Hi, I am new to acegi-siteminder integration. I've had acegi working
in my app for some time, but it's always been using a form.
Now I want to integrate with an existing Siteminder service.
Here are the changes I want to make:
1) My application will no longer need to provide an authentication
(login) form, so I want to do away with that option.
2) I can guarantee that the user will be authenticated with Siteminder
before ever reaching my app. However, the user ID in the headers is
not "sm_user", it's "akoid". Also there is no password needed
anymore. If Acegi can see the value of akoid, I want Acegi to use my
JdbcDaoImpl implementation to pull the user from the database, if he
exists.
Here is part of my acegi config:
<!-- ===================== USING SITEMINDER ==================== -->
<bean id="SSOauthenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.SiteminderAuthenticationProcessingFilter">
<property name="authenticationManager"
ref="authenticationManager" />
<property name="authenticationFailureUrl"
value="/authentication/LoginFailure" />
<property name="defaultTargetUrl" value="/Start" />
<property name="filterProcessesUrl"
value="/j_acegi_security_check" />
<property name="siteminderUsernameHeaderKey" value="SM_USER" />
<property name="siteminderPasswordHeaderKey" value="SM_USER" />
</bean>
I should be able to change the lines to:
<property name="siteminderUsernameHeaderKey" value="akoid" />
<property name="siteminderPasswordHeaderKey" value="akoid" />
To make it work, correct? I don't have a need for password anymore.
This is the code for my JdbcDaoImpl implementation's loadUserByUsername():
@Override
public UserDetails loadUserByUsername(String akoid) {
logger.info("********** SSO AUTHENTICATION:
loadUserByUsername("+akoid+")");
akoid=akoid.toLowerCase();
try {
logger.info("********** SSO AUTHENTICATION: started for
username
'"+akoid+"'");
UserDetails user = super.loadUserByUsername(akoid);
Session session = sessionFactory.openSession();
for (int i = 0; i < userInfoObjectTypes.length; i++) {
Object userInfo = session.createQuery(
"from " + userInfoObjectTypes[i]
+ " where
username = '" + akoid + "'")
.uniqueResult();
if (userInfo != null) {
CustomUser cu = new
CustomUser(user.getUsername(), user
.getPassword(),
user.isEnabled(), user
.getAuthorities(),
userInfo);
return cu;
}
}
CustomUser cu = new CustomUser(user.getUsername(), user
.getPassword(), user.isEnabled(),
user.getAuthorities());
return cu;
} catch (UsernameNotFoundException ex1) {
logger.error("********** SSO AUTHENTICATION: User Not
Found");
throw ex1;
} catch (DataAccessException ex2) {
logger.error("********** SSO AUTHENTICATION: Data
Access Exception");
ex2.printStackTrace();
throw ex2;
}
}
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
