Spring mvc configuration to integrate with a custom SSO authentication

1
votes

I'm failing to integrate an existing custom Single-sign-on service (for the authentication of my spring mvc application -aka. myApp-).

Once I map the spring DispatcherServlet to "/", myApp skips the authentication process against the SSO application, no matter if there's session or not.

Web.xml (Spring Configuration)

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/mvc-dispatcher-servlet.xml</param-value>
</context-param>

<!-- Spring MVC DispatcherServlet -->
<servlet>
    <servlet-name>mvc-dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>mvc-dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

Here is the configuration that I need to integrate in myApp web.xml, to integrate the SSO authentication:

Web.xml (Custom SSO Configuration)

<filter>
    <filter-name>SSOAuthenticationFilter</filter-name>
    <filter-class>custom.sso.SSOAuthenticationFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>SSOAuthenticationFilter</filter-name>
    <url-pattern>/WEB-INF/views/*</url-pattern>
</filter-mapping>

<!-- Context Params -->
<context-param>
    <param-name>myAppId</param-name>
    <param-value>65asd5a4sd65asd65a4sd65asd4</param-value>
</context-param>
<context-param>
    <param-name>loginPath</param-name>
    <param-value>login.jsp</param-value>
</context-param>
<context-param>
    <param-name>ssoAppPath</param-name>
    <param-value>http://localhost:8080/SSO_AuthenticationApp</param-value>
</context-param>

<!-- SSO Login Servlet -->
<servlet>
    <servlet-name>SSOloginServlet</servlet-name>
    <servlet-class>custom.sso.SSOLoginServlet</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>SSOloginServlet</servlet-name>
    <url-pattern>/login</url-pattern>
</servlet-mapping>

<!-- SSO properties (myAppId, ssoAppPath, loginPath) -->
<listener>
    <listener-class>custom.sso.SSOPropertiesRetriever</listener-class>
</listener>

How can I configurate spring to let the SSO servlet to do the authentication process?

I was thinking if there's a way of declaring the customSSO servlet as a bean in the spring dispatcher-servlet-config.xml?

Or maybe implementing it in a @Controller?

(My hands are tied about the sso, I'm forced to use it for the authentication, cause myApp will be just another in a family of applications login through this custom sso... I would prefer to use spring security instead).

Thanks.

EDITED:

I finally opted for a migration to Spring Boot, seems way more clear to configure a project that way.

1
springjspspring-mvcservletssingle-sign-on

1 Answers

0
votes

For the filter you can use a SpringFilter and implement the logic in a bean:

<filter>
    <filter-name>springFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>targetBeanName</param-name>
        <param-value>authenticationFilter</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>springFilter</filter-name>
    <url-pattern>/some-url</url-pattern>
</filter-mapping>

For the servlet I guess you may have to change your mappings to something that looks like the following:

<servlet>
        <servlet-name>loginServlet</servlet-name>
        <servlet-class>my.package.LoginServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>loginServlet</servlet-name>
        <url-pattern>/login</url-pattern>
    </servlet-mapping>

    <servlet>
        <servlet-name>dispatcherServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/mvc-config.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>dispatcherServlet</servlet-name>
        <url-pattern>/app/*</url-pattern>
    </servlet-mapping>

Here I'm assuming that everything goes in the same WEB.xml file