documentation:1.3:applications:spring

Spring Security (ACEGI)

Spring Security is the new ACEGI name. This is a well known security framework for J2EE applications.

Spring Security provides a default pre-authentication mechanism that can be used to connect your J2EE application to LL::NG.

You can find all suitable information here: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/preauth.html

To summarize, to get the user connected trough the Auth-User HTTP Header, use this Sping Security configuration:

<bean id="LemonLDAPNGFilter" class=
"org.springframework.security.web.authentication.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter">
    <security:custom-filter position="PRE_AUTH_FILTER" />
    <property name="principalRequestHeader" value="Auth-User"/>
    <property name="authenticationManager" ref="authenticationManager" />
</bean>
 
<bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
  <security:custom-authentication-provider />
    <property name="preAuthenticatedUserDetailsService">
    <bean id="userDetailsServiceWrapper" class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper">
      <property name="userDetailsService" ref="userDetailsService"/>
    </bean>
  </property>
</bean>
 
<security:authentication-manager alias="authenticationManager" />