-
Notifications
You must be signed in to change notification settings - Fork 538
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve integration with Spring Security #3395
Labels
Comments
@grgrzybek Looks nice, but is it something we can do anything for at hawtio/react? This |
grgrzybek
added
area/spring-boot
kind/enhancement
and removed
kind/enhancement
area/spring-boot
labels
Apr 16, 2024
Oops, I meant to create it in hawtio/hawtio ;) |
Connecting to self (http://localhost:10001/actuator/jolokia) from Hawtio with Spring Security doesn't work (yet).
|
grgrzybek
added a commit
that referenced
this issue
May 22, 2024
fixes #3395) Signed-off-by: Grzegorz Grzybek <gr.grzybek@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, integration with Spring Security in
io.hawt.web.auth.AuthenticationFilter
looks roughly like this:org.springframework.security.core.SpringSecurityCoreVersion
class (Spring Security available)jakarta.servlet.http.HttpServletRequest#getRemoteUser()
- this, when Spring Security is configured, delegates toorg.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper#getRemoteUser()
, which usesorg.springframework.security.core.context.SecurityContext#getAuthentication()
which is populated by entire Spring Security infrastructure (org.springframework.security.web.FilterChainProxy
)javax.security.auth.Subject
) into session.However, Spring Security's
org.springframework.security.core.Authentication
is much more than just user name. For example in (examples/springboot-security
) we have:While Spring Security has documentation section about JAAS, there's one nice class which isn't mentioned there:
org.springframework.security.authentication.jaas.SecurityContextLoginModule
.With this, we can login using JAAS (we already do JAAS login in
io.hawt.system.Authenticator#doAuthenticate()
) using this module and what we'll get is kind of transparent translation of Spring Security token into JAAS subject.The text was updated successfully, but these errors were encountered: