With the SecurityFilterChain you now have configured the process to authenticate a user against your SSO provider and provide access to the Studio api. After authentication the user details are usually represented by a SSO specific details object linked to the Spring Security Authentication object.

Now CoreMedia Studio needs to know the matching com.coremedia.cap.user.User for the current SSO specific user details. Each individual Unified API operation has to be performed in the name of the currently authenticated User in order to be able to perform a fine grained authorization in the CoreMedia Content Server. To create the mapping between SSO specific user details and a User for the chosen SSO system, you have to implement a SpringSecurityUserFinder.

The SpringSecurityCapUserFinder interface consists of only one method that finds a User for a given Authentication object. In order to write a finder for the chosen SSO system you can extend the AbstractSpringSecurityCapUserFinder.

      public class XYZSpringSecurityCapUserFinder
        extends AbstractSpringSecurityCapUserFinder
        implements SpringSecurityCapUserFinder {

  @Override
  public User findCapUser(Authentication authentication) {
    Object principal = authentication.getPrincipal();
    if (principal instanceof XYZ) {
      String username = GET_USER_NAME_FROM_USER_DETAILS;
      return getCapConnection().getUserRepository()
             .getUserByName(username, DOMAIN);
    }
    return null;
  }
}

    

The custom user finder is enabled by replacing the Spring bean springSecurityCapUserFinder in the Spring context.

      @Bean
@Customize(value = "springSecurityCapUserFinder", mode = Customize.Mode.REPLACE)
XYZSpringSecurityCapUserFinder xyzSpringSecurityCapUserFinder(CapConnection capConnection) {
  XYZSpringSecurityCapUserFinder xyzSpringSecurityCapUserFinder = new XYZSpringSecurityCapUserFinder();
  xyzSpringSecurityCapUserFinder.setCapConnection(capConnection);
  return xyzSpringSecurityCapUserFinder;
}