• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Rob Spoor
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Holloway
  • Piet Souris
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Frits Walraven
  • Himai Minh

Spring boot - Preauthentication with jboss security domain

 
Ranch Hand
Posts: 81
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We are trying to authenticate our REST api using LDAP. We have ldap security-domain configured in our jboss EAP. There must be a way to tell spring's PreAuthenticatedAuthenticationProviders that the user is already authenticated by another system (LDAP w/JBoss security-domain & the jboss-web.xml has the security-domain specified in it). Here is the code snippet.

 
This kind of configuration was working in EJB with @RolesAllowed annotation and we are trying to make this work in our spring boot app.
 
Saloon Keeper
Posts: 24214
167
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The technical term for this is Single Signon (SSO).  Traditionally, this was something that Tomcat would do using a third-party Realm, and I think that there was one from Carnegie-Mellon University that was popular.

But when I checked, it seems that Tomcat added a Valve-based SSO mechanism somewhere around Tomcat 8. I'm not sure if it's as universal as the aforementioned, but it may be of use, since it apparently can interact with JBoss 5, if not later WildFly reeleases. See https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/5/html/http_connectors_load_balancing_guide/clustering-http-sso

Note that this is a base-level Tomcat configuration thing and I'm so sure what you'd do to make it play nicely with Spring Security.

It's based on a shared cookie, so I'm also unclear if that would be a problem for ReST.
 
What are you doing in my house? Get 'em tiny ad!
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic