You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by yferahi <yf...@yahoo.com> on 2010/09/29 16:55:35 UTC
Re: wicket-auth-roles and spring security 3.x
Hi James,
I am trying to migrate your Wicket-advanced example to use Spring Security 3
and the Pre-authentication scheme (Letting SiteMinder do the
authentication).
Since it is in development mode, I configured a filter to mock siteMinder by
setting some headers (SM_User, SM_Role)..
I have changed the security context xml file as follow:
When I execute the application, I can see the spring security in action
(getting headers from SiteMinder -filter- and authentication,) I get to the
home page file.
However, any link I click on from the home page will take me back to the
home page..
Appreciate any insights
thanks
Youcef
<context:annotation-config />
<context:spring-configured />
<bean id="springSecurityFilterChain"
class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/**" filters="scpf,siteminderFilter" />
</security:filter-chain-map>
</bean>
<bean id="scpf"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<property name="forceEagerSessionCreation" value="true" />
</bean>
<security:global-method-security secured-annotations="enabled" />
<bean id="siteminderFilter"
class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
<property name="principalRequestHeader" value="SM_USER" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationDetailsSource"
ref="MyWebAuthenticationDetailsSource" />
<!-- the filter chain will not proceed when an authentication attempt
fails -->
<property name="continueFilterChainOnUnsuccessfulAuthentication"
value="false" />
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="preAuthenticatedAuthenticationProvider" />
</security:authentication-manager>
<bean id="preAuthenticatedAuthenticationProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService"
ref="preAuthenticatedUserDetailsService" />
</bean>
<bean id="preAuthenticatedUserDetailsService"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"
/>
<bean id="MyWebAuthenticationDetailsSource"
class="org.springframework.security.web.authentication.WebAuthenticationDetailsSource">
<property name="clazz"
value="wicket.common.security.siteminder.MyPreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails"
/>
</bean>
</beans>
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-auth-roles-and-spring-security-2-x-tp1844462p2719180.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org