Adding Authorization to Your Web Adaptor with Spring Security

Idea created by corsicoff4 on Jan 6, 2014
    • corsicoff4
    Originally, we used LDAP to secure our web adaptor.  Life was good until we realized that we would need a system that was capable of restricting access based on which company a user belonged to as well as the specific user’s authorization.  This is where spring security’s Central Authentication Service entered the picture.  Despite a lot of searching through Esri blogs, we couldn’t find any reference to anyone attempting to use spring security.  We were foolhardy enough to use it anyway and see what happened.  Using Maven overlay, we merged the arcgis.war file with our spring security war file to create a web adaptor that was secured using spring.  Two months after we started this project, we have a highly customizable and surprisingly quick security layer.  The end result was awesome but getting there caused a lot of sleepless nights and multiple updates to our resumes.  This presentation would walk through how to set up spring security with an ArcGIS web adaptor, the problems that arose, and what we did to overcome them.