I was wondering if I can combine pre-authentication with LDAP for user details and authorities. I assume yes because Spring Security is prepared to handle a myriad of security infrastructures.
Our setup is IIS -> Tomat -> Spring Security (SS). Hence, once the request reaches SS it has its remoteUser and principal set - SS considers it pre-authenticated. However, I need an LDAP lookup (bind with a system account) for
- user details attributes
- group memberships (Active Directory) transformed to SS authorities
Pre-authentication is pretty straight-forward.
However, I'm not quite sure how to configure LDAP - based on http://static.springsource.org/sprin...ence/ldap.html - because I need no password comparison or the like as the user is pre-authenticated.
<security:custom-filter position="PRE_AUTH_FILTER" ref="preAutenticatedProcessingFilter" />
<!-- Security Filter for J2EE (ie. getPrincipal) -->
<bean id="preAutenticatedProcessingFilter" class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
<!-- property is not used in class but in AbstractPreAuthenticatedProcessingFilter super class -->
<property name="authenticationManager" ref="authenticationManager" />