diff --git a/docs/manual/src/docbook/siteminder-auth-provider.xml b/docs/manual/src/docbook/siteminder-auth-provider.xml deleted file mode 100644 index 75480652a6..0000000000 --- a/docs/manual/src/docbook/siteminder-auth-provider.xml +++ /dev/null @@ -1,80 +0,0 @@ -Siteminder Authentication Mechanism - - -
Overview - - - Siteminder is a commercial single sign on solution by Computer - Associates. - - Spring Security provides a filter, - SiteminderUsernamePasswordAuthenticationProcessingFilter and - provider, SiteminderAuthenticationProvider that can - be used to process requests that have been pre-authenticated by - Siteminder. This filter assumes that you're using Siteminder for - authentication, and that you're using Spring - Security for authorization. The use of Siteminder - for authorization is not yet directly supported - by Spring Security. - - When using Siteminder, an agent is setup on your web server to - intercept a principal's first call to your application. The agent - redirects the web request to a single sign-on login page, and once - authenticated, your application receives the request. Inside the HTTP - request is a header - such as SM_USER - which - identifies the authenticated principal (please refer to your - organization's "single sign-on" group for header details in your - particular configuration). -
- -
Configuration - - - The first step in setting up Spring Security's Siteminder - support is to define the authentication mechanism that will inspect - the HTTP header discussed earlier. It will be responsible for - generating a UsernamePasswordAuthenticationToken - that is later sent to the - SiteminderAuthenticationProvider. Let's look at an - example: - - <bean id="authenticationProcessingFilter" - class="org.springframework.security.ui.webapp.SiteminderUsernamePasswordAuthenticationProcessingFilter"> - <property name="authenticationManager"><ref bean="authenticationManager"/></property> - <property name="authenticationFailureUrl"><value>/login.jsp?login_error=1</value></property> - <property name="defaultTargetUrl"><value>/security.do?method=getMainMenu</value></property> - <property name="filterProcessesUrl"><value>/j_spring_security_check</value></property> - <property name="siteminderUsernameHeaderKey"><value>SM_USER</value></property> - <property name="formUsernameParameterKey"><value>j_username</value></property> - </bean> - - In our example above, the bean is being provided an - AuthenticationManager, as is normally needed by - authentication mechanisms. Several URLs are also specified, with the - values being self-explanatory. It's important to also specify the HTTP - header that Spring Security should inspect. If you additionally want - to support form-based authentication (i.e. in your development - environment where Siteminder is not installed), specify the form's - username parameter as well - just don't do this in production! - - Note that you'll need a - SiteminderAuthenticationProvider - configured against your ProviderManager in order to - use the Siteminder authentication mechanism. Normally an - AuthenticationProvider expects the password - property to match what it retrieves from the - UserDetailsSource, but in this case, authentication - has already been handled by Siteminder, so password property is not - even relevant. This may sound like a security weakness, but remember - that users have to authenticate with Siteminder before your - application ever receives the requests, so the purpose of your custom - UserDetailsService should simply be to build the - complete Authentication object (ie with suitable - GrantedAuthority[]s). - - Advanced tip and word to the wise: If you additionally want to - support form-based authentication in your development environment - (where Siteminder is typically not installed), specify the form's - username parameter as well. Just don't do this in production! -
- \ No newline at end of file