Hi,
I am using spring-flex 1.0.2 and spring-security 2.0.4 with spring 2.5.6 and I'm having some troubles to enable security for my Secure AMF channel.
Here's what I have:
flex/services-config.xml
Code:
...
<services>
<default-channels>
<channel ref="my-amf" />
</default-channels>
</services>
...
As you may have noticed, I didn't add the security tag ...
flex-servlet.xml
Code:
...
<flex:message-broker>
<flex:message-service default-channels="my-amf" />
<flex:secured>
<!-- The path is taken by default -->
<flex:secured-endpoint-path access="AnyRole"/>
</flex:secured>
</flex:message-broker>
<flex:remoting-destination ref="reportsService" />
...
- My First Question is
This AnyRole that I added there must be a GrantedAuthority right?
security-config.xml
Code:
<security:global-method-security secured-annotations="enabled">
</security:global-method-security>
<http entry-point-ref="preAuthenticatedProcessingFilterEntryPoint" />
<beans:bean id="preAuthenticatedProcessingFilterEntryPoint"
class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" />
<beans:bean id="preAuthenticatedProcessingFilter"
class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter">
<custom-filter position="PRE_AUTH_FILTER" />
<beans:property name="principalRequestHeader" value="SOME_HTTP_HEADER_ATT_NAME" />
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<authentication-manager alias="authenticationManager" />
<beans:bean id="preauthAuthProvider"
class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
<security:custom-authentication-provider />
<beans:property name="preAuthenticatedUserDetailsService">
<beans:bean id="userDetailsServiceWrapper"
class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper">
<beans:property name="userDetailsService" ref="myUserDetailsService" />
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="myUserDetailsService" class="com.SOMETHING.security.EbcmUserDetailsServiceImpl">
<beans:property name="personDao" ref="personDao" />
</beans:bean>
<beans:bean id="loginCommand" class="org.springframework.flex.SpringSecurityLoginCommand" >
<beans:constructor-arg ref="authenticationManager" />
</beans:bean>
I implemented my own UserDetailsService, which based on the value got from the HTTP header (left by a Single Sign On implementation authentication mechanism) checks if the user exists in our own database, and loads all the GrantedAuthorities.
When I try to deploy my application under Weblogic 10.x (the app server we are using), I get this exception:
Code:
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_messageBroker': Cannot resolve reference to bean '_messageBr
okerLoginCommand' while setting bean property 'configProcessors' with key [2]; nested exception is org.springframework.beans.factory.BeanCreationException: Erro
r creating bean with name '_messageBrokerLoginCommand': Cannot resolve reference to bean '_authenticationManager' while setting constructor argument; nested exc
eption is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named '_authenticationManager' is defined
- Why am I getting this exception when the LogginCommand (in security-config) says that I'm using authenticationManager and not _authenticationManager?
- Do I have to add the security tag in services-config.xml?
- Do I have to change something in my flex-servlet.xml?
- What am I missing?
I've read the following links:
Integration with Spring-Security - SSO
Reply With Quote
