Initial support for Spring Security in Apache CXF Fediz added
New features are going to be added in the next version 1.1. The next feature ready for testing is the support for Spring Security for version 3.1
You can either download the sources here:
git clone git://git.apache.org/cxf-fediz.git
or
svn co https://svn.apache.org/repos/asf/cxf/fediz/trunk
or download it from the snapshot maven repository.
The Fediz Spring Plugin supports integration with the Spring Pre-Authentication scenario as described here.
A new example springPreauthWebapp has been added to the distribution to show this.
I'd like to highlight two things.
1) You can get access to the Spring Security Context like this:
SecurityContextHolder.getContext().getAuthentication();
The Authentication interfaces provides the following methods.
| Method | Class | Description |
| getCredentials | Element | Issues Security Token (ex. SAML Assertion) |
| getDetails | PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails | >Authentication details like IP, Session ID |
| getName | String | Authenticated user name |
| getAuthorities | Collection<? extends GrantedAuthority> | List of roles |
| getPrincipal | FederationUser | Extends the standard Spring User class with method getClaims() |
Here is an example where the information of the Authentication object is logged:
getCredentials: [saml2:Assertion: null]
getDetails: org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails@1c07a: RemoteIpAddress: 127.0.0.1; SessionId: go3xw6sxzqr5w02gn85elfgv; [ROLE_USER]
getName: alice
getAuthorities: [ROLE_USER]
getPrincipal: org.apache.cxf.fediz.spring.FederationUser@5899680: Username: alice; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER
2) You can define rules who can access which resource as illustrated in the following snippet of applicationContext-security.xml of the new example springPreauthWebapp
Please post feedback and ideas to the CXF mailing list or the JIRA task FEDIZ-38 and FEDIZ-39.
Apache CXF Fediz is a subproject of Apache CXF. Fediz helps you to secure your web applications and delegate security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. The supported standard is WS-Federation Passive Requestor Profile.
Thank you for all support and feedback!
