--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ | deployerConfigContext.xml centralizes into one file some of the declarative configuration that
+ | all CAS deployers will need to modify.
+ |
+ | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.
+ | The beans declared in this file are instantiated at context initialization time by the Spring
+ | ContextLoaderListener declared in web.xml. It finds this file because this
+ | file is among those declared in the context parameter "contextConfigLocation".
+ |
+ | By far the most common change you will need to make in this file is to change the last bean
+ | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with
+ | one implementing your approach for authenticating usernames and passwords.
+ +-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
+ <!--
+ | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean
+ | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id,
+ | "authenticationManager". Most deployers will be able to use the default AuthenticationManager
+ | implementation and so do not need to change the class of this bean. We include the whole
+ | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will
+ | need to change in context.
+ +-->
+ <bean id="authenticationManager"
+ class="org.jasig.cas.authentication.AuthenticationManagerImpl">
+ <!--
+ | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate.
+ | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which
+ | supports the presented credentials.
+ |
+ | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal
+ | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver
+ | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace
+ | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are
+ | using.
+ |
+ | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket.
+ | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
+ | You will need to change this list if you are identifying services by something more or other than their callback URL.
+ +-->
+ <property name="credentialsToPrincipalResolvers">
+ <list>
+ <!--
+ | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login
+ | by default and produces SimplePrincipal instances conveying the username from the credentials.
+ |
+ | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also
+ | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the
+ | Credentials you are using.
+ +-->
+ <bean
+ class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
+ <!--
+ | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of
+ | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a
+ | SimpleService identified by that callback URL.
+ |
+ | If you are representing services by something more or other than an HTTPS URL whereat they are able to
+ | receive a proxy callback, you will need to change this bean declaration (or add additional declarations).
+ +-->
+ <bean
+ class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
+ </list>
+ </property>
+
+ <!--
+ | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate,
+ | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that
+ | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn
+ | until it finds one that both supports the Credentials presented and succeeds in authenticating.
+ +-->
+ <property name="authenticationHandlers">
+ <list>
+ <!--
+ | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
+ | a server side SSL certificate.
+ +-->
+ <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
+ p:httpClient-ref="httpClient" />
+ <!--
+ | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
+ | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
+ | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
+ | local authentication strategy. You might accomplish this by coding a new such handler and declaring
+ | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+ +-->
+
+
+<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
+ <property name="filter" value="uid=%u" />
+ <property name="searchBase" value="ou=people,dc=portfolio,dc=org" />
+ <property name="contextSource" ref="contextSource" />
+</bean>
+
+ </list>
+ </property>
+ </bean>
+
+
+ <!--
+ This bean defines the security roles for the Services Management application. Simple deployments can use the in-memory version.
+ More robust deployments will want to use another option, such as the Jdbc version.
+
+ The name of this should remain "userDetailsService" in order for Acegi to find it.
+
+ To use this, you should add an entry similar to the following between the two value tags:
+ battags=notused,ROLE_ADMIN
+
+ where battags is the username you want to grant access to. You can put one entry per line.
+ -->
+ <bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
+ <property name="userMap">
+ <value>
+
+ </value>
+ </property>
+ </bean>
+
+ <!--
+ Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation
+ may go against a database or LDAP server. The id should remain "attributeRepository" though.
+ -->
+ <bean id="attributeRepository"
+ class="org.jasig.services.persondir.support.StubPersonAttributeDao">
+ <property name="backingMap">
+ <map>
+ <entry key="uid" value="uid" />
+ <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
+ <entry key="groupMembership" value="groupMembership" />
+ </map>
+ </property>
+ </bean>
+
+ <!--
+ Sample, in-memory data store for the ServiceRegistry. A real implementation
+ would probably want to replace this with the JPA-backed ServiceRegistry DAO
+ The name of this bean should remain "serviceRegistryDao".
+ -->
+ <bean
+ id="serviceRegistryDao"
+ class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />
+
+
+ <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
+ <property name="urls">
+ <list>
+ <value>ldap://193.48.120.93/</value>
+ </list>
+ </property>
+ <property name="userName" value="cn=Manager,dc=portfolio,dc=org"/>
+ <property name="password" value="superuser"/>
+ <property name="baseEnvironmentProperties">
+ <map>
+ <entry>
+ <key>
+ <value>java.naming.security.authentication</value>
+ </key>
+ <value>simple</value>
+ </entry>
+ </map>
+ </property>
+</bean>
+
+
+
+
+
+</beans>