WAM and the Java Stack
description
Transcript of WAM and the Java Stack
![Page 1: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/1.jpg)
WAM and the Java Stack
![Page 2: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/2.jpg)
Disclaimer
• This is a training NOT a presentation.– Be prepared to learn and participate in labs
• Please ask questions• Prerequisites:
– Basic Java knowledge– Basic Spring knowledge– LDS Account Integration Training – Part 1
![Page 3: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/3.jpg)
Outline
• Spring Security and Authorization
• WAM (Web Access Management)• WAM integration w/o Spring Security• WAM integration w/ Spring Security
![Page 4: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/4.jpg)
Review
• Authentication vs. Authorization• Previously discussed authentication with Spring
Security• Now focus on authorization with Spring Security
![Page 5: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/5.jpg)
Authorization with Spring Security
• http://static.springsource.org/spring-security/site/features.html– Comprehensive Authorization Services
• HTTP requests authorization (securing urls)• @PreAuthorize annotation
![Page 6: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/6.jpg)
Protecting Urls
• Example of protecting urls<sec:http security="none" pattern="/errors/accessDenied*"/>
<sec:http> <sec:intercept-url access="hasRole('ROLE_ADMIN')" pattern="/secure/**" /> <sec:intercept-url access="isAuthenticated()" pattern="**" />
<sec:access-denied-handler error-page="/errors/accessDenied" /></sec:http>
![Page 7: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/7.jpg)
????
• Fine grained authorization<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %><sec:authorize access="hasRole(‘ROLE_CHICKEN')"> Content only visible to users who have the “chicken" authority in their list of GrantedAuthority(s). </sec:authorize><sec:authorize url="/chicken"> Content only visible to users authorized to send requests to the "/chicken" URL. </sec:authorize>
![Page 8: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/8.jpg)
@PreAuthorize annotation
• Scanning enabled with following element:
• Some examples:
<sec:global-method-security pre-post-annotations="enabled"/>
@PreAuthorize("hasRole('ROLE_ADMIN')") public void create(User newUser);
@PreAuthorize("#user.username == authentication.username") public void doSomething(User user);
![Page 9: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/9.jpg)
• <lds-account:authorities-populators > </lds-account:authorities-populators> •
![Page 10: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/10.jpg)
Authorities Populators
• http://code.lds.org/maven-sites/stack/module.html?module=lds-account/stack-lds-account-spring/index.html#Authorities_Populators
• Example<lds-account:authorities-populators include-defaults="false"> <lds-account:member /> <lds-account:workforce /> <lds-account:role name="ROLE_USER" /> <lds-account:custom ref="customAuthoritiesPopulator"/> </lds-account:authorities-populators>
TODO: show example of specifying on a authentication element
![Page 11: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/11.jpg)
Demo
![Page 12: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/12.jpg)
WAM (Web Access Management)
![Page 13: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/13.jpg)
What is WAM?
• WAM stands for Web Access Management• Authentication
– Authentication management– Single Sign-on
• Authorization– Url (course-grained)– Entitlements (fine-grained)
![Page 14: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/14.jpg)
Architectural Overview of WAM
![Page 15: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/15.jpg)
Injected Headers
• WAM injected headers:– https://tech.lds.org/wiki/SSO_Injected_Headers
• How the headers map with LDS Account (LDAP) attributes:– https://ldsteams.ldschurch.org/sites/wam/
Implementation%20Details/HTTP%20Headers.aspx• Required headers
– policy-ldsaccountid– policy-cn
![Page 16: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/16.jpg)
Wamulator
• For complete documentation:– http://tech.lds.org/wiki/WAMulator
• WAM Maven plugin provided to start/stop the wamulator
![Page 17: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/17.jpg)
Demo
![Page 18: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/18.jpg)
Stack / WAM integration w/o Spring Security• code.lds.org/maven-sites/stack/module.html?
module=lds-account/stack-lds-account-wam/index.html#Configuration
<filter> <filter-name>wamContextFilter</filter-name> <filter-class>org.lds.stack.wam.filter.WamContextFilter</filter-class> </filter>
<filter-mapping> <filter-name>wamContextFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
![Page 19: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/19.jpg)
WamContext
• Accessed with:
• WamContexts consists of 3 main parts:– LdsAccountDetails object
– WamRequestProvider
– EntitlementService
WamContextHolder.getWamContext();
WamContextHolder.getWamContext().getLdsAccountDetails().getPreferredName();
WamContextHolder.getWamContext().getWamRequestProvider ().getCookieHeader();
WamContextHolder.getWamContext().getEntitlementService()….
![Page 20: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/20.jpg)
Demo
![Page 21: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/21.jpg)
Lab 1
https://tech.lds.org/wiki/WAM_Integration_-_Part_1#Lab_1
![Page 22: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/22.jpg)
WAM and Spring Security
![Page 23: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/23.jpg)
Why WAM and Spring Security?
• Spring Security provides– Full featured authorization system– Abstraction to authentication and authorization– Allows for complex fallback authentication systems– Facilitates proxy support
![Page 24: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/24.jpg)
WAM Spring Security Integration
• Integration point<lds-account:wam ><intercept url TODO…</lds-acount:wam>
<sec:authentication-manager> <sec:authentication-provider ref="ldsAccountAuthenticationProvider" /></sec:authentication-manager>
![Page 25: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/25.jpg)
Demo
![Page 26: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/26.jpg)
Spring Security and WAM authorization
• Spring provides programming tools– Full featured EL capabilities– Convenient annotations– Management central to the application
![Page 27: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/27.jpg)
Spring Security EntryPoint
• Simplifies WAM configuration / management• Utilizes WAM for authentication
– User details injected if authenticated• Allows course grained authorization to be
managed within the application
![Page 28: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/28.jpg)
Spring Integration
![Page 29: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/29.jpg)
Demo
![Page 30: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/30.jpg)
Lab 2
https://tech.lds.org/wiki/WAM_Integration_-_Part_1#Lab_2
![Page 31: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/31.jpg)
Conclusion
• LDS Account rocks!• The Java Stack integration with LDS Account and
Spring Security rocks!
![Page 32: WAM and the Java Stack](https://reader036.fdocuments.us/reader036/viewer/2022081419/56816717550346895ddb86ab/html5/thumbnails/32.jpg)
Credit Where Credit is Due
• http:// http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html
• Spring Security 3 – by Peter Mularien• http://en.wikipedia.org/wiki/