Spring Security & Websphere, receive from WAS & forward to WAS
Our application has internal & external users. Internal user will login from other application server, and redirect to our application through SSO, external user will login from our application via Oracle.
I have set up successfully for internal user, by using WebSpherePreAuthenticatedProcessingFilter, so Spring security will receive user information, and open the security gates.
However when external user login from spring security login page, it tries to redirect to those pages protected by security-constraint specified in web.xml, but a windows dialog displays (using basic authenticate), how to let WAS know that the user login successfully?
here is sample for web.xml:
ApplicationContext part for spring security:Code:<security-constraint> <web-resource-collection> <web-resource-name>Open Content actions</web-resource-name> <url-pattern>/login/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>AnyUser</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Secure Content</web-resource-name> <url-pattern>*.action</url-pattern> </web-resource-collection> <auth-constraint> <role-name>AuthorizedUser</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>OMD Realm</realm-name> </login-config> <security-role> <description>The role required to access restricted content</description> <role-name>AuthorizedUser</role-name> </security-role> <security-role> <description>The role can access oepn content</description> <role-name>AnyUser</role-name> </security-role>
Code:<http auto-config="true" realm="OMD Realm"> <intercept-url pattern="/index.html*" filters="none"/> <intercept-url pattern="/images/**" filters="none"/> <intercept-url pattern="/css/**" filters="none"/> <intercept-url pattern="/script/**" filters="none"/> <intercept-url pattern="/js/**" filters="none"/> <intercept-url pattern="/styles/**" filters="none"/> <intercept-url pattern="/service/**" filters="none"/> <intercept-url pattern="/pages/login/**" filters="none"/> <intercept-url pattern="/login/**" filters="none"/> <intercept-url pattern="/common/**" filters="none"/> <intercept-url pattern="/config-browser/**" filters="none"/> <intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED"/> <form-login login-page="/login/login.action" authentication-failure-url="/login/login.action?login_error=1"/> <logout logout-url="/j_logout" logout-success-url="/login/logout.action"/> </http> <authentication-provider> <password-encoder hash="sha"/> <jdbc-user-service data-source-ref="dataSource" users-by-username-query="some sql" authorities-by-username-query="some sql" /> </authentication-provider> <!-- Automatically receives AuthenticationEvent messages --> <b:bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/> <authentication-manager alias="authenticationManager" /> <b:bean id="websphereContainerAuthenticatedFilter" class="itaf.framework.util.WebSpherePreAuthenticatedFilter"> <custom-filter position="PRE_AUTH_FILTER" /> <b:property name="authenticationManager" ref="authenticationManager" /> <b:property name="authenticationDetailsSource" ref="websphereAuthenticationDetailsSource"/> </b:bean> <b:bean id="websphereAuthenticationDetailsSource" class="org.springframework.security.ui.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource"/> <b:bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider"> <custom-authentication-provider /> <b:property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService" /> </b:bean> <b:bean id="preAuthenticatedUserDetailsService" class="org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService" /> </b:beans>
