Changing Spring Security configuration

Question

We have a typical requirement in our application.

We have two Spring Security configurations: 1. CAS Server 2. LDAP (NTLM)

So, now we need to check whether the CAS server is available or not and use either CAS or LDAP security configuration based on CAS server availability.

I was trying to dynamically change the Entrypoint url, however, both the config files are using different beans/classes.

Is there any other way to achieve this?

Please let me know how if we can achieve this and how?

Thanks in advance.

Raj

Answer 1

You could create a DelegatingAuthenticationEntryPoint that would delegate to the standard CasAuthenticationEntryPoint if the CAS Server was up or otherwise delegate to the LoginUrlAuthenticationEntryPoint. The implementation would look something like the following

public class DelegatingAuthenticationEntryPoint implements AuthenticationEntryPoint {
    private AuthenticationEntryPoint casAuthenticationEntryPoint;
    private AuthenticationEntryPoint ldapAuthenticationEntryPoint;

    public DelegatingAuthenticationEntryPoint(AuthenticationEntryPoint casAuthenticationEntryPoint,
        AuthenticationEntryPoint ldapAuthenticationEntryPoint) {
        this.casAuthenticationEntryPoint = casAuthenticationEntryPoint;
        this.ldapAuthenticationEntryPoint = ldapAuthenticationEntryPoint;
    }

    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
        throws IOException, ServletException {
        if(casServerAvailable()) {
            casAuthenticationEntryPoint.commence(request, response, authException);
        } else {
            ldapAuthenticationEntryPoint.commence(request, response, authException);
        }
    }

    private boolean casServerAvailable() {
        // TODO implement this method
        return false;
    }
}

You would then wire the DelegatingAuthenticationEntryPoint using the entry-point-ref attribute similar to the following:

    <sec:http entry-point-ref="delegateEntryPoint">
      ...
    </sec:http>
<bean id="delegateEntryPoint" class="sample.DelegatingAuthenticationEntryPoint">
    <constructor-arg>
        <bean class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
            p:serviceProperties-ref="serviceProperties" 
            p:loginUrl="https://example.com/cas/login" />
    </constructor-arg>
    <constructor-arg>
        <bean class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
            p:loginFormUrl="/login"/>
    </constructor-arg>
</bean>