Versions Compared

Old Version 39

changes.mady.by.user David E Tanner

Saved on

compared with

New Version 40

changes.mady.by.user David E Tanner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel

Anchor
Things that you should be aware of
Things that you should be aware of

Things that you should be aware of


These notes pertain to the ssoX509SecurityContextPersistenceFilter and the ssoX509AuthenticationProcessingFilter.

  1. These filters are designed to work with either both Touchstone authentication and/or X509 Application Certificate authentication.
  2. Touchstone authentication always takes presidency over X509 Application Certificate authentication.
  3. For each http request based on X509 Application Certificate authentication, a new spring security context will be created when the request is received and destroyed when request is has been completed.
  4. For each http request based on Touchstone authentication:
    1. A check is made to see if there is an existing security context for the request.
    2. If there is no existing security context, then a new security context is created and will be saved when the request has been completed.
    3. If there is an existing security context, then existing security context is retrieve and a check is made to verify that the security context principal is identical to the Touchstone remote user.
    4. If the security context principal is different from the Touchstone remote user, then the existing security context is ignored, a new security context is created and will be destroyed when the request has been completed.
    5. If the security context principal is identical to the Touchstone remote user, then the existing security context is used and will saved when the request has been completed.