...
Now, assuming you have an XML file controlling your Spring Security configuration, configure these beans:
| Code Block |
|---|
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy"> <constructor-arg> <list> <security:filter-chain pattern="/css/**" filters="logoutFilter" /> <security:filter-chain pattern="/images/**" filters="logoutFilter" /> <security:filter-chain pattern="/js/**" filters="logoutFilter" /> <security:filter-chain pattern="/calendar/**" filters="logoutFilter" /> <security:filter-chain pattern="/**" filters="httpSessionContextIntegrationFilter, logoutFilter, ssoAuthenticationProcessingFilter, basicAuthenticationProcessingFilter, exceptionTranslationFilter, filterSecurityInterceptor" /> </list> </constructor-arg> </bean> <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="accessDecisionManager"/> <property name="securityMetadataSource"> <security:filter-security-metadata-source> <security:intercept-url pattern="/index.htm" access="ROLE_DOES_NOT_EXISTEMPLOYEE,ROLE_ADMIN" /> <security:intercept-url pattern="/allusers/*" access="ROLE_DOES_NOT_EXISTEMPLOYEE,ROLE_ADMIN" /> <security:intercept-url pattern="/adminonly/*" access="ROLE_DOES_NOT_EXISTADMIN" /> </security:filter-security-metadata-source> </property> </bean> <bean id="authorizationService" class="edu.mit.csf.security.service.MultipleAuthorizationsService"> <property name="combine" value="true" /> <property name="authorizationServices"> <list> <ref bean="mitRolesAuthorizationService" /> </list> </property> </bean> |
Properties File
CSF requires some properties to be specified in a flat file outside of the web app. The reason is so that different property values can be specified on different tiers. This allows us, for example, to use the test Roles system in our dev & test tiers while using the production Roles system in production, without having to modify code or the contents of the web app.
The properties file can be named anything you want and located anywhere you want. The contents should look like this (for a developer's local configuration):
| Code Block |
|---|
roles.function.category=REG
local.authentication=true
local.user.name = <YOURKERBNAME>
local.user.password = <SOMEPASSWORD>
local.authority.domain = OREG
webservices.keyStore=/home/sturner/keys/registrar.jks
webservices.keyStorePassword=<KEYSTOREPASSWORD>
webservices.trustStore=/home/sturner/keys/serverTrustStore.jks
webservices.trustStorePassword=<TRUSTSTOREPASSWORD>
webservices.mitrolesws.proxy.user=REG$TEST
webservices.mitrolesws.url=[https://rolesws-test.mit.edu/rolesws/services/roles]
webservices.mitroles.url=[https://uaws-test.mit.edu/uaws/services/ua]
|
To get Spring to read the properties and make them available to the CSF Security module, configure this bean in your Spring context:
| Code Block |
|---|
<bean id="applicationConfiguration" class="edu.mit.csf.base.configuration.ApacheApplicationConfiguration" init-method="init"> <property name="locations"> <list> <!-- Property files are loaded in the order below. First entry found will set the value. Any "file" will be regularly checked for updates and reloaded if changed. --> <value>file:${user.home}/machine.properties</value> <value>file:<PATH_TO_YOUR_PROPERTIES_FILE></value> </list> </property> </bean> |