Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:latest:applications:spring [2016/07/19 12:10] (current)
Line 1: Line 1:
 +====== Spring Security (ACEGI) ======
  
 +{{ :​applications:​spring_logo.png |}}
 +
 +===== Presentation =====
 +
 +
 +[[http://​static.springsource.org/​spring-security/​site/​|Spring Security]] is the new ACEGI name. This is a well known security framework for J2EE applications.
 +
 +Spring Security provides a default ''​pre-authentication''​ mechanism that can be used to connect your J2EE application to LL::NG.
 +
 +===== Configuration =====
 +
 +You can find all suitable information here: [[http://​static.springsource.org/​spring-security/​site/​docs/​3.0.x/​reference/​preauth.html]]
 +
 +To summarize, to get the user connected trough the ''​Auth-User''​ HTTP Header, use this Sping Security configuration:​
 +
 +<file xml>
 +<bean id="​LemonLDAPNGFilter"​ class=
 +"​org.springframework.security.web.authentication.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter">​
 +    <​security:​custom-filter position="​PRE_AUTH_FILTER"​ />
 +    <​property name="​principalRequestHeader"​ value="​Auth-User"/>​
 +    <​property name="​authenticationManager"​ ref="​authenticationManager"​ />
 +</​bean>​
 +
 +<bean id="​preauthAuthProvider"​ class="​org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">​
 +  <​security:​custom-authentication-provider />
 +    <​property name="​preAuthenticatedUserDetailsService">​
 +    <bean id="​userDetailsServiceWrapper"​ class="​org.springframework.security.userdetails.UserDetailsByNameServiceWrapper">​
 +      <​property name="​userDetailsService"​ ref="​userDetailsService"/>​
 +    </​bean>​
 +  </​property>​
 +</​bean>​
 +
 +<​security:​authentication-manager alias="​authenticationManager"​ />
 +</​file>​