spring security using kerberos/spnego authentication -

i have got spring security using kerberos authentication working. seems spring framework invoking kerberosserviceauthenticationprovider.userdetailsservice roles, have thought gets roles once until session invalidated. config looks

<?xml version="1.0" encoding="utf-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security"        xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"        xmlns:util="http://www.springframework.org/schema/util"        xmlns:beans="http://www.springframework.org/schema/beans"        xsi:schemalocation="http://www.springframework.org/schema/beans        http://www.springframework.org/schema/beans/spring-beans.xsd        http://www.springframework.org/schema/util        http://www.springframework.org/schema/util/spring-util-3.0.xsd        http://www.springframework.org/schema/security        http://www.springframework.org/schema/security/spring-security-3.0.xsd">      <http entry-point-ref="spnegoentrypoint" auto-config="false">         <intercept-url pattern="/login*" access="is_authenticated_anonymously" />         <intercept-url pattern="/j_spring_security_check*" access="is_authenticated_anonymously"/>      <intercept-url pattern="/**" access="is_authenticated_fully" />       <custom-filter ref="spnegoauthenticationprocessingfilter" position="basic_auth_filter" />         <form-login login-page="/login.html" default-target-url="/" always-use-default-target="true"/>    </http>     <authentication-manager alias="authenticationmanager">       <authentication-provider ref="kerberosserviceauthenticationprovider" />       <authentication-provider ref="kerberosauthenticationprovider"/>    </authentication-manager>      <beans:bean id="spnegoentrypoint"   class="org.springframework.security.extensions.kerberos.web.spnegoentrypoint" />   <beans:bean id="spnegoauthenticationprocessingfilter"   class="org.springframework.security.extensions.kerberos.web.spnegoauthenticationprocessingfilter">         <beans:property name="failurehandler">    <beans:bean class="org.springframework.security.web.authentication.exceptionmappingauthenticationfailurehandler">     <beans:property name="defaultfailureurl" value="/login.html" />                 <beans:property name="allowsessioncreation" value="true"/>    </beans:bean>   </beans:property>   <beans:property name="authenticationmanager" ref="authenticationmanager" />  </beans:bean>      <beans:bean id="kerberosserviceauthenticationprovider"   class="org.springframework.security.extensions.kerberos.kerberosserviceauthenticationprovider">   <beans:property name="ticketvalidator">    <beans:bean     class="org.springframework.security.extensions.kerberos.sunjaaskerberosticketvalidator">     <beans:property name="serviceprincipal" value="http/mywebserver.corpza.corp.co.za"/>     <beans:property name="keytablocation" value="classpath:mywebserver.keytab" />     <beans:property name="debug" value="true"/>    </beans:bean>   </beans:property>   <beans:property name="userdetailsservice" ref="dummyuserdetailsservice" />  </beans:bean>      <beans:bean id="kerberosauthenticationprovider" class="org.springframework.security.extensions.kerberos.kerberosauthenticationprovider">   <beans:property name="kerberosclient">    <beans:bean class="org.springframework.security.extensions.kerberos.sunjaaskerberosclient">     <beans:property name="debug" value="true" />    </beans:bean>   </beans:property>   <beans:property name="userdetailsservice" ref="dummyuserdetailsservice" />  </beans:bean>      <beans:bean class="org.springframework.security.extensions.kerberos.globalsunjaaskerberosconfig">   <beans:property name="debug" value="true" />   <beans:property name="krbconflocation" value="/etc/krb5.conf" />  </beans:bean>      <beans:bean id="dummyuserdetailsservice" class="main.server.dummyuserdetailsservice"/>    </beans:beans>

so dummyuserdetailsservice.loaduserbyusername(styring username) invoked each time secure page requested, loading user roles database , don't want run query each time request made, there configuration need prevent this?

thanks michael, got working extending spnegoauthenticationprocessingfilter class , overriding dofilter

public void dofilter(servletrequest req, servletresponse res, filterchain chain)              throws ioexception, servletexception {         httpservletrequest request = (httpservletrequest) req;         httpservletresponse response = (httpservletresponse) res;         if (skipifalreadyauthenticated) {             authentication existingauth = securitycontextholder.getcontext().getauthentication();             if (existingauth != null && existingauth.isauthenticated()                     && (existingauth instanceof anonymousauthenticationtoken) == false) {                 chain.dofilter(request, response);                 return;             }         }                super.dofilter(req, res, chain);     }

Search This Blog

Live

spring security using kerberos/spnego authentication -

Comments

Post a Comment

Popular posts from this blog

php - Calling a template part from a post -

Firefox SVG shape not printing when it has stroke -

How to mention the localhost in android -