Injecting a single filter into the filter chain
The situation I have is that we have internal roles to our web application that are too generic to publish externally, and we are stubbing out to allow administrators to use LDAP to define users and rights. We are providing three role names that control access to parts of the system, but these names are not the same names that our system uses internally. As an example, the global names could be GLOBAL_ADMIN, GLOBAL_USER, GLOBAL_GUEST. The matching internal names could be LOCAL_ADMIN, LOCAL_USER, LOCAL_GUEST. Nevermind that a simple rule in this case would be to replace the prefix, and assume some more complex logic needs to be applied to translate the global name to a local name.
Our existing pages already are wired for the local names, such that jsp pages have blocks of code that say: if (request.isUserInRole("LOCAL_ADMIN") { ... }
I am not changing the jsp pages right now--I'm simply replacing our current Tomcat authentication scheme with spring-security, with a possible authentication implementation of LDAP.
So what I need is a way intercept the calls to "isUserInRole", look up the global equivalent of the role name provided, and validate on the global role instead.
I think this can be done with a custom filter. I read this article here, and it has something similar to this entry:
HTML Code:
<beans:bean id="filterChainProxy"
class="org.springframework.security.web.FilterChainProxy">
<filter-chain-map path-type="ant">
<filter-chain pattern="/login.jsp*" filters="none"/>
<filter-chain pattern="/**" filters="securityContextFilter,logoutFilter,
formLoginFilter,requestCacheFilter,servletApiFilter,
anonFilter,sessionMgmtFilter,exceptionTranslator,filterSecurityInterceptor"/>
</filter-chain-map>
</beans:bean>
All I want to do is inject one filter, but this example confuses me. That is a great many filters, and some of them are custom as I see in the article. But what entry do I need to just inject a single filter that keeps the filter chain in all other ways intact?
