...
CSF
...
Security
...
in
...
a
...
non-MITSIS
...
App
Prerequisites
There are some criteria that a non-MITSIS
...
application must fulfill before it can use CSF Security. The app should use:
- Spring Framework 3.1
- Spring MVC 3.1
- Spring Security 3.1
- Java 6 or higher
Add CSF Security Dependencies to App
CSF Security code is contained in a jar file named "csf-security-x.x.x.jar"
...
where
...
x.x.x
...
is
...
the
...
CSF
...
version
...
number.
...
An
...
example,
...
for
...
CSF
...
version
...
2.0.20
...
is
...
csf-security-2.2.20.jar.
...
All
...
CSF
...
jar
...
files
...
are
...
located
...
in
...
the
...
IS&T
...
Maven
...
repository
...
(see
...
...
),
...
and
...
they
...
can
...
be
...
downloaded
...
from
...
that
...
web
...
site.
...
CSF
...
security
...
has
...
further
...
dependencies
...
on
...
CSF
...
Base,
...
and
...
CSF
...
Webservices.
...
These
...
modules
...
are
...
in
...
separate
...
jar
...
files,
...
tagged
...
with
...
a
...
matching
...
release
...
number:
...
csf-base-x.x.x.jar
...
and
...
csf-webservices-x.x.x.jar.
...
So,
...
to
...
summarize,
...
the
...
app
...
needs
...
access
...
to
...
the
...
following
...
CSF
...
jar
...
files:
...
- csf-security-x.x.x.jar
...
- csf-base-x.x.x.jar
...
- csf-webservices-x.x.x.jar
...
How
...
these
...
jar
...
files
...
are
...
included
...
in
...
the
...
app
...
depends
...
on
...
the
...
build
...
method
...
of
...
the
...
app.
...
Maven
...
Builds
...
For
...
apps
...
using
...
Maven,
...
the
...
following
...
dependency
...
should
...
be
...
added
...
to
...
the
...
app's
...
pom.xml
...
file:
| Code Block |
|---|
} <dependency> <groupId>edu.mit.ist.es.csf</groupId> <artifactId>csf-security</artifactId> <version>x.x.x</version> </dependency> {code} |
where
...
x.x.x
...
would
...
be
...
replaced
...
by
...
the
...
CSF
...
version
...
number.
...
This
...
dependency
...
specification
...
will
...
automatically
...
pull
...
in
...
the
...
csf-base
...
and
...
csf-webservices
...
dependencies.
...
Ant
...
Builds
...
For
...
apps
...
using
...
Ant
...
for
...
the
...
build
...
process,
...
you
...
will
...
have
...
to
...
get
...
hold
...
of
...
the
...
three
...
jar
...
files
...
(csf-security,
...
csf-base,
...
and
...
csf-webservices)
...
and
...
copy
...
them
...
to
...
the
...
"lib"
...
folder
...
of
...
your
...
web
...
application.
...
The
...
jar
...
files
...
can
...
be
...
downloaded
...
from
...
...
.
...
CSF
...
Security
...
Spring
...
Configuration
...
To
...
configure
...
CSF
...
security,
...
you
...
will
...
need
...
to
...
do
...
some
...
XML
...
configuration.
...
First,
...
make
...
sure
...
your
...
Spring
...
context
...
is
...
referencing
...
the
...
CSF
...
Spring
...
XML
...
files:
| Code Block |
|---|
} <import resource="classpath*:applicationContext-csf-security-spring.xml" /> <import resource="classpath*:applicationContext-csf-base.xml" /> <import resource="classpath*:applicationContext-csf-webservices.xml" /> {code} |
Now,
...
assuming
...
you
...
have
...
an
...
XML
...
file
...
controlling
...
your
...
Spring
...
Security
...
configuration,
...
configure
...
these
...
beans:
| Code Block |
|---|
} <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy"> <constructor-arg> <list> <security:filter-chain pattern="/css/**" filters="logoutFilter" /> <security:filter-chain pattern="/images/**" filters="logoutFilter" /> <security:filter-chain pattern="/js/**" filters="logoutFilter" /> <security:filter-chain pattern="/**" filters="httpSessionContextIntegrationFilter, logoutFilter, ssoAuthenticationProcessingFilter, basicAuthenticationProcessingFilter, exceptionTranslationFilter, filterSecurityInterceptor" /> </list> </constructor-arg> </bean> <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="accessDecisionManager"/> <property name="securityMetadataSource"> <security:filter-security-metadata-source> <security:intercept-url pattern="/index.htm" access="ROLE_EMPLOYEE,ROLE_ADMIN" /> <security:intercept-url pattern="/allusers/*" access="ROLE_EMPLOYEE,ROLE_ADMIN" /> <security:intercept-url pattern="/adminonly/*" access="ROLE_ADMIN" /> </security:filter-security-metadata-source> </property> </bean> <bean id="authorizationService" class="edu.mit.csf.security.service.MultipleAuthorizationsService"> <property name="combine" value="true" /> <property name="authorizationServices"> <list> <ref bean="mitRolesAuthorizationService" /> </list> </property> </bean> {code} h3. Properties File CSF requires some properties to be specified in a flat file outside of the web app. The reason is so that different property values can be specified on different tiers. This allows us, for example, to use the test Roles system in our dev & test tiers while using the production Roles system in production, without having to modify code or the contents of the web app. The properties file can be named anything you want and located anywhere you want. The contents should look like this (for a developer's local configuration): {code} |
Properties File
CSF requires some properties to be specified in a flat file outside of the web app. The reason is so that different property values can be specified on different tiers. This allows us, for example, to use the test Roles system in our dev & test tiers while using the production Roles system in production, without having to modify code or the contents of the web app.
The properties file can be named anything you want and located anywhere you want. The contents should look like this (for a developer's local configuration):
| Code Block |
|---|
roles.function.category=REG
local.authentication=true
local.user.name = <YOURKERBNAME>
local.user.password = <SOMEPASSWORD>
local.authority.domain = OREG
webservices.keyStore=/home/sturner/keys/registrar.jks
webservices.keyStorePassword=<KEYSTOREPASSWORD>
webservices.trustStore=/home/sturner/keys/serverTrustStore.jks
webservices.trustStorePassword=<TRUSTSTOREPASSWORD>
webservices.mitrolesws.proxy.user=REG$TEST
webservices.mitrolesws.url=[https://rolesws-test.mit.edu/rolesws/services/roles]
webservices.mitroles.url=[https://uaws-test.mit.edu/uaws/services/ua]
{code}
|
To
...
get
...
Spring
...
to
...
read
...
the
...
properties
...
and
...
make
...
them
...
available
...
to
...
the
...
CSF
...
Security
...
module,
...
configure
...
this
...
bean
...
in
...
your
...
Spring
...
context:
| Code Block |
|---|
} <bean id="applicationConfiguration" class="edu.mit.csf.base.configuration.ApacheApplicationConfiguration" init-method="init"> <property name="locations"> <list> <!-- Property files are loaded in the order below. First entry found will set the value. Any "file" will be regularly checked for updates and reloaded if changed. --> <value>file:${user.home}/machine.properties</value> <value>file:<PATH_TO_YOUR_PROPERTIES_FILE></value> </list> </property> </bean> {code} |