SOS Interceptor Integration

---

This topic describes how to integrate an SOS Interceptor into con.terra's security.manager v3.1.1. The integration requires an already installed and configured instance running on a tomcat servlet engine. It is divided into 14 steps.

Related Documentation

• SecuringSOS

Requirements

• Installed and configured security.manager v3.1.1
  We assume that you installed the security.manager to a directory which is referred here as ${secman}. That directory includes the folder webapps containing administration, gateway and wss.
• Working maven and java enviroment set-up

Integration

1. Integrate the new interceptor by building from source (direct downloadable jar)
   1. Checkout and build tag 2.0.11 and latest version of the sensor web branch of the security API into the same super directory.
   2. Run the following script: update_2.0.11.sh
      It copies the sos interceptor code from the newer API to the 2.0.11er version.
   3. Fix Imports within the sos interceptor packages org.n52.security.enforcement.interceptors.sos.*, e.g. in eclipse perform the step organize imports in each class with problems. Select org.n52.security.enforcement.artifact.Transferable if asked.
2. Within the Webapps adminstration, gateway and wss backup and exchange the 52n-security-service-2.0.11.jar with the new one.
3. Download the SOS module description which is needed later on:
   • Latest from SVN ( requires permission)
   • Attached version from 2014-08-26
4. In the SOS-module.xml check if following properties are present in the template file (if not, add them as new property elements):

     <Property name="sessionService" idRef="sessionService" />
     <Property name="capabilitiesFileName" idRef="defaultCapabilitiesFile" />

5. Copy downloaded SOS-module.xml to ${secman}/webapp/wss/WEB-INF/classes/enforcementpoint-modules
6. Open ${secman}/webapp/wss/WEB-INF/classes/security-config.xml and add following module entry to

   <Service id="WSS">

   <Entry name="SOS" value="SOS-module.xml"/>

7. Open ${secman}/webapp/wss/WEB-INF/classes/spring-db-config.xml, under

   <bean id="enforcementPointManagementService"> ... <property name="moduleNames">

   add

   <value>SOS</value>

8. Open ${secman}/webapp/administration/WEB-INF/classes/spring-pep-service-config.xml, under

   <util:set id="secModules">

   and

   <util:set id="allModules">

   add

   <value>SOS</value>

9. Open ${secman}/administration/WEB-INF/classes/security-config.xml, and under

   <Property name="policyFinderModules"><Set><Entry><Object class="[...]"><Property name="childPolicyFinderModules"><List>

   add

           <Entry>
             <Object class="org.n52.security.service.pdp.xacml.policyfinder.SimplePermissionsPolicyFinderModule">
               <Property name="provider">
                 <Object class="org.n52.security.service.pdp.simplepermission.SimplePermissionFileProvider" initMethod="init">
                   <Property name="path" value="permissions.xml" />
                 </Object>
               </Property>
             </Object>
           </Entry>
   

   
   The path can be adjusted as you like. If the security manager is enabled within your tomcat set-up, please make sure that the security manager webapps are allowed to read and write from/to this directory!
10. Copy your permission.xml to ${secman}/administration/WEB-INF/classes/ (or to that path you have configured one step earlier)
11. Change SubjectDomain attribute value to urn:conterra:names:sdi-suite:policy:attribute:role (Please note that this domain requires roles instead of user names to be configured in the permissions.xml).
12. Test the setup.
    Make sure to create the enforcement endpoint in the administration webapp that is referenced in the permissions.xml.