Hyland Connect

jonnyg · ‎02-04-2016

We have implemented our SecurityConfiguration bean to use Spring's siteminder AuthenticationProvider, <B>PreAuthenticatedAuthenticationProvider</b>.

We'd like to have a config setting whether to use ours or use Activiti Enterprise's com.activiti.conf;SecurityConfiguration class… I guess, to do that, within our SecurityConfiguration, should we just call the class directly if needed?

trademak · ‎02-04-2016

Starting from Activiti 1.4.0 we provide override capabilities in the SecurityConfiguration class by implementing specific interfaces. Are you using 1.4.0 or an earlier version? We have done a small test using the Spring Security Siteminder functionality and we could plug that in the existing SecurityConfiguration by implementing the override interfaces.

Best regards,

jonnyg · ‎02-04-2016

Yes we are using 1.4.0. Yes we were planning on a custom bean to override.
What we are looking to do follow the way that com.activiti.conf.SecurityConfiguration class checks the property ldap.authentication.enabled – check for a config variable and use either Siteminder, or fallback to the standard config approach (LDAP, fallback to DB)

jonnyg · ‎02-26-2016

We did this get working, thanks to your help.
Our option for conditionally enabling is to use the @Profile annotation on the Java configuration files.

One other thing we learned - our Siteminder policy exempts JS/CSS/images and other non-data files, so these aren't checked by the policy server, and the smuser header is not passed onto those requests. So we need to tweak the config to exempt these file patterns.

jbarrez · ‎03-01-2016

That's awesome to hear!
@JonnyG: that image/css thing sounds like something I heard before. I think it's indeed a change in the patterns that need work.

Hyland Connect

Customizing SecurityConfiguration