Add IdentifiersFactory for more configurable UDS UserDetailsService (!6) · Merge requests · adi-ia / uw-spring-security

Nicholas Blair requested to merge npblair/uw-spring-security:flexible-identifiers into master Feb 25, 2016

Defaults to same behavior (treat argument to loadUserByUsername as a NetID username), but allows for easy override with PVI and others.

Use case: consider STAR. star-war supports impersonation via 'On-Behalf-Of' header. Inside the SwitchUserOnHeaderFilter is a reference to a UserDetailsService. The user attribute value of the 'On-Behalf-Of' header is passed into that UserDetailsService#loadUserByUsername(String) method. Prior to this contribution, UdsPersonUserDetailsServiceImpl could ONLY accept a NetID username.

This contribution defaults to that same behavior. However, if one wants to use a different user attribute, they would simply add a @Bean to their Spring ApplicationContext:

@Bean
public IdentifiersFactory pviIdentifiersFactory() {
  return new IdentifiersFactory.PVI();
}

With the magic of @Autowired(required=false), the default Netid configuration is replaced, and one can now pass PVIs into the SwitchUserOnHeaderFilter.

A few other interested parties: @paul.erickson @ahoffmann @bjsousa

Admin message

Add IdentifiersFactory for more configurable UDS UserDetailsService

Merge request reports