SOS Interceptor Integration

This topic describes how to integrate an SOS Interceptor into con.terra's security.manager v3.1.1. The integration requires an already installed and configured instance running on a tomcat servlet engine. It is divided into 14 steps.

Related Documentation


  • Installed and configured security.manager v3.1.1
    We assume that you installed the security.manager to a directory which is referred here as ${secman}. That directory includes the folder webapps containing administration, gateway and wss.
  • Working maven and java enviroment set-up


  1. Integrate the new interceptor by building from source (direct downloadable jar)
    1. Checkout and build tag 2.0.11 and latest version of the sensor web branch of the security API into the same super directory.
    2. Run the following script:
      HELP It copies the sos interceptor code from the newer API to the 2.0.11er version.
    3. Fix Imports within the sos interceptor packages*, e.g. in eclipse perform the step organize imports in each class with problems. Select if asked.
  2. Within the Webapps adminstration, gateway and wss backup and exchange the 52n-security-service-2.0.11.jar with the new one.
  3. Download the SOS module description which is needed later on:
  4. In the SOS-module.xml check if following properties are present in the template file (if not, add them as new property elements):
      <Property name="sessionService" idRef="sessionService" />
      <Property name="capabilitiesFileName" idRef="defaultCapabilitiesFile" />
  5. Copy downloaded SOS-module.xml to ${secman}/webapp/wss/WEB-INF/classes/enforcementpoint-modules
  6. Open ${secman}/webapp/wss/WEB-INF/classes/security-config.xml and add following module entry to
    <Service id="WSS">
    <Entry name="SOS" value="SOS-module.xml"/>
  7. Open ${secman}/webapp/wss/WEB-INF/classes/spring-db-config.xml, under
    <bean id="enforcementPointManagementService"> ... <property name="moduleNames">
  8. Open ${secman}/webapp/administration/WEB-INF/classes/spring-pep-service-config.xml, under
    <util:set id="secModules">
    <util:set id="allModules">
  9. Open ${secman}/administration/WEB-INF/classes/security-config.xml, and under
    <Property name="policyFinderModules"><Set><Entry><Object class="[...]"><Property name="childPolicyFinderModules"><List>
              <Object class="">
                <Property name="provider">
                  <Object class="" initMethod="init">
                    <Property name="path" value="permissions.xml" />

    The path can be adjusted as you like. If the security manager is enabled within your tomcat set-up, please make sure that the security manager webapps are allowed to read and write from/to this directory!
  10. Copy your permission.xml to ${secman}/administration/WEB-INF/classes/ (or to that path you have configured one step earlier)
  11. Change SubjectDomain attribute value to urn:conterra:names:sdi-suite:policy:attribute:role (Please note that this domain requires roles instead of user names to be configured in the permissions.xml).
  12. Test the setup.
    HELP Make sure to create the enforcement endpoint in the administration webapp that is referenced in the permissions.xml.
I Attachment Action Size Date Who Comment
52n-security-service-2.0.11.jarjar 52n-security-service-2.0.11.jar manage 765 K 14 Oct 2014 - 06:23 EikeJuerrens Fixed runtime bug with "X" in SimpleDateFormat pattern
SOS-module.xmlxml SOS-module.xml manage 4 K 26 Aug 2014 - 15:18 HenningBredel  
update-2.0.11.shsh manage 1 K 06 Oct 2014 - 14:09 EikeJuerrens more generic version including fix of imports and move to user desktop...
update_2.0.11.shsh manage 367 bytes 28 Jul 2014 - 10:58 EikeJuerrens removed not working "mvn clean install" statement
Topic revision: r18 - 14 Oct 2014, EikeJuerrens
Legal Notice | Privacy Statement

This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Wiki? Send feedback