Container Managed Security, Spring Security and Authentication -
i have been looking everywhere on how can implement spring security based on container managed security model. in test case, using tomcat , it's corresponding tomcat-users.xml file. issue is, cannot spring security play (meaning pass authentication on tomcat) let app server perform authentication , have spring manage role based security once authenticated. using latest spring versions, it's java config not familiar enough xml based config. have read many examples talk using preauthenticatedauthenticationprovider examples poor not mention spring documentation quite confusing imho. downloaded sample preauth code spring security git hub still cannot see how example code tied authentication tomcat performing. when run spring sample code preauth, doesn't authenticate of users in tomcat-users xml file deployed code tomcat 8. wondering if has ideas on can in order understand how spring security , authentication performed tomcat (container managed) happens?
update: appears had start scratch , authentication work app created in ide. had folder called secure, 1 folder called unsecure , mapped paths according servlet 3 spec secure , unsecure needed. had use web.xml in order contain security constraints. once tested in both tomcat 7 , 8, tried hit secure url, challenged enter id , password. please note have define path login page, mine simple jsp. had submit j_security_check , make sure use j_username , j_password field names. once knew hit secure page, started introducing spring components. involved spring security, spring boot etc. key in websecurityconfigureradapter. have basic auth or form based security enabled, removed , instead used jee() setting based on same fluent builder api used configure security settings. left antmatcher settings in web.xml, websecurityconfigureradapter basic. when debugging controllers, can inject httpservletrequest directly in method , request contains userprincipal request value containing things such user id, , roles. luck, hope helps others because painfully long me figure out such simple solution.
see update detailed explanation on solution.
Comments
Post a Comment