SEC-868: Added example siteminder config

2008-06-08 18:53:22 +00:00 · 2008-06-08 18:53:22 +00:00 · 0401dddda8
parent 358f284f42
commit 0401dddda8
1 changed files with 33 additions and 0 deletions
--- a/src/docbkx/preauth.xml
+++ b/src/docbkx/preauth.xml
@ -146,6 +146,39 @@
          detected then they could potentially choose any userame they wished.
        </para> 
      </tip>
+      <section>
+        <title>Siteminder Example Configuration</title>
+        <para>
+          A typical configuration using this filter would look like this:
+<programlisting><![CDATA[
+	<bean id="siteminderFilter"
+      class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter">
+    <security:custom-filter position="PRE_AUTH_FILTER" />
+    <property name="principalRequestHeader" value="SM_USER"/>
+    <property name="authenticationManager" ref="authenticationManager" />
+  </bean>
+
+  <bean id="preauthAuthProvider"
+      class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
+    <security:custom-authentication-provider />      
+    <property name="preAuthenticatedUserDetailsService">
+      <bean id="userDetailsServiceWrapper" 
+            class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper">
+        <property name="userDetailsService" ref="userDetailsService"/>
+      </bean>    
+    </property>
+	</bean>
+	
+	<security:authentication-manager alias="authenticationManager" />
+]]>  
+</programlisting>          
+         We've assumed here that the security namespace is being used for configuration (hence the user of the <literal>custom-filter</literal>,
+          <literal>authentication-manager</literal> and <literal>custom-authentication-provider</literal> elements (you can read more about them
+          in the <link xlink:href="ns-config">namespace chapter</link>). You would leave these out of a traditional bean configuration.
+          It's also assumed that you have added a <interfacename>UserDetailsService</interfacename> (called <quote>userDetailsService</quote>) 
+          to your configuration to load the user's roles.
+        </para>
+      </section>
    </section>
    
    <section>