Has anybody done spring pre-authentication with TAM Web-seal? Can you please share the configuration details?
Asked
Active
Viewed 1,897 times
1 Answers
2
If webseal forward the request with the username in iv-user header, then it is relative simple to configure spring-security:
<security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint" access-decision-manager-ref="httpAccessDecisionManager">
<security:custom-filter ref="webSealPreAuthFilter" position="PRE_AUTH_FILTER"/>
...
</security:http>
<bean id="webSealPreAuthFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="principalRequestHeader" value="iv-user"/>
<!-- exceptionIfHeaderMissing AND checkForPrincipalChanges needs to be enable to check that each request needs a "iv-user" header -->
<property name="checkForPrincipalChanges" value="true"/>
<property name="exceptionIfHeaderMissing" value="true"/>
</bean>
<alias name="authenticationManager" alias="org.springframework.security.authenticationManager"/>
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<property name="authenticationEventPublisher">
<bean class="org.springframework.security.authentication.DefaultAuthenticationEventPublisher"/>
</property>
<constructor-arg name="providers">
<list>
<ref local="preAuthenticatedAuthenticationProvider"/>
</list>
</constructor-arg>
</bean>
<bean id="preAuthenticatedAuthenticationProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService">
<bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg name="userDetailsService" ref="userDetailsService"/>
</bean>
</property>
</bean>
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
You need an userDetailsService but this is highly dependend on how your application works.
Ralph
- 118,862
- 56
- 287
- 383
-
Thank you so much Ralph...will try out this :) – chandrashekhar.dehankar Dec 10 '15 at 09:59
-
actually scenario has changed instead of pre-authentication we need jboss container based authentication.. so looking in tat direction ..do you have any idea about how to get TAM session from container? – chandrashekhar.dehankar Dec 26 '15 at 13:52
-
@user1503342: no I do not have an idea about jboss - so I recommend you to ask a NEW question. – Ralph Dec 26 '15 at 15:17
-
Thank for your prompt response Ralph – chandrashekhar.dehankar Dec 26 '15 at 16:55
-
@Ralph Is it possible to fetch the password that user entered with in code? thanks – Linoy Dec 08 '20 at 18:26
-
@Linoy: I hope that the WebSeal does not forward the password - so the answer is: (hopefully) not – Ralph Dec 09 '20 at 15:06