240 likes | 418 Views
WAM and the Java Stack. Disclaimer. Please ask questions There are hands on labs Prerequisites: Basic Java knowledge Basic Spring knowledge LDS Account Integration Training – Part 1. Outline. WAM (Web Access Management) WAM integration w/o Spring Security
E N D
Disclaimer • Please ask questions • There are hands on labs • Prerequisites: • Basic Java knowledge • Basic Spring knowledge • LDS Account Integration Training – Part 1
Outline • WAM (Web Access Management) • WAM integration w/o Spring Security • WAM integration w/ Spring Security
What is WAM? • WAM stands for Web Access Management • Authentication • Authentication management • Single Sign-on • Authorization • Url (course-grained) • Entitlements (fine-grained) • http://en.wikipedia.org/wiki/Web_Access_Management
Architectural Overview of WAM • Authentication status triggering request parameters • ?signmein • ?signmeout
Injected Headers • WAM injected headers: • https://tech.lds.org/wiki/SSO_Injected_Headers • How the headers map with LDS Account (LDAP) attributes: • https://ldsteams.ldschurch.org/sites/wam/Implementation%20Details/HTTP%20Headers.aspx • Required headers • policy-ldsaccountid • policy-cn
Wamulator • For complete documentation: • http://tech.lds.org/wiki/WAMulator • WAM Maven plugin provided to start/stop the wamulator • Run within LdsTech IDE • Right click on Alm module and select Run As -> Run WAM Emulator • Command line (from within the Alm module) • mvn stack-wam:run
Stack / WAM integration w/o Spring Security • https://code.lds.org/maven-sites/stack/module.html?module=lds-account/stack-lds-account-wam/index.html <filter> <filter-name>wamContextFilter</filter-name> <filter-class>org.lds.stack.wam.filter.WamContextFilter</filter-class> </filter> <filter-mapping> <filter-name>wamContextFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
WamContext • Accessed with: • WamContexts consists of 3 main parts: • LdsAccountDetails object • WamRequestProvider • EntitlementService WamContextHolder.getWamContext(); WamContextHolder.getWamContext().getLdsAccountDetails().getPreferredName(); WamContextHolder.getWamContext().getWamRequestProvider ().getCookieHeader(); WamContextHolder.getWamContext().getEntitlementService()….
Lab 1 https://tech.lds.org/wiki/WAM_Integration_-_Part_1#Lab_1
Why WAM and Spring Security? • Spring Security provides • Full featured authorization system • Abstraction to authentication and authorization • Allows for complex fallback authentication systems • Facilitates proxy support
WAM Spring Security Integration • WAM Authentication Provider <lds-account:wam> <lds-account:intercept-url access="hasRole('ROLE_ADMIN')" pattern="/secure/**" /> <lds-account:intercept-url access="isAuthenticated()" pattern="**" /> <lds-account:access-denied-handler error-page="/errors/accessDenied" /> <lds-account:logout/> </lds-account:wam> <sec:authentication-manager> <sec:authentication-provider ref="ldsAccountAuthenticationProvider" /> </sec:authentication-manager>
Spring Security and WAM authorization • Spring provides programming tools • Full featured EL capabilities • Convenient annotations • Management central to the application • Advantages to both WAM authorizations and Spring Security authorizations
Spring Security EntryPoint • Simplifies WAM configuration / management • Utilizes WAM for authentication • User details injected if authenticated • Allows course grained authorization to be managed within the application
Lab 2 https://tech.lds.org/wiki/WAM_Integration_-_Part_1#Lab_2
Conclusion • The Stack provides full featured integration with WAM • With or without Spring Security • Facilitate authorization in WAM, but has been made easy with Spring Security
Credit Where Credit is Due • http:// http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html • http://en.wikipedia.org/wiki/