Spring Security is the new ACEGI name. This is a well known security framework for J2EE applications.
Spring Security provides a default pre-authentication
mechanism that can be used to connect your J2EE application to LL::NG.
You can find all suitable information here: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/preauth.html
To summarize, to get the user connected trough the Auth-User
HTTP Header, use this Sping Security configuration:
<bean id="LemonLDAPNGFilter" class= "org.springframework.security.web.authentication.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter"> <security:custom-filter position="PRE_AUTH_FILTER" /> <property name="principalRequestHeader" value="Auth-User"/> <property name="authenticationManager" ref="authenticationManager" /> </bean> <bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider"> <security:custom-authentication-provider /> <property name="preAuthenticatedUserDetailsService"> <bean id="userDetailsServiceWrapper" class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper"> <property name="userDetailsService" ref="userDetailsService"/> </bean> </property> </bean> <security:authentication-manager alias="authenticationManager" />