+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:sec="http://www.springframework.org/schema/security"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
-
-
-<bean id="placeholderConfig4"
- class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
- <property name="locations">
- <list>
- <value>WEB-INF/cas.properties</value>
- <value>WEB-INF/context-ldap.properties</value>
- </list>
- </property>
- <property name="ignoreUnresolvablePlaceholders" value="true"/>
- </bean>
-
-
-
- <bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy" >
- <sec:filter-chain-map path-type="ant">
- <sec:filter-chain pattern="/server/**" filters="none"/>
- <sec:filter-chain pattern="/**" filters="httpSessionContextIntegrationFilter,basicProcessingFilter,casProcessingFilter,anonymousProcessingFilter,CasExceptionTranslationFilter,filterInvocationInterceptor"/>
- </sec:filter-chain-map>
- </bean>
-
-
-<bean id="anonymousProcessingFilter" class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
- <property name="key"><value>foobar</value></property>
- <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
- </bean>
-
- <bean id="anonymousAuthenticationProvider" class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
- <property name="key"><value>foobar</value></property>
- </bean>
-
-<bean id="basicProcessingFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
- <property name="authenticationManager"><ref local="authenticationManager"/></property>
- <property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
- </bean>
-
- <bean id="basicAuthExceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
- <property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
- </bean>
-
- <bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
- <property name="realmName"><value>Protected Area</value></property>
- </bean>
-
- <bean id="CasExceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
-
- <property name="authenticationEntryPoint"><ref bean="casProcessingFilterEntryPoint"/></property>
- </bean>
-
-<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
-
-<bean id="runAsManager" class="org.springframework.security.access.intercept.RunAsManagerImpl">
- <property name="key"><value>my_run_as_password</value></property>
- </bean>
-
-
-<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/>
-
-<bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
- <property name="allowIfAllAbstainDecisions"><value>false</value></property>
- <property name="decisionVoters">
- <list>
- <ref bean="roleVoter"/>
- <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
- </list>
- </property>
- </bean>
-
-
-
-
-<bean id="filterInvocationInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
- <property name="authenticationManager"><ref bean="authenticationManager"/></property>
- <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
- <property name="runAsManager"><ref bean="runAsManager"/></property>
-<property name="securityMetadataSource">
- <sec:filter-security-metadata-source>
- <sec:intercept-url pattern="/repository/**" access="ROLE_MEMBER"/>
- </sec:filter-security-metadata-source>
- </property>
-
-
- </bean>
-
-
-
-
-
-<!--
- <sec:http entry-point-ref="casProcessingFilterEntryPoint">
-
- <sec:intercept-url pattern="/repository/**" access="ROLE_MEMBER" />
- <sec:logout logout-success-url="/cas-logout.jsp"/>
- <sec:custom-filter ref="casProcessingFilter" after="CAS_FILTER"/>
- </sec:http>
--->
-
-
- <sec:authentication-manager alias="authenticationManager">
- <sec:authentication-provider ref="ldapAuthProvider" />
- <sec:authentication-provider ref="casAuthenticationProvider" />
- </sec:authentication-manager>
-
- <bean id="casProcessingFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
- <property name="authenticationManager" ref="authenticationManager"/>
-
- <!--<property name="authenticationFailureUrl" value="/casfailed.jsp"/>
- <property name="defaultTargetUrl" value="/"/>
- --><!--<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
- <property name="proxyReceptorUrl" value="/${WEBAPP_CONTAINER}/receptor" />
--->
- </bean>
-
- <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
- <property name="loginUrl" value="https://${CAS_HOST}/cas/login"/>
- <property name="encodeServiceUrlWithSessionId" value="false"/>
- <property name="serviceProperties" ref="serviceProperties"/>
-
- </bean>
-
- <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
- <property name="userDetailsService" ref="userService"/>
- <property name="serviceProperties" ref="serviceProperties" />
- <property name="ticketValidator">
- <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
- <constructor-arg index="0" value="https://${CAS_HOST}/cas" />
- <!--<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
- <property name="proxyCallbackUrl" value="https://${SERVICE_HOST}/${WEBAPP_CONTAINER}/receptor" /> -->
-
-</bean>
- </property>
-
- <property name="key" value="an_id_for_this_auth_provider_only"/>
- </bean>
-
- <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
-
- <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
- <property name="service" value="https://${SERVICE_HOST}/${WEBAPP_CONTAINER}/j_spring_cas_security_check"/>
- <property name="sendRenew" value="false"/>
- </bean>
-
-
-
-<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource" >
- <description>ContextSource of the LDAP server and common connexion.</description>
- <property name="urls" value="${urls}" />
- <property name="userDn" value="${rootDN}" />
- <property name="password" value="${password}" />
- <property name="base" value="${base}" />
- <property name="dirObjectFactory" value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
- </bean>
-
- <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
- <description>LDAPTemplate spring bean.</description>
- <constructor-arg ref="contextSource" />
- </bean>
-
-
-
-<bean id="ldapDAO" class="com.pentila.jackrabbit.auth.LdapDAO">
-<property name="ldapTemplate"><ref local="ldapTemplate" /></property>
-<property name="attrLogin" value="${attrLogin}" />
-<property name="attrId" value="${attrId}" />
-<property name="branchPeople" value="${userbase}" />
-<property name="additionalFilter" value="${additionalFilter}"/>
-</bean>
-
-
-<bean id="userService" class="com.pentila.jackrabbit.auth.CasAuth">
-<constructor-arg index="0" value="ROLE_MEMBER" />
-<property name="ldapDAO"><ref local="ldapDAO" /></property>
-</bean>
-
-
-
-
- <bean id="ldapAuthProvider"
- class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
- <constructor-arg>
- <bean
- class="org.springframework.security.ldap.authentication.BindAuthenticator">
- <constructor-arg ref="contextSource" />
- <property name="userDnPatterns">
- <list>
- <value>${attrLogin}={0},ou=People</value>
- </list>
- </property>
- </bean>
- </constructor-arg>
- <constructor-arg>
- <bean class="com.pentila.jackrabbit.auth.MyLdapAuthoritiesPopulator">
- <property name="userDetailService">
- <ref bean="userService" />
- </property>
- </bean>
- </constructor-arg>
-</bean>
-
-<!--
- <sec:ldap-server id="ok_ldap" url="ldap://193.48.120.93:389/" manager-dn="cn=Manager,dc=portfolio,dc=org" manager-password="superuser" />
-
- <sec:ldap-user-service id="userService" server-ref="ok_ldap"
- user-search-filter="uid={0}"
- user-search-base="ou=people, dc=portfolio, dc=org"
- group-search-filter="uniquemember={0}"
- group-search-base="ou=groupes, dc=portfolio, dc=org"
- role-prefix="ROLE_" />
--->
-
-<!--
-<sec:user-service id="userService">
-<sec:user name="stagiaire1" password="vlad" authorities="system" />
-</sec:user-service>
--->
-
-
-</beans>
-