Versions Compared

Old Version 29

changes.mady.by.user David E Tanner

Saved on

compared with

New Version 30

changes.mady.by.user David E Tanner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel

Anchor
Using X509 Application Certificates with CSF Security version 2
Using X509 Application Certificates with CSF Security version 2

Using X509 Application Certificates with CSF Security version 2

Using X509 Applicaiton Certificates with CSF Security requires that the following be done:

  • add three new beans to your application's applicationContext spring security xml,
  • add one new bean to your application's applicationContext conf xml,
  • create a new allowEntities.properties file.

Each of the above is described below.

  1. Add the following 3 beans to your application's appicationContext spring security xml.

    You many already have a filterChainProxy already defined in your security XML.  If the filterChainProxy is already defined, then replace it with the filterChainProxy given below.

    The ssoX509SecurityContextPersistenceFilter and the ssoX509AuthenticationProcessingFilter are new beans.
    Code Block
        <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
        <security:filter-chain-map path-type="ant">
            <security:filter-chain pattern="/css/**" filters="logoutFilter" />
            <security:filter-chain pattern="/images/**" filters="logoutFilter" />
            <security:filter-chain pattern="/js/**" filters="logoutFilter" />
            <security:filter-chain pattern="/docs/**" filters="logoutFilter" />
            <security:filter-chain pattern="/**" filters="ssoX509SecurityContextPersistenceFilter,
           		logoutFilter,
           		ssoX509AuthenticationProcessingFilter,
           		basicAuthenticationProcessingFilter,
           		exceptionTranslationFilter,
           		filterSecurityInterceptor,
           		switchUserProcessingFilter"
            />
        </security:filter-chain-map>
    </bean>

    <bean id="ssoX509SecurityContextPersistenceFilter" class="edu.mit.csf.security.spring.filter.SsoX509SecurityContextPersistenceFilter"/>
    
    <bean id="ssoX509AuthenticationProcessingFilter" class="edu.mit.csf.security.spring.filter.SsoX509AuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="allowedEntities" ref="allowedEntities"/>
    </bean>
  2. Add the following bean to your application's appicationContext conf xml.
    Code Block
        <bean id="allowedEntities" class="edu.mit.csf.base.configuration.CompactApacheApplicationConfiguration" init-method="init">
        <property name="locations">
            <list>
                <value>file:${user.dir}/<application identifier>/allowedEntities.properties</value>
                <value>file:${user.home}/allowedEntities.properties</value>
            </list>
        </property>
    </bean>
    Notice that in the first <value> line there is a <application identifier> entry.  You must replace the <application identifier> with your application identifier.  For example: if your application identifier is addDrop, then the <value> line would be:
    Code Block
    <value>file:$\{user.dir}/addDrop/allowedEntities.properties</value>
    .
  3. create Create a new allowEntities.properties file and place it in either the ${user.dir}/<application identifier> directory for apache/tomcat servers or in the ${user.home} for OC4J servers.