Preauthentication with LTPA token

Question

What is the best way to initialize a Spring context given pre-authentication through Websphere LTPA SSO token? Right now I have a custom filter that provides a PreAuthorizedAuthenticationToken to the Spring Security context. Is there an existing filter that would do this for me automatically? I have always run into trouble with GrantedAuthorities when I've tried to use the PreAuth classes.

Cheers

Answer 1

Best option is to have a custom preauthentication filter by extending AbstractPreAuthenticatedProcessingFilter.

You can fetch the token from request and return it in getPreAuthenticatedCredentials() method.

You can define your own AuthenticationUserDetailsService and pass it to PreAuthenticatedAuthenticationProvider, here you can fetch the granted authorities and return them in UserDetails Object

<bean id="preAuthAuthenticationProvider"
          class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
        <property name="preAuthenticatedUserDetailsService">
            <bean id="myUserDetailsService"
                  class="MyUserDetailsService">
            </bean>
        </property>
    </bean>

If you have granted auth, not starting with default prefix ROLE, you can define your custom prefix

<bean id="myPermissionRoleVoter" class="org.springframework.security.access.vote.RoleVoter">
        <property name="rolePrefix" value="myprefix"/>
    </bean>