modify preauth, to siteminder-urgent help

Hi i am trying to combine features of pre-auth example, with siteminder example given in reference implementation.

I would be greatefull if you could let me know where i have made mistake in configuring xml below

I am trying to retrieve header variable, which has user details and get corresponding roles from web.xml

Code:

<?xml version="1.0" encoding="UTF-8"?>  <beans xmlns="http://www.springframework.org/schema/beans" xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd"> <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy"> <sec:filter-chain-map path-type="ant"> <sec:filter-chain pattern="/**" filters="sif,siteminderFilter,logoutFilter,etf,fsi"/> </sec:filter-chain-map> </bean>  <bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/> <sec:authentication-manager alias="authenticationManager" /> <bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.authentication.preauth.PreAuthenticatedAuthenticationProvider"> <sec:custom-authentication-provider /> <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/> </bean> <bean id="preAuthenticatedUserDetailsService" class="org.springframework.security.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>   <bean id="siteminderFilter" class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter"> <sec:custom-filter position="PRE_AUTH_FILTER" /> <property name="principalRequestHeader" value="SM_USER"/> <property name="authenticationManager" ref="authenticationManager" />  </bean> <bean id="preAuthenticatedProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint"/> <bean id="logoutFilter" class="org.springframework.security.web.logout.LogoutFilter"> <constructor-arg value="/"/> <constructor-arg> <list> <bean class="org.springframework.security.web.logout.SecurityContextLogoutHandler"/> </list> </constructor-arg> </bean> <bean id="authenticationDetailsSource" class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"> <property name="mappableRolesRetriever" ref="j2eeMappableRolesRetriever"/> <property name="userRoles2GrantedAuthoritiesMapper" ref="j2eeUserRoles2GrantedAuthoritiesMapper"/> </bean> <bean id="j2eeUserRoles2GrantedAuthoritiesMapper" class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper"> <property name="convertAttributeToUpperCase" value="true"/> </bean> <bean id="j2eeMappableRolesRetriever" class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever"> <property name="webXmlInputStream"><bean factory-bean="webXmlResource" factory-method="getInputStream"/> </property> </bean> <bean id="webXmlResource" class="org.springframework.web.context.support.ServletContextResource"> <constructor-arg ref="servletContext"/> <constructor-arg value="/WEB-INF/web.xml"/> </bean> <bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/> <bean id="etf" class="org.springframework.security.web.ExceptionTranslationFilter"> <property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/> </bean> <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions" value="false"/> <property name="decisionVoters"> <list> <ref bean="roleVoter"/> </list> </property> </bean> <bean id="fsi" class="org.springframework.security.web.intercept.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/> <property name="securityMetadataSource"> <sec:filter-invocation-definition-source> <sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/> <sec:intercept-url pattern="/secure/**" access="ROLE_USER"/> <sec:intercept-url pattern="/**" access="ROLE_USER"/> </sec:filter-invocation-definition-source> </property> </bean> <bean id="preauthAuthProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider"> <sec:custom-authentication-provider /> <property name="preAuthenticatedUserDetailsService"> <bean id="userDetailsServiceWrapper" class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper"> <property name="userDetailsService" ref="authenticationDetailsSource"/> </bean> </property> </bean> <bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/> <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter"> <property name="wrapperClass" value="org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestWrapper"/> </bean> </beans>

I did following modification to pre-auth xml



Code:

<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy"> <sec:filter-chain-map path-type="ant"> <sec:filter-chain pattern="/**" filters="sif,siteminderFilter,logoutFilter,etf,fsi"/> </sec:filter-chain-map> </bean>



Code:

<bean id="siteminderFilter" class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter"> <sec:custom-filter position="PRE_AUTH_FILTER" /> <property name="principalRequestHeader" value="SM_USER"/> <property name="authenticationManager" ref="authenticationManager" />  </bean>

In the logs in see i get this error

Code:

INFO: Initializing Spring root WebApplicationContext 22-Apr-2009 14:27:05 org.apache.catalina.core.StandardContext listenerStart SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterChainProxy' defined in ServletContext resource [/WEB-INF/applicationContext-security.xml]: Cannot resolve reference to bean 'siteminderFilter' while setting bean property 'filterChainMap' with key [/**] with key [1]; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter] for bean with name 'siteminderFilter' defined in ServletContext resource [/WEB-INF/applicationContext-security.xml]; nested exception is java.lang.ClassNotFoundException: org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:288) at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:103)

Just a guess, but you might not need the 'sec:filter-chain-map' entries in your filterChainProxy bean definition. I believe the <sec:custom-filter position="PRE_AUTH_FILTER" /> reference in the siteminderFilter bean definition will handle this for you. This may be causing the error you are seeing, since it looks like it can't create the filterChainProxy bean.

Also you might want to look into using the security namespace to configure more of the security (the tages you have prefixed with <sec:...). It can handle much of the routine config and then you only need to add in the non-routine items (like the siteminderFilter bean). I have used it before and it saves you a lot of configuration.