You can plug in one or more Authentication Provider implementations in Authentication Manager. The Authentication Provider implementation is mainly responsible to validate a user and build a complete identity for a validated user. The components of the Authentication Provider framework manage sessions, login, and logout.

Spring provides support to extend and plug Authentication Provider. You can override or customize the Authentication Provider for RulePoint, so that you can integrate RulePoint with different authentication providers, such as CAS, openID, and SiteMinder.

RulePoint runs in hybrid mode and includes configurations for both the local DB provider and the LDAP provider. You can create, enable, or disable LDAP in RulePoint and it will not require you to restart RulePoint.

The flexible, extensible design of spring security makes it possible to customize the supported security providers. The spring security project provides a library of classes for Authentication Provider implementations, supporting classes for filter implementations, and configuration examples.

The following files located at the

<RULEPOINT_HOME>/design/webapps/rulepoint/WEB-INF/spring

directory contain the security configurations for authentication and authorization:

security_authentication.xml
security_authorization.xml

The files are in standard spring

applicationContext

xml format and additionally contain the elements from the specific spring security namespace. The files are included in the

contextConfigLocation

context-param in the

web.xml

file and loaded as other components of spring.

All REST endpoints are secured by spring security. When you perform an action through the user interface or through the REST APIs, the underlying ReST layer authenticates each request with the employed authentication mechanism.