Presto Administration : Presto Security : Authentication with Digital Certificates/SSL : Configure the Presto REST API to Use Certificate Authentication
Configure the Presto REST API to Use Certificate Authentication
By default, certificate authentication is not enabled for the REST API to Presto or for Presto Connect for JavaScript (PC4JS).
1. Using any text or XML editor, edit the applicationContext-security-filters-default.xml file in the web-apps-home/presto/WEB-INF/classes directory.
2. Find the Filter Chain Proxy (<bean id="filterChainProxy">) and:
a. Find the line for /**/api/rest/**.
b. Add x509ProcessingFilter, after restLoginProcessingFilter
c. In this same bean, find the line for /**/api*.
d. Add x509ProcessingFilter, after jumpLoginProcessingFilter
The result should look something like this:
<bean id="filterChainProxy"
>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**/esd/api/mashsoap/**=basicReqFlowSupportFilter, sessionContextIntegrationFilter, sharepointSSOFilter,
soapRequestAuthenticationFilter, basicProcessingFilter, anonymousProcessingFilter, exceptionTranslationFilter
/**/edge/api/mashsoap/**=basicReqFlowSupportFilter, sessionContextIntegrationFilter, sharepointSSOFilter,
soapRequestAuthenticationFilter, basicProcessingFilter, anonymousProcessingFilter, exceptionTranslationFilter
/**/api/soap/**=basicReqFlowSupportFilter, sessionContextIntegrationFilter, sharepointSSOFilter,
wsSecurityProcessingFilter, basicProcessingFilter, anonymousProcessingFilter, exceptionTranslationFilter
/**/api/rest/**=restReqFlowSupportFilter, sessionContextIntegrationFilter, sharepointSSOFilter, restLogoutFilter,
restLoginProcessingFilter, x509ProcessingFiler, basicProcessingFilter, anonymousProcessingFilter,
sessionTimeoutDetectionFilter, exceptionTranslationFilter
/**/emml/debug=basicReqFlowSupportFilter, sessionContextIntegrationFilter,ssoProcessingFilter,restLogoutFilter,
restLoginProcessingFilter, basicProcessingFilter, anonymousProcessingFilter, exceptionTranslationFilter
/**/api*= jumpReqFlowSupportFilter, sessionContextIntegrationFilter,ssoProcessingFilter,jumpLogoutFilter,
jumpLoginProcessingFilter, x509ProcessingFiler, basicProcessingFilter, anonymousProcessingFilter,
sessionTimeoutDetectionFilter, exceptionTranslationFilter,filterInvocationInterceptor,sessionTimeoutDetectionSupportFilter
...
This configuration allows both the default HTTP connections with user credentials and HTTPS with digital certificates.
3. Save this change.
4. Open the applicationContext-security.xml file in the web-apps-home/presto/WEB-INF/classes directory.
5. Find the REST Login Processing Filter (<bean id="restLoginProcessingFilter">) and add <property name="ignoreFailure" value="true" />.
The bean configuration should look like:
<bean id="restLoginProcessingFilter"

>
<property name="authenticationManager" ref="authenticationManager"/>
<property name="sessionManager" ref="sessionManager" />
<property name="rememberMeServices" ref="rememberMeServices"/>
<property name="ignoreFailure" value="true"/>
</bean>
6. Find the Authentication Manager (<bean id="authenticationManager">) and uncomment the reference to the x509AuthenticationProvider.
The bean configuration should look like:
<bean id="authenticationManager"

>
<property name="providers">
<list>
<ref bean="x509AuthenticationProvider"/>
<ref local="preauthAuthProvider"/>
<ref local="adminAuthenticationProvider"/>
<ref bean="defaultAuthenticationProvider"/>
<ref bean="rememberMeAuthenticationProvider"/>
<ref local="anonymousAuthenticationProvider"/>
</list>
</property>
</bean>
7. Save your changes to this file.
Copyright © 2013-2015 Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback