WAM_Integration_Training
Download
Report
Transcript WAM_Integration_Training
WAM and the Java Stack
Disclaimer
• Please ask questions
• There are hands on labs
• Prerequisites:
– Basic Java knowledge
– Basic Spring knowledge
– LDS Account Integration Training – Part 1
Outline
• WAM (Web Access Management)
• WAM integration w/o Spring Security
• WAM integration w/ Spring Security
WAM (Web Access Management)
What is WAM?
• WAM stands for Web Access Management
• Authentication
– Authentication management
– Single Sign-on
• Authorization
– Url (course-grained)
– Entitlements (fine-grained)
• http://en.wikipedia.org/wiki/Web_Access_Mana
gement
Architectural Overview of WAM
• Authentication status triggering request parameters
• ?signmein
• ?signmeout
Injected Headers
• WAM injected headers:
– https://tech.lds.org/wiki/SSO_Injected_Headers
• How the headers map with LDS Account (LDAP)
attributes:
– https://ldsteams.ldschurch.org/sites/wam/Implemen
tation%20Details/HTTP%20Headers.aspx
• Required headers
– policy-ldsaccountid
– policy-cn
Wamulator
• For complete documentation:
– http://tech.lds.org/wiki/WAMulator
• WAM Maven plugin provided to start/stop the
wamulator
– Run within LdsTech IDE
• Right click on Alm module and select Run As -> Run WAM
Emulator
– Command line (from within the Alm module)
• mvn stack-wam:run
Demo
Stack / WAM integration w/o Spring
Security
• https://code.lds.org/mavensites/stack/module.html?module=ldsaccount/stack-lds-account-wam/index.html
<filter>
<filter-name>wamContextFilter</filter-name>
<filter-class>org.lds.stack.wam.filter.WamContextFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>wamContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
WamContext
• Accessed with:
WamContextHolder.getWamContext();
• WamContexts consists of 3 main parts:
– LdsAccountDetails object
WamContextHolder.getWamContext().getLdsAccountDetails().getPreferredName();
– WamRequestProvider
WamContextHolder.getWamContext().getWamRequestProvider ().getCookieHeader();
– EntitlementService
WamContextHolder.getWamContext().getEntitlementService()….
Demo
Lab 1
https://tech.lds.org/wiki/WAM_Integration__Part_1#Lab_1
WAM and Spring Security
Why WAM and Spring Security?
• Spring Security provides
– Full featured authorization system
– Abstraction to authentication and authorization
– Allows for complex fallback authentication systems
– Facilitates proxy support
WAM Spring Security Integration
• WAM Authentication Provider
<lds-account:wam>
<lds-account:intercept-url access="hasRole('ROLE_ADMIN')" pattern="/secure/**" />
<lds-account:intercept-url access="isAuthenticated()" pattern="**" />
<lds-account:access-denied-handler error-page="/errors/accessDenied" />
<lds-account:logout />
</lds-account:wam>
<sec:authentication-manager>
<sec:authentication-provider ref="ldsAccountAuthenticationProvider" />
</sec:authentication-manager>
Demo
Spring Security and WAM authorization
• Spring provides programming tools
– Full featured EL capabilities
– Convenient annotations
– Management central to the application
• Advantages to both WAM authorizations and
Spring Security authorizations
Spring Security EntryPoint
• Simplifies WAM configuration / management
• Utilizes WAM for authentication
– User details injected if authenticated
• Allows course grained authorization to be
managed within the application
Spring Integration
Demo
Lab 2
https://tech.lds.org/wiki/WAM_Integration__Part_1#Lab_2
Conclusion
• The Stack provides full featured integration with
WAM
– With or without Spring Security
• Facilitate authorization in WAM, but has been
made easy with Spring Security
Credit Where Credit is Due
• http:// http://static.springsource.org/springsecurity/site/docs/3.1.x/reference/springsecurity
-single.html
• http://en.wikipedia.org/wiki/