Files
spring-integration/docs/src/reference/docbook/security.xml
Chris Beams 677fca51a9 Major progress on Gradle port
Complete:
--------
- src/* documentation resources moved to 'docs' subproject

- docbook sources upgraded to Docbook 5

- formatted all docbook sources to strip tab characters and
  eliminate trailing whitespace

- all projects compile and test successfully

- all artifacts upload successfully to s3, static.sf.org, etc.

Remaining:
---------
- documentation L&F needs work. CSS, images, and highlighting aren't
  hooked up properly

- spring-integration-jdbc codegen bits in Maven POM need to be
  transcribed into gradle

- dependencies that were optional or provided scope in maven are
  currently 'compile' scope in Gradle.  Need to figure out support
  in Gradle to fix this.

- run through Eclipse classpath and project generation scenarios

- delete all Maven artifacts
2010-10-26 18:51:08 -04:00

65 lines
3.8 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<chapter xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="security"
xmlns:xlink="http://www.w3.org/1999/xlink">
<title>Security in Spring Integration</title>
<section id="security-intro">
<title>Introduction</title>
<para>
Spring Integration provides integration with the
<ulink url="http://static.springframework.org/spring-security/site/">Spring Security project</ulink>
to allow role based security checks to be applied to channel send and receive invocations.
</para>
</section>
<section id="securing-channels">
<title>Securing channels</title>
<para>
Spring Integration provides the interceptor <classname>ChannelSecurityInterceptor</classname>, which extends
<classname>AbstractSecurityInterceptor</classname> and intercepts send and receive calls on the channel. Access decisions
are then made with reference to <classname>ChannelInvocationDefinitionSource</classname> which provides the definition of
the send and receive security constraints. The interceptor requires that a valid <interfacename>SecurityContext</interfacename>
has been established by authenticating with Spring Security, see the Spring Security reference documentation for details.
</para>
<para>
Namespace support is provided to allow easy configuration of security constraints. This consists of the secured channels tag which allows
definition of one or more channel name patterns in conjunction with a definition of the security configuration for send and receive. The pattern
is a <interfacename>java.util.regexp.Pattern</interfacename>.
<programlisting language="xml"><![CDATA[<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/integration"
xmlns:si-security="http://www.springframework.org/schema/integration/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.xsd
http://www.springframework.org/schema/integration
http://www.springframework.org/schema/integration/spring-integration-2.0.xsd
http://www.springframework.org/schema/integration/security
http://www.springframework.org/schema/integration/security/spring-integration-security-2.0.xsd">
<si-security:secured-channels>
<si-security:access-policy pattern="admin.*" send-access="ROLE_ADMIN"/>
<si-security:access-policy pattern="user.*" receive-access="ROLE_USER"/>
</si-security:secured-channels>]]>
</programlisting>
By default the secured-channels namespace element expects a bean named <emphasis>authenticationManager</emphasis> which implements
<interfacename>AuthenticationManager</interfacename> and a bean named <emphasis>accessDecisionManager</emphasis> which implements
<interfacename>AccessDecisionManager</interfacename>. Where this is not the case references to the appropriate beans can be configured
as attributes of the <emphasis>secured-channels</emphasis> element as below.
<programlisting language="xml"><![CDATA[<si-security:secured-channels access-decision-manager="customAccessDecisionManager"
authentication-manager="customAuthenticationManager">
<si-security:access-policy pattern="admin.*" send-access="ROLE_ADMIN"/>
<si-security:access-policy pattern="user.*" receive-access="ROLE_USER"/>
</si-security:secured-channels>]]>
</programlisting>
</para>
</section>
</chapter>