Spring Security
  1. Spring Security
  2. SEC-1093

Add namespace support for the J2EE processing filter

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Complete
    • Affects Version/s: 2.0.4
    • Fix Version/s: 3.1.0.M1
    • Component/s: Namespace
    • Labels:
      None

      Description

      AFAIK currently there is no namespace support for J2EE security. I think J2EE security integration can be configured much more easily if namespace support for this feature is added to Spring Security.

      Basically, default configuration of J2EE security could then look like this:
      <sec:http>
      <sec:logout/>
      <sec:anonymous key="anonymous" granted-authority="ROLE_ANONYMOUS"/>
      <sec:intercept-url pattern="/**" access="ROLE_AUTHENTICATED"/>
      <sec:j2ee/>
      </sec:http>

      Here, the <sec:j2ee/> tag should configure the PreAuthenticatedProcessingFilterEntryPoint, the J2eePreAuthenticatedProcessingFilter (defaulting to reading the mappable roles from web.xml and using the SimpleAttribute2GrantedAuthoritiesMapper), and the PreAuthenticatedAuthenticationProvider together with the PreAuthenticatedGrantedAuthoritiesUserDetailsService.

      So, basically the configuration snippet listed above would be equivalent to the following verbose configuration:
      <sec:authentication-manager alias="authenticationManager" />

      <bean id="preAuthenticatedAuthenticationProvider"
      class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
      <sec:custom-authentication-provider />
      <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService" />
      </bean>

      <bean id="preAuthenticatedUserDetailsService"
      class="org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService" />

      <sec:http entry-point-ref="preAuthenticatedProcessingFilterEntryPoint">
      <sec:logout />
      <sec:anonymous key="anonymous" granted-authority="ROLE_ANONYMOUS" />
      <sec:intercept-url pattern="/**" access="ROLE_AUTHENTICATED" />
      </sec:http>

      <bean id="j2eePreAuthFilter"
      class="org.springframework.security.ui.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
      <sec:custom-filter position="PRE_AUTH_FILTER" />
      <property name="authenticationManager" ref="authenticationManager" />
      <property name="authenticationDetailsSource" ref="authenticationDetailsSource" />
      </bean>

      <bean id="preAuthenticatedProcessingFilterEntryPoint"
      class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" />

      <bean id="authenticationDetailsSource" class="org.springframework.security.ui.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
      <property name="mappableRolesRetriever" ref="j2eeMappableRolesRetriever" />
      <property name="userRoles2GrantedAuthoritiesMapper" ref="j2eeUserRoles2GrantedAuthoritiesMapper" />
      </bean>

      <bean id="j2eeUserRoles2GrantedAuthoritiesMapper"
      class="org.springframework.security.authoritymapping.SimpleAttributes2GrantedAuthoritiesMapper" />

      <bean id="j2eeMappableRolesRetriever"
      class="org.springframework.security.ui.preauth.j2ee.WebXmlMappableAttributesRetriever">
      <property name="webXmlInputStream">
      <bean factory-bean="webXmlResource" factory-method="getInputStream" />
      </property>
      </bean>

      <bean id="webXmlResource"
      class="org.springframework.web.context.support.ServletContextResource">
      <constructor-arg ref="servletContext" />
      <constructor-arg value="/WEB-INF/web.xml" />
      </bean>

      <bean id="servletContext"
      class="org.springframework.web.context.support.ServletContextFactoryBean" />

        Issue Links

          Activity

          Hide
          Luke Taylor added a comment -

          This has been implemented, but in a simpler way, using the SimpleAttributes2GrantedAuthoritiesMapper as the default for obtaining the possible roles, rather than attempting to parse the web.xml.

          Show
          Luke Taylor added a comment - This has been implemented, but in a simpler way, using the SimpleAttributes2GrantedAuthoritiesMapper as the default for obtaining the possible roles, rather than attempting to parse the web.xml.

            People

            • Assignee:
              Luke Taylor
              Reporter:
              Ruud Senden
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: