Help is available by sending an email to csf-support@mit.edu
Have any suggestion on how improve this wiki?  Please give us your feedback at csf-support@mit.edu

{anchor:Using X509 Application Certificates with CSF Security version 2}
h3. Using X509 Application Certificates with CSF Security version 2
Using X509 Applicaiton Certificates with CSF Security requires that the following be done:
* add three new beans to your application's applicationContext spring security xml,
* add one new bean to your application's applicationContext conf xml,
* create a new allowEntities.properties file.

Each of the above is described below.

# Add the following 3 beans to your application's appicationContext spring security xml.
\\
\\
You many already have a *filterChainProxy* already defined in your security XML.  If the *filterChainProxy* is already defined, then replace it with the *filterChainProxy* given below.
\\
\\
The *ssoX509SecurityContextPersistenceFilter* and the *ssoX509AuthenticationProcessingFilter* are new beans.
\\
{code}
    <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
        <security:filter-chain-map path-type="ant">
            <security:filter-chain pattern="/css/**" filters="logoutFilter" />
            <security:filter-chain pattern="/images/**" filters="logoutFilter" />
            <security:filter-chain pattern="/js/**" filters="logoutFilter" />
            <security:filter-chain pattern="/docs/**" filters="logoutFilter" />
            <security:filter-chain pattern="/**" filters="ssoX509SecurityContextPersistenceFilter,
           		logoutFilter,
           		ssoX509AuthenticationProcessingFilter,
           		basicAuthenticationProcessingFilter,
           		exceptionTranslationFilter,
           		filterSecurityInterceptor,
           		switchUserProcessingFilter"
            />
        </security:filter-chain-map>
    </bean>

    <bean id="ssoX509SecurityContextPersistenceFilter" class="edu.mit.csf.security.spring.filter.SsoX509SecurityContextPersistenceFilter"/>
    
    <bean id="ssoX509AuthenticationProcessingFilter" class="edu.mit.csf.security.spring.filter.SsoX509AuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="allowedEntities" ref="allowedEntities"/>
    </bean>
{code}
# Add the following bean to your application's appicationContext conf xml.&nbsp;&nbsp;Notice that in the first <value> line there is a *<application identifier>* entry.&nbsp;&nbsp;You must replace the *<application identifier>* with your application identifier.&nbsp;&nbsp;For example: if your application identifier is *addDrop*, then the <value> line would be *<value>file:$\\{user.dir}/addDrop/allowedEntities.properties</value>*.
{code}
    <bean id="allowedEntities" class="edu.mit.csf.base.configuration.CompactApacheApplicationConfiguration" init-method="init">
        <property name="locations">
            <list>
                <value>file:${user.dir}/<application identifier>/allowedEntities.properties</value>
                <value>file:${user.home}/allowedEntities.properties</value>
            </list>
        </property>
    </bean>
{code}
# create a new allowEntities.properties file and place it in either the $\{user.dir}/<application identifier> directory for apache/tomcat servers or in the $\{user.home} for OC4J servers.