Versions Compared

Old Version 1

changes.mady.by.user Stephen Turner

Saved on

compared with

New Version 2

changes.mady.by.user Stephen Turner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CSF Security code is contained in a jar file named "csf-security-x.x.x.jar" where x.x.x is the CSF version number. An example, for CSF version 2.0.20 is csf-security-2.2.20.jar. All CSF jar files are located in the IS&T Maven repository (see https://maven.mit.eduImage Removed), and they can be downloaded from that web site.

...

For apps using Ant for the build process, you will have to get hold of the three jar files (csf-security, csf-base, and csf-webservices) and copy them to the "lib" folder of your web application. The jar files can be downloaded from https://maven.mit.edu/Image Removed.

CSF Security Spring Configuration

...

Code Block
    <import resource="classpath*:applicationContext-csf-security-spring.xml" />
    <import resource="classpath*:applicationContext-csf-base.xml" />
    <import resource="classpath*:applicationContext-csf-webservices.xml" />

This is standard Spring Security configuration; we are just plugging in CSF classes into the Spring Security. Assuming Now, assuming you have an XML file controlling your Spring Security configuration, you would need to add, configure these beans:

Code Block

	<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
 		<constructor-arg>
    		<list>
               <security:filter-chain pattern="/css/**" filters="logoutFilter" />
	           <security:filter-chain pattern="/images/**" filters="logoutFilter" />
	           <security:filter-chain pattern="/js/**" filters="logoutFilter" />
	           <security:filter-chain pattern="/calendar/**" filters="logoutFilter" />
	           <security:filter-chain pattern="/**" filters="httpSessionContextIntegrationFilter,
	           		logoutFilter,
	           		ssoAuthenticationProcessingFilter,
	           		basicAuthenticationProcessingFilter,
	           		exceptionTranslationFilter,
	           		filterSecurityInterceptor"
	           />
	        </list>
	    </constructor-arg>
	</bean>

    <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="accessDecisionManager" ref="accessDecisionManager"/>
        <property name="securityMetadataSource">
            <security:filter-security-metadata-source>
                <security:intercept-url pattern="/index.htm" access="ROLE_DOES_NOT_EXIST" />
                <security:intercept-url pattern="/allusers/*" access="ROLE_DOES_NOT_EXIST" />
                <security:intercept-url pattern="/adminonly/*" access="ROLE_DOES_NOT_EXIST" />
            </security:filter-security-metadata-source>
        </property>
    </bean>

    <bean id="authorizationService" class="edu.mit.csf.security.service.MultipleAuthorizationsService">
        <property name="combine" value="true" />
        <property name="authorizationServices">
            <list>
                <ref bean="mitRolesAuthorizationService" />
            </list>
        </property>
    </bean>