Info |
---|
Help is available by sending an email to csf-support@mit.edu |
Panel | ||||||
---|---|---|---|---|---|---|
Quick Links to:
|
- Add the following 3 beans to your application's appicationContext spring security xml.
You many already have a filterChainProxy already defined in your security XML. If the filterChainProxy is already defined, then replace it with the filterChainProxy given below.
The ssoX509SecurityContextPersistenceFilter and the ssoX509AuthenticationProcessingFilter are new beans.
Panel | ||||||
---|---|---|---|---|---|---|
Using X509 Application Certificates with CSF Security version 2Using X509 Applicaiton Certificates with CSF Security requires that the following be done:
Each of the above is described below. | ||||||
Wiki Markup |
Code Block |
---|
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy"> <security:filter-chain-map path-type="ant"> <security:filter-chain pattern="/css/**" filters="logoutFilter" /> <security:filter-chain pattern="/images/**" filters="logoutFilter" /> <security:filter-chain pattern="/js/**" filters="logoutFilter" /> <security:filter-chain pattern="/docs/**" filters="logoutFilter" /> <security:filter-chain pattern="/**" filters="ssoX509SecurityContextPersistenceFilter, logoutFilter, ssoX509AuthenticationProcessingFilter, basicAuthenticationProcessingFilter, exceptionTranslationFilter, filterSecurityInterceptor
" /> </security:filter-chain-map> </bean> <bean id="ssoX509SecurityContextPersistenceFilter" class="edu.mit.csf.security.spring.filter.SsoX509SecurityContextPersistenceFilter"/> <bean id="ssoX509AuthenticationProcessingFilter" class="edu.mit.csf.security.spring.filter.SsoX509AuthenticationProcessingFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="allowedEntities" ref="allowedEntities"/> </bean>
- Add the following bean to your application's appicationContext conf xml.
For Tomcat servers:
Notice that in the <value> line there is a <application identifier> entry. You must replace the <application identifier> with your application identifier. For example: if your application identifier is addDrop, then the <value> line would be:Code Block <bean id="allowedEntities" class="edu.mit.csf.base.configuration.CompactApacheApplicationConfiguration" init-method="init"> <property name="locations"> <list> <value>file:${user.dir}/<application identifier>/allowedEntities.properties</value> </list> </property> </bean>
Code Block <value>file:${user.dir}/addDrop/allowedEntities.properties</value>
For OC4J servers:Code Block <bean id="allowedEntities" class="edu.mit.csf.base.configuration.CompactApacheApplicationConfiguration" init-method="init"> <property name="locations"> <list>
<value>file:${user.home}/allowedEntities.properties</value> </list> </property> </bean>
- Create a new allowedEntities.properties
- file
- and
- place
- it
- in
- either
- the
- $
- {user.dir}/<application
- identifier>
- directory
- for
- apache/tomcat
- servers
- or
- in
- the
- $
- {user.home}
- for OC4J servers.
The entries for this propery file must be of the following syntax:
<application certificate CN>=yes
Here are two entries for commonly used application certificates:Code Block # for the registrar application certificate registrar.app.mit.edu=yes # for the registrar-test application certificate registrar-test.app.mit.edu=yes
Panel | ||||||
---|---|---|---|---|---|---|
Things that you should be aware ofThese notes pertain to the ssoX509SecurityContextPersistenceFilter and the ssoX509AuthenticationProcessingFilter.
|