Versions Compared

Old Version 1

changes.mady.by.user Stephen Turner

Saved on

compared with

New Version Current

changes.mady.by.user Stephen Turner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

CSF Security code is contained in a jar file named "csf-security-x.x.x.jar" where x.x.x is the CSF version number. An example, for CSF version 2.0.20 is csf-security-2.2.20.jar. All CSF jar files are located in the IS&T Maven repository (see https://maven.mit.eduImage Removed), and they can be downloaded from that web site.

...

For apps using Ant for the build process, you will have to get hold of the three jar files (csf-security, csf-base, and csf-webservices) and copy them to the "lib" folder of your web application. The jar files can be downloaded from https://maven.mit.edu/Image Removed.

CSF Security Spring Configuration

...

Code Block
    <import resource="classpath*:applicationContext-csf-security-spring.xml" />
    <import resource="classpath*:applicationContext-csf-base.xml" />
    <import resource="classpath*:applicationContext-csf-webservices.xml" />

This is standard Spring Security configuration; we are just plugging in CSF classes into the Spring Security. Assuming Now, assuming you have an XML file controlling your Spring Security configuration, you would need to addconfigure these beans:

Code Block

<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
    <constructor-arg>
    	<list>
               <security:filter-chain pattern="/css/**" filters="logoutFilter" />
	           <security:filter-chain pattern="/images/**" filters="logoutFilter" />
	           <security:filter-chain pattern="/js/**" filters="logoutFilter" />
	           <security:filter-chain pattern="/**" filters="httpSessionContextIntegrationFilter,
	           		logoutFilter,
	           		ssoAuthenticationProcessingFilter,
	           		basicAuthenticationProcessingFilter,
	           		exceptionTranslationFilter,
	           		filterSecurityInterceptor"
	           />
	</list>
    </constructor-arg>
</bean>

    <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="accessDecisionManager" ref="accessDecisionManager"/>
        <property name="securityMetadataSource">
            <security:filter-security-metadata-source>
                <security:intercept-url pattern="/index.htm" access="ROLE_EMPLOYEE,ROLE_ADMIN" />
                <security:intercept-url pattern="/allusers/*" access="ROLE_EMPLOYEE,ROLE_ADMIN" />
                <security:intercept-url pattern="/adminonly/*" access="ROLE_ADMIN" />
            </security:filter-security-metadata-source>
        </property>
    </bean>

    <bean id="authorizationService" class="edu.mit.csf.security.service.MultipleAuthorizationsService">
        <property name="combine" value="true" />
        <property name="authorizationServices">
            <list>
                <ref bean="mitRolesAuthorizationService" />
            </list>
        </property>
    </bean>

Properties File

CSF requires some properties to be specified in a flat file outside of the web app. The reason is so that different property values can be specified on different tiers. This allows us, for example, to use the test Roles system in our dev & test tiers while using the production Roles system in production, without having to modify code or the contents of the web app.

The properties file can be named anything you want and located anywhere you want. The contents should look like this (for a developer's local configuration):

Code Block

roles.function.category=REG
local.authentication=true
local.user.name = <YOURKERBNAME>
local.user.password = <SOMEPASSWORD>
local.authority.domain = OREG

webservices.keyStore=/home/sturner/keys/registrar.jks
webservices.keyStorePassword=<KEYSTOREPASSWORD>
webservices.trustStore=/home/sturner/keys/serverTrustStore.jks
webservices.trustStorePassword=<TRUSTSTOREPASSWORD>

webservices.mitrolesws.proxy.user=REG$TEST
webservices.mitrolesws.url=[https://rolesws-test.mit.edu/rolesws/services/roles]
webservices.mitroles.url=[https://uaws-test.mit.edu/uaws/services/ua]

To get Spring to read the properties and make them available to the CSF Security module, configure this bean in your Spring context:

Code Block

	<bean id="applicationConfiguration"
		class="edu.mit.csf.base.configuration.ApacheApplicationConfiguration"
		init-method="init">
		<property name="locations">
			<list>
				<!--
					Property files are loaded in the order below.
					First entry	found will set the value. Any "file"
					will be regularly checked for updates and reloaded
					if changed.
				-->
				<value>file:${user.home}/machine.properties</value>
				<value>file:<PATH_TO_YOUR_PROPERTIES_FILE></value>
			</list>
		</property>
	</bean>