Login/Register
how to convert site minder xml configuration using Spring4 Java config
Asked Answered
javaspringannotationsspring-4siteminder
A

1

6

I am converting an old version based Spring application to annotation based Spring4 application. As a first step I converted all xmls to java configuration based annotations. The application is working fine, but the only issue is with the site minder xml configuration. I don't know how to convert the below siteminder configuration which is there in the web.xml into java based.

<login-config>
   <auth-method>CLIENT-CERT</auth-method>
   <realm-name>SiteMinderRealm</realm-name>
</login-config>

The above siteminder configuration is in web.xml,

Can anyone please tell me how to write the java based configuration for the above xml in AppInitializer.java

my web.xml and its corresponding substituted AppInitializer.java code is as shown below

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
        http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    id="WebApp_ID" version="3.0">

    <display-name>SpringWebMVCApp</display-name>
    <context-param>
        <param-name>contextClass</param-name>
        <param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
    </context-param>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>com.helloworld.config.AppConfig</param-value>
    </context-param>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <servlet>
        <servlet-name>DispatcherServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextClass</param-name>
            <param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>DispatcherServlet</servlet-name>
        <url-pattern>/rest/</url-pattern>
    </servlet-mapping>

    <login-config>
        <auth-method>CLIENT-CERT</auth-method>
        <realm-name>SiteMinderRealm</realm-name>
    </login-config>
</web-app>

AppInitializer.java

public class AppInitializer implements WebApplicationInitializer {
    @Override
    public void onStartup(ServletContext servletContext) throws ServletException {
        WebApplicationContext context = getContext();
        servletContext.addListener(new ContextLoaderListener(context));
        ServletRegistration.Dynamic dispatcher = servletContext.addServlet("DispatcherServlet", new DispatcherServlet(context));
        dispatcher.setLoadOnStartup(1);
        dispatcher.addMapping("/rest/");
    }

    private AnnotationConfigWebApplicationContext getContext() {
        AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
        context.register(AppConfig.class);
        return context;
    }
}

Update 1

public class AppInitializer extends WebSecurityConfigurerAdapter implements WebApplicationInitializer {
    @Override
    public void onStartup(ServletContext servletContext) throws ServletException {
        WebApplicationContext context = getContext();
        servletContext.addListener(new ContextLoaderListener(context));
        ServletRegistration.Dynamic dispatcher = servletContext.addServlet("DispatcherServlet", new DispatcherServlet(context));
        dispatcher.setLoadOnStartup(1);
        dispatcher.addMapping("/rest/");
    }

    private AnnotationConfigWebApplicationContext getContext() {
        AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
        context.register(AppConfig.class);
        return context;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
       http.httpBasic().realmName("SiteMinderRealm").and().x509();
    }

}
Agan answered 8/9, 2015 at 10:49 Comment(9)
Why do you have both a web.xml and a WebApplicationInitializer? Which aren't even the same?Mot
@M.Deinum I am using only WebApplicationInitializer not web.xml, web.xml shown which is from my old spring application, which I am trying to convert to spring4 java config, Only thing is that I dont know how to convert those siteminder stuff to java configAgan
For login-config there is no java equivalent, that is left out of the java servlet spec not sure why. You would need both a web.xml (for the login-config) and Java stuff you have for configuration Spring (Although I would suggest extendingAbstractAnnotationConfigDispatcherServletInitializer).Mot
What isn't clear about there is no java equivalent? So no there is no work around...Mot
so we have to use only xmlAgan
No... As I mentioned use a web.xml for the login-config and there rest can be in java config. You can mix and match...Mot
can we give some other name instead of web.xml and call within java configAgan
Obviously no as the name is dictated by the servlet spec.Mot
:(................. then its better I can use xml rather than java configAgan
J
5

Did you try configuring this on the WebSecurityConfigurerAdapter? Something like this:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
   http.httpBasic().realmName("SiteMinderRealm").and().x509();
   }
}
Jana answered 15/9, 2015 at 18:54 Comment(7)
do we not to mention auth-method in thatAgan
x509() is same as <auth-method>CLIENT-CERT</auth-method> if I'm not mistaken.Jana
can you take a look at my Update1 , that is how I have doneAgan
Did you make sure configure(HttpSecurity http) is getting called? Try to log a message in it and see if it's running on startup. If it doesn't run you might need @Configuration @EnableWebSecurity at the top of the class.Jana
is my update1 correct, can we integrate this in AppInitializerAgan
Security Config is usually a separate class from Initializer. I added annotations to my post.Jana
still its not enteringAgan

© 2022 - 2024 — McMap. All rights reserved.