Versions Compared

Old Version 2

changes.mady.by.user Robert Andelin

Saved on

compared with

New Version Current

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space FUNCTDEV and version SVC2023.2

...

Configuring the CTP Security XML File

CTP's applicationContext-security.xml file contains the necessary elements to allow JWT access token for OAuth 2.0, though they are commented out by default. You will need to uncomment them and provide a few configurations specific to your setup enable JWT access token for OAuth 2.0.

When CTP is deployed in Apache Tomcat, the applicationContext-security.xml file can be found in the following location:

tomcat<TOMCAT_DIR>/webapps/em/WEB-INF/classes/META-INF/spring/applicationContext-security.xml

You will need to make the following modifications to this file:

...

  • The first argument corresponds to the JWKS set URL of the authorization server.
  • The second argument ("usernameClaim") corresponds to the claim used to identify the user. This argument is optional and if not provided will default to the 'subject' embedded in the JWT token.
  • The third argument ("userRoleClaim") corresponds to the claim used to identify the roles of the user. This argument is optional and if not provided will not set the role of the user.
    • In the case of nested JSON Objects, separate the key with '.' Examplea period. For example: roleOuterKey.roleInnerKey.
Code Block
languagetext
<!--
<beans:bean id="BearerTokenAuthProvider"        class="com.parasoft.ctp.web.security.CTPBearerTokenAuthenticationProvider">
    <beans:constructor-arg><beans:value>http://localhost:8080/.well-known/jwks.json</beans:value></beans:constructor-arg>
    <beans:constructor-arg name="usernameClaim"><beans:value></beans:value></beans:constructor-arg>
    <beans:constructor-arg name="userRoleClaim"><beans:value></beans:value></beans:constructor-arg>
</beans:bean>
<beans:bean id="BearerTokenAuthFilter"        class="com.parasoft.ctp.web.security.CTPBearerTokenAuthenticationFilter">
    <beans:property name="authenticationManager" ref="authenticationManager"></beans:property>
</beans:bean>
-->

...

A single-sign-on (SSO) logout URL can be customized by modifying the following bean in applicationContext-security.xml:

Code Block
languagetext
<beans:bean id="logoutSuccessHandler" class="com.parasoft.ctp.web.security.CTPLogoutSuccessHandler">
    <!-- specify a URL that the user will be redirected to after they logout -->
    <beans:constructor-arg><beans:value></beans:value></beans:constructor-arg>
</beans:bean>

...