mentioned use a `web.xml` for the `login-config` and there rest can be in java config. You can mix and match... – M. Deinum Sep 08 '15 at 12:47
  • can we give some other name instead of web.xml and call within java config – Alex Man Sep 08 '15 at 12:49
  • Obviously no as the name is dictated by the servlet spec. – M. Deinum Sep 08 '15 at 12:52
  • :(................. then its better I can use xml rather than java config – Alex Man Sep 08 '15 at 13:02

1 Answers1

5

Did you try configuring this on the WebSecurityConfigurerAdapter? Something like this:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
   http.httpBasic().realmName("SiteMinderRealm").and().x509();
   }
}
prettyvoid
  • 3,446
  • 6
  • 36
  • 60