Configure the MashZone NextGen REST API to Use Certificate Authentication
By default, certificate authentication is not enabled for the REST API to MashZone NextGen or for MashZone NextGen Connect for JavaScript (PC4JS).
1. Using any text or XML editor, edit the applicationContext-security-filters-default.xml file in the web-apps-home/mashzone/WEB-INF/classes directory.
2. Find the Filter Chain Proxy (<bean id="filterChainProxy">) and:
a. Find the line for /**/api/rest/**.
b. Add x509ProcessingFilter, after restLoginProcessingFilter
c. In this same bean, find the line for /**/api*.
d. Add x509ProcessingFilter, after jumpLoginProcessingFilter
The result should look something like this:
<bean id="filterChainProxy"
>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**/esd/api/mashsoap/**=basicReqFlowSupportFilter, sessionContextIntegrationFilter,
sharepointSSOFilter,soapRequestAuthenticationFilter, basicProcessingFilter,
anonymousProcessingFilter, exceptionTranslationFilter
/**/edge/api/mashsoap/**=basicReqFlowSupportFilter, sessionContextIntegrationFilter,
sharepointSSOFilter, soapRequestAuthenticationFilter, basicProcessingFilter,
anonymousProcessingFilter, exceptionTranslationFilter
/**/api/soap/**=basicReqFlowSupportFilter, sessionContextIntegrationFilter,
sharepointSSOFilter, wsSecurityProcessingFilter, basicProcessingFilter,
anonymousProcessingFilter, exceptionTranslationFilter
/**/api/rest/**=restReqFlowSupportFilter, sessionContextIntegrationFilter,
sharepointSSOFilter, restLogoutFilter, restLoginProcessingFilter, x509ProcessingFiler,
basicProcessingFilter, anonymousProcessingFilter, sessionTimeoutDetectionFilter,
exceptionTranslationFilter
/**/emml/debug=basicReqFlowSupportFilter, sessionContextIntegrationFilter,
ssoProcessingFilter,restLogoutFilter, restLoginProcessingFilter, basicProcessingFilter,
anonymousProcessingFilter, exceptionTranslationFilter
/**/api*= jumpReqFlowSupportFilter, sessionContextIntegrationFilter,ssoProcessingFilter,
jumpLogoutFilter, jumpLoginProcessingFilter, x509ProcessingFiler, basicProcessingFilter,
anonymousProcessingFilter, sessionTimeoutDetectionFilter, exceptionTranslationFilter,
filterInvocationInterceptor,sessionTimeoutDetectionSupportFilter
...
This configuration allows both the default HTTP connections with user credentials and HTTPS with digital certificates.
3. Save this change.
4. Open the applicationContext-security.xml file in the web-apps-home/mashzone/WEB-INF/classes directory.
5. Find the REST Login Processing Filter (<bean id="restLoginProcessingFilter">) and add <property name="ignoreFailure" value="true" />.
The bean configuration should look like:
<bean id="restLoginProcessingFilter"
>
<property name="authenticationManager" ref="authenticationManager"/>
<property name="sessionManager" ref="sessionManager" />
<property name="rememberMeServices" ref="rememberMeServices"/>
<property name="ignoreFailure" value="true"/>
</bean>
6. Find the Authentication Manager (<bean id="authenticationManager">) and uncomment the reference to the x509AuthenticationProvider.
The bean configuration should look like:
<bean id="authenticationManager"
>
<property name="providers">
<list>
<ref bean="x509AuthenticationProvider"/>
<ref local="preauthAuthProvider"/>
<ref local="adminAuthenticationProvider"/>
<ref bean="defaultAuthenticationProvider"/>
<ref bean="rememberMeAuthenticationProvider"/>
<ref local="anonymousAuthenticationProvider"/>
</list>
</property>
</bean>
7. Save your changes to this file.