Post on 18-Jan-2016
WAM and the Java Stack
Disclaimer
• This is a training NOT a presentation.– Be prepared to learn and participate in labs
• Please ask questions• Prerequisites:
– Basic Java knowledge– Basic Spring knowledge– LDS Account Integration Training – Part 1
Outline
• WAM (Web Access Management)• WAM integration w/o Spring Security• WAM integration w/ Spring Security
WAM (Web Access Management)
What is WAM?
• WAM stands for Web Access Management• Authentication
– Authentication management– Single Sign-on
• Authorization– Url (course-grained)– Entitlements (fine-grained)
• http://en.wikipedia.org/wiki/Web_Access_Management
Architectural Overview of WAM
• Authentication status triggering request parameters• ?signmein• ?signmeout
Injected Headers
• WAM injected headers:– https://tech.lds.org/wiki/SSO_Injected_Headers
• How the headers map with LDS Account (LDAP) attributes:– https://ldsteams.ldschurch.org/sites/wam/
Implementation%20Details/HTTP%20Headers.aspx• Required headers
– policy-ldsaccountid– policy-cn
Wamulator
• For complete documentation:– http://tech.lds.org/wiki/WAMulator
• WAM Maven plugin provided to start/stop the wamulator– Run within LdsTech IDE
• Right click on Alm module and select Run As -> Run WAM Emulator
– Command line (from within the Alm module)• mvn stack-wam:run
Demo
Stack / WAM integration w/o Spring Security
• https://code.lds.org/maven-sites/stack/module.html?module=lds-account/stack-lds-account-wam/index.html
<filter> <filter-name>wamContextFilter</filter-name> <filter-class>org.lds.stack.wam.filter.WamContextFilter</filter-class> </filter>
<filter-mapping> <filter-name>wamContextFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
WamContext
• Accessed with:
• WamContexts consists of 3 main parts:– LdsAccountDetails object
– WamRequestProvider
– EntitlementService
WamContextHolder.getWamContext();
WamContextHolder.getWamContext().getLdsAccountDetails().getPreferredName();
WamContextHolder.getWamContext().getWamRequestProvider ().getCookieHeader();
WamContextHolder.getWamContext().getEntitlementService()….
Demo
Lab 1
https://tech.lds.org/wiki/WAM_Integration_-_Part_1#Lab_1
WAM and Spring Security
Why WAM and Spring Security?
• Spring Security provides– Full featured authorization system– Abstraction to authentication and authorization– Allows for complex fallback authentication systems– Facilitates proxy support
WAM Spring Security Integration
• WAM Authentication Provider<lds-account:wam> <lds-account:intercept-url access="hasRole('ROLE_ADMIN')" pattern="/secure/**" /> <lds-account:intercept-url access="isAuthenticated()" pattern="**" /> <lds-account:access-denied-handler error-page="/errors/accessDenied" /> <lds-account:logout /></lds-account:wam>
<sec:authentication-manager> <sec:authentication-provider ref="ldsAccountAuthenticationProvider" /></sec:authentication-manager>
Demo
Spring Security and WAM authorization
• Spring provides programming tools– Full featured EL capabilities– Convenient annotations– Management central to the application
Spring Security EntryPoint
• Simplifies WAM configuration / management• Utilizes WAM for authentication
– User details injected if authenticated• Allows course grained authorization to be
managed within the application
Spring Integration
Demo
Lab 2
https://tech.lds.org/wiki/WAM_Integration_-_Part_1#Lab_2
Conclusion
• The Stack provides full featured integration with WAM– With or without Spring Security
• Facilitate authorization in WAM, but has been made easy with Spring Security
Credit Where Credit is Due
• http:// http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html
• http://en.wikipedia.org/wiki/