1 / 32

WAM and the Java Stack

WAM and the Java Stack. Disclaimer. This is a training NOT a presentation. Be prepared to learn and participate in labs Please ask questions Prerequisites: Basic Java knowledge Basic Spring knowledge LDS Account Integration Training – Part 1. Outline. Spring Security and Authorization

keith
Download Presentation

WAM and the Java Stack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. WAM and the Java Stack

  2. Disclaimer • This is a training NOT a presentation. • Be prepared to learn and participate in labs • Please ask questions • Prerequisites: • Basic Java knowledge • Basic Spring knowledge • LDS Account Integration Training – Part 1

  3. Outline • Spring Security and Authorization • WAM (Web Access Management) • WAM integration w/o Spring Security • WAM integration w/ Spring Security

  4. Review • Authentication vs. Authorization • Previously discussed authentication with Spring Security • Now focus on authorization with Spring Security

  5. Authorization with Spring Security • http://static.springsource.org/spring-security/site/features.html • Comprehensive Authorization Services • HTTP requests authorization (securing urls) • @PreAuthorizeannotation

  6. Protecting Urls • Example of protecting urls <sec:http security="none" pattern="/errors/accessDenied*"/> <sec:http> <sec:intercept-url access="hasRole('ROLE_ADMIN')" pattern="/secure/**" /> <sec:intercept-url access="isAuthenticated()" pattern="**" /> <sec:access-denied-handler error-page="/errors/accessDenied" /> </sec:http>

  7. ???? • Fine grained authorization <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %> <sec:authorize access="hasRole(‘ROLE_CHICKEN')"> Content only visible to users who have the “chicken" authority in their list of GrantedAuthority(s). </sec:authorize> <sec:authorizeurl="/chicken"> Content only visible to users authorized to send requests to the "/chicken" URL. </sec:authorize>

  8. @PreAuthorize annotation • Scanning enabled with following element: • Some examples: <sec:global-method-security pre-post-annotations="enabled"/> @PreAuthorize("hasRole('ROLE_ADMIN')") public void create(User newUser); @PreAuthorize("#user.username == authentication.username") public void doSomething(User user);

  9. <lds-account:authorities-populators > </lds-account:authorities-populators>

  10. Authorities Populators • http://code.lds.org/maven-sites/stack/module.html?module=lds-account/stack-lds-account-spring/index.html#Authorities_Populators • Example <lds-account:authorities-populatorsinclude-defaults="false"> <lds-account:member/> <lds-account:workforce/> <lds-account:role name="ROLE_USER" /> <lds-account:custom ref="customAuthoritiesPopulator"/> </lds-account:authorities-populators> TODO: show example of specifying on a authentication element

  11. Demo

  12. WAM (Web Access Management)

  13. What is WAM? • WAM stands for Web Access Management • Authentication • Authentication management • Single Sign-on • Authorization • Url (course-grained) • Entitlements (fine-grained)

  14. Architectural Overview of WAM

  15. Injected Headers • WAM injected headers: • https://tech.lds.org/wiki/SSO_Injected_Headers • How the headers map with LDS Account (LDAP) attributes: • https://ldsteams.ldschurch.org/sites/wam/Implementation%20Details/HTTP%20Headers.aspx • Required headers • policy-ldsaccountid • policy-cn

  16. Wamulator • For complete documentation: • http://tech.lds.org/wiki/WAMulator • WAM Maven plugin provided to start/stop the wamulator

  17. Demo

  18. Stack / WAM integration w/o Spring Security • code.lds.org/maven-sites/stack/module.html?module=lds-account/stack-lds-account-wam/index.html#Configuration <filter> <filter-name>wamContextFilter</filter-name> <filter-class>org.lds.stack.wam.filter.WamContextFilter</filter-class> </filter> <filter-mapping> <filter-name>wamContextFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>

  19. WamContext • Accessed with: • WamContexts consists of 3 main parts: • LdsAccountDetails object • WamRequestProvider • EntitlementService WamContextHolder.getWamContext(); WamContextHolder.getWamContext().getLdsAccountDetails().getPreferredName(); WamContextHolder.getWamContext().getWamRequestProvider ().getCookieHeader(); WamContextHolder.getWamContext().getEntitlementService()….

  20. Demo

  21. Lab 1 https://tech.lds.org/wiki/WAM_Integration_-_Part_1#Lab_1

  22. WAM and Spring Security

  23. Why WAM and Spring Security? • Spring Security provides • Full featured authorization system • Abstraction to authentication and authorization • Allows for complex fallback authentication systems • Facilitates proxy support

  24. WAM Spring Security Integration • Integration point <lds-account:wam> <intercept url TODO … </lds-acount:wam> <sec:authentication-manager> <sec:authentication-provider ref="ldsAccountAuthenticationProvider" /> </sec:authentication-manager>

  25. Demo

  26. Spring Security and WAM authorization • Spring provides programming tools • Full featured EL capabilities • Convenient annotations • Management central to the application

  27. Spring Security EntryPoint • Simplifies WAM configuration / management • Utilizes WAM for authentication • User details injected if authenticated • Allows course grained authorization to be managed within the application

  28. Spring Integration

  29. Demo

  30. Lab 2 https://tech.lds.org/wiki/WAM_Integration_-_Part_1#Lab_2

  31. Conclusion • LDS Account rocks! • The Java Stack integration with LDS Account and Spring Security rocks!

  32. Credit Where Credit is Due • http:// http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html • Spring Security 3 – by Peter Mularien • http://en.wikipedia.org/wiki/

More Related