Studio Developer Manual / Version 2307
Table Of Contents
With the SecurityFilterChain
you now have configured the process to authenticate a user against your
SSO provider and provide access to the Studio api.
After authentication the user details are usually represented by a SSO specific details object
linked to the Spring Security Authentication
object.
Now CoreMedia Studio needs to know the matching com.coremedia.cap.user.User
for
the current SSO specific user details. Each individual Unified API operation has to be performed
in the name of the currently authenticated User
in order to be able to perform a
fine grained authorization in the CoreMedia Content Server. To create the mapping between SSO specific user
details and a User
for the chosen SSO system, you have to implement a
SpringSecurityUserFinder
.
The SpringSecurityCapUserFinder
interface consists of only one method that finds a
User
for a given Authentication
object. In order to write a finder for the
chosen SSO system you can extend the AbstractSpringSecurityCapUserFinder
.
public class XYZSpringSecurityCapUserFinder
extends AbstractSpringSecurityCapUserFinder
implements SpringSecurityCapUserFinder {
@Override
public User findCapUser(Authentication authentication) {
Object principal = authentication.getPrincipal();
if (principal instanceof XYZ) {
String username = GET_USER_NAME_FROM_USER_DETAILS;
return getCapConnection().getUserRepository()
.getUserByName(username, DOMAIN);
}
return null;
}
}
The custom user finder is automatically picked up when it is defined as a bean with the name
springSecurityCapUserFinder
in the Spring context like this:
@Bean
SpringSecurityCapUserFinder springSecurityCapUserFinder(CapConnection capConnection) {
XYZSpringSecurityCapUserFinder xyzSpringSecurityCapUserFinder = new XYZSpringSecurityCapUserFinder();
xyzSpringSecurityCapUserFinder.setCapConnection(capConnection);
return xyzSpringSecurityCapUserFinder;
}