Cosmo 0.7 Security Notes

Acegi Security Framework

Cosmo 0.7 utilizes the acegi security framework for authentication and authorization services. The FilterChainProxy groups all the necessary authentication and authorization processing logic. It is configured using spring and implemented as a servlet filter. Each protocol (dav/atom/morse code/etc) defines its own filter chain. For most cases the sequence looks like:

Authentication Processing Filters
Responsible for gathering authentication data (username/password/ticket/etc) and packaging into a common "Authentication request" object. For example, grap the Authorization header from an HTTP request, or look for username/password parameters from a HTTP form POST.

Exception Translation Filter
Responsible for catching security exceptions and deciding what to do with them (return 403 or forward to login).

Invocation Interceptor Filter
Responsible for authenticating (using AuthenticationManager) and authorizing (AccessDecisionManager) request. The request is authneticated using the data gathered from the authentication processing filters. Any exception thrown will be caught by the exception translation filter and handled appropriately.

Cosmo Security

Cosmo provides a CosmoSecurityManager , which is a facade for the Acegi Security system. All application logic uses an instance of CosmoSecurityManager for access to the current credentials. For more information refer to the org.osaf.cosmo.security.* packages.

-- RandyLetness - 23 Aug 2007

chandlerproject.org

VISION
TOUR

Download Desktop
Get a Hub Account
Get Chandler Server

FAQ
Get Started

Blog
Mailing Lists
Chat on IRC

Report a Bug
Get Involved

OSAF Community
About OSAF

Journal Wiki Changes

Open Source Applications Foundation

Except where otherwise noted, this site and its content are licensed by OSAF under an Creative Commons License, Attribution Only 3.0.
See list of page contributors for attributions.