Hi,
I am in a project and try to integrate the Vintela-Framework, which is the standard at our customer site. The authentication of the user works fine, we are retrieving the user data and the roles the user is assigned to, but we are not able to protect our REST-services. The authorization always fails, the access is always granted.
Is Vintela able to protect REST-services or do we have to use another framework?
Our policy.xml file looks like that:
<?xml version="1.0"?>
<policy>
<role name="EXPERT">
<include>
<group name="EDE-DEV-SRV-ADM@XXX.NET"/>
</include>
</role>
<role name="ANALYST">
<include>
<group name="EDE-DEV-SRV-GEN@XXX.NET"/>
</include>
</role>
<security-constraint>
<display-name>Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ANALYST</role-name>
</auth-constraint>
</security-constraint>
</policy>
My web.xml:
<!-- Vintela filter settings --> <filter-mapping> <filter-name>authFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>authFilter</filter-name> <servlet-name>default</servlet-name> </filter-mapping> <filter-mapping> <filter-name>authFilter</filter-name> <servlet-name>rest</servlet-name> </filter-mapping> <filter> <filter-name>authFilter</filter-name> <filter-class>com.wedgetail.idm.sso.AuthFilter</filter-class> <init-param> <param-name>idm.access.policy</param-name> <param-value>policy.xml</param-value> </init-param> </filter> <servlet> <servlet-name>rest</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>rest</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping>
Can anyone give me a hint what is going wrong here?
Regards
Edmund