Using an Existing Authentication Service for OWF7

[Mike Lanciano]

I am having trouble implementing and even understanding if what I am attempting to achieve is possible. Here is what I want to accomplish:

1. User Logs in to OWF

2. Credentials are verified against a RESTful Auth Service

3. If valid, the Auth Service returns a Token

4. Token is made accessible to widgets which can then inject it to their own calls

5. If widget receives a notification to reauthenticate it notifies OWF and OWF will mark the current session expired and ask the user to reauth.

I figured I would attempt to get OWF to Auth against a web service as the first step by replacing the spring security.  Below is what I tried. 

<sec:http realm="OWF" auto-config="false">
    <sec:access-denied-handler error-page="/denied.gsp" />        
    <sec:intercept-url pattern="/administration/monitoring" access="ROLE_ADMIN" />
    <sec:intercept-url pattern="/admin/**" access="ROLE_ADMIN" requires-channel="https" />
    <sec:intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN" requires-channel="https" />
    <sec:custom-filter ref="ozoneLogoutFilter" position="LOGOUT_FILTER" />
    <sec:custom-filter ref="ozoneCookieFilter" before="ANONYMOUS_FILTER" />
    <sec:custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER" />
    <sec:port-mappings>
        <sec:port-mapping http="${ozone.unsecurePort}" https="${ozone.port}"/>
    </sec:port-mappings>
    <sec:session-management session-authentication-strategy-ref="concurrentSessionControlStrategy"/>
 </sec:http>

 <sec:authentication-manager alias="authenticationManager">
     <sec:authentication-provider ref="webServiceProvider" />
 </sec:authentication-manager> 

<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager"> <property name="providers"> <list><ref local="webServiceProvider" /></list> </property> </bean> <bean id="webServiceProvider" class="ozone.securitysample.authentication.rest.WebServiceAuthenticationProvider" />

but I get the following error:

Caused by: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the 'entry-point-ref' attribute

Which left me pretty much dead in the water. Is all of this even possible before I continue to work through the issues? Any suggestions on how to accomplish something like this?

[Ross Pokorny]

Mike

The overall workflow that you are attempting to achieve is not possible
without customizing OWF - there is no configuration that allows the OWF
container to send special data such as the authentication ticket to all
launched widgets.

For simply trying to get OWF itself to authenticate against your web service,
it looks like your example XML has some redundancy. The authenticationManager
bean definition is not necessary since you have the <authentication-manager>
element. Beyond that, I would have to see the code of your
ozone.securitysample.authentication.rest.WebServiceAuthenticationProvider
class to see where any problems are.

Are you seeing a specific stacktrace or other error?

Ross Pokorny

On Tuesday, May 31, 2016 9:43:25 AM EDT Mike Lanciano wrote:
> I am having trouble implementing and even understanding if what I am
> attempting to achieve is possible. Here is what I want to accomplish:
>
> 1. User Logs in to OWF
> 2. Credentials are verified against a RESTful Auth Service
> 3. If valid, the Auth Service returns a Token
> 4. Token is made accessible to widgets which can then inject it to their
> own calls
> 5. If widget receives a notification to reauthenticate it notifies OWF and
> OWF will mark the current session expired and ask the user to reauth.
>
> I figured I would attempt to get OWF to Auth against a web service as the

> first step. Below is what I tried.