skip to main content
Pacific Application Server for OpenEdge: Administration Guide
Web application security configurations : Spring Security configuration templates
 

Spring Security configuration templates

PAS for OpenEdge provides a number of Spring Security models for Web applications. The security models included with PAS for OpenEdge are implemented in the templates described in the table below.
Note: The Spring Security framework enables you to implement other types of authentication systems. For more information on implementing authentication systems, see the Spring Security framework documentation.
Table 13. Spring Security models and templates
Security Model
Configuration Template
Description
Basic
oeablSecurity-basic-local.xml
This is the default configuration model.
The Basic configuration authenticates clients using HTTP Basic authentication for user accounts, based on the user information in the users.propertiesfile of the Web application.
oeablSecurity-basic-ldap.xml
This configuration model authenticates clients using HTTP Basic authentication for user accounts, based on the user information stored in the directory governed by LDAP (Lightweight Directory Access Protocol).
oeablSecurity-basic-oerealm.xml
This configuration model authenticates clients using HTTP Basic authentication for user accounts managed by an OpenEdge application server.
oeablSecurity-basic-saml.xml
This configuration model authenticates clients using HTTP Basic authentication for external user accounts represented by a SAML token.
Form
oeablSecurity-form-local.xml
This model authenticates clients using the generic HTTP Form login authentication for user accounts, based on the users.properties file of the Web application.
For more information on managing local user accounts, see the Spring Security framework documentation.
oeablSecurity-form-ldap.xml
This model authenticates clients using the generic HTTP Form login authentication for user accounts stored in the directory governed by LDAP (Lightweight Directory Access Protocol).
oeablSecurity-form-oerealm.xml
This model authenticates clients using the generic HTTP Form login authentication for user accounts managed by an OpenEdge application server.
oeablSecurity-form-saml.xml
This configuration model authenticates clients using HTTP Form login authentication for external user accounts represented by a SAML token.
Anonymous
oeablSecurity-anonymous.xml
This is the default configuration model for Web applications.
With the anonymous security model, you make the Web service public. That is, any user can make requests to the Web service.
Container
oeablSecurity-container.xml
This model integrates Spring Security framework with the authentication service of the Java container.
The Java container authenticates, and the Spring Security framework controls the authorization to Web application resources.
You apply security configurations in the server's realm implementation in conf/server.xml.
For more information on container configuration, see the Apache Tomcat Realm Configuration documentation.
The templates that you can use to implement a security model are located in:
$CATALINA_BASE/webapps/webapp_name/WEB-INF
You choose the security model for the Web application in:
$CATALINA_BASE/webapps/webapp_name/WEB-INF/web.xml