1 <?xml version="1.0" encoding="UTF-8"?>
3 <beans xmlns="http://www.springframework.org/schema/beans"
4 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5 xmlns:util="http://www.springframework.org/schema/util"
6 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
7 http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
11 Configuration du Bean de representation des utilisateurs / Roles
15 <bean id="userService" class="com.pentila.evalcomp.ldap.MyUserDetailsService">
16 <property name="ldapDAO"><ref bean="ldapTarget" /></property>
17 <property name="entityManager"><ref bean="entityManager" /></property>
22 Bean de configuration systeme de securité Spring
24 * property 'service' : http://server:port/EvalComp/j_spring_cas_security_check
28 <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
29 <property name="service"><value>http://tice-a85.univ-savoie.fr:8080/EvalComp/j_spring_cas_security_check</value></property>
30 <property name="sendRenew"><value>false</value></property>
35 Provider d'authentifiation 1 (etablissement)
39 <bean id="casAuthenticationProvider1" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
40 <property name="userDetailsService"><ref bean="userService"/></property>
42 <property name="serviceProperties" ref="serviceProperties" />
43 <property name="ticketValidator">
44 <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
46 <!-- URL du serveur CAS 1 -->
48 <constructor-arg index="0" value="https://tice-a85.univ-savoie.fr:8443/cas" />
49 <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
52 * property 'proxyCallbackUrl' : https://server:port/EvalComp/receptor
55 <property name="proxyCallbackUrl" value="https://tice-a85.univ-savoie.fr:8443/EvalComp/receptor" />
59 <property name="key"><value>my_password_for_this_auth_provider_only</value></property>
62 <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
69 Provider d'authentifiation 2 ( CAS EmaEval )
73 <bean id="casAuthenticationProvider2" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
74 <property name="userDetailsService"><ref bean="userService"/></property>
76 <property name="serviceProperties" ref="serviceProperties" />
77 <property name="ticketValidator">
78 <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
80 <!-- URL du serveur CAS 1 -->
82 <constructor-arg index="0" value="https://tice-a85.univ-savoie.fr:8443/cas2" />
83 <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
86 * property 'proxyCallbackUrl' : https://server:port/EvalComp/receptor
89 <property name="proxyCallbackUrl" value="https://tice-a85.univ-savoie.fr:8443/EvalComp/receptor" />
92 <property name="key"><value>my_password_for_this_auth_provider_only</value></property>
100 ======================== FILTER CHAIN =======================
103 <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
104 <property name="filterInvocationDefinitionSource">
106 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
107 PATTERN_TYPE_APACHE_ANT
108 /**=httpSessionContextIntegrationFilter,casProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
114 <!-- Bean CasProcessingFilter -->
116 <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
117 <property name="authenticationManager"><ref bean="authenticationManager"/></property>
118 <property name="authenticationFailureUrl"><value>/casfailed.jsp</value></property>
119 <property name="defaultTargetUrl"><value>/</value></property>
120 <property name="filterProcessesUrl"><value>/j_spring_cas_security_check</value></property>
123 <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
124 <property name="providers">
127 <!-- Ajout des Providers (dans l'ordre) -->
129 <ref bean="casAuthenticationProvider1" />
130 <ref bean="casAuthenticationProvider2"/>
132 <ref local="anonymousAuthenticationProvider"/>
138 <!-- Bean anonymousProcessingFilter -->
140 <bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
141 <property name="key"><value>foobar</value></property>
142 <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
145 <bean id="anonymousAuthenticationProvider" class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
146 <property name="key"><value>foobar</value></property>
150 <!-- Bean casProcessingFilterEntryPoint
152 Point d'entrée du systeme d'authentification MultiCas
154 * property 'loginUrl' : URL de la page de login pour le système MultiCas : http://server:port/EvalComp/login.jsp
155 * property 'responseUrl' : URL de la page de reponse pour le système MultiCas : http://server:port/EvalComp/response.jsp
156 * property 'loginUrls' : Urls des pages de login des differents serveurs CAS
157 * property 'logoutUrls' : Urls des pages de logout des differents serveurs CAS
158 * property 'loginFormUrl' : Url de la page de presentation des Serveurs CAS pour le système MultiCas
162 <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.util.MultiCasProcessingFilterEntryPoint">
163 <property name="loginUrl"><value>http://tice-a85.univ-savoie.fr:8080/EvalComp/login.jsp</value></property>
164 <property name="responseUrl"><value>http://tice-a85.univ-savoie.fr:8080/EvalComp/response.jsp</value></property>
165 <property name="loginUrls">
167 <value>https://tice-a85.univ-savoie.fr:8443/cas/login</value>
168 <value>https://tice-a85.univ-savoie.fr:8443/cas2/login</value>
171 <property name="logoutUrls">
173 <value>https://tice-a85.univ-savoie.fr:8443/cas/logout</value>
174 <value>https://tice-a85.univ-savoie.fr:8443/cas2/logout</value>
177 <property name="loginFormUrl"><value>http://tice-a85.univ-savoie.fr:8080/EvalComp/loginFormPage.jsp</value></property>
178 <property name="serviceProperties"><ref bean="serviceProperties"/></property>
183 <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
184 <property name="authenticationEntryPoint"><ref bean="casProcessingFilterEntryPoint"/></property>
188 <bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
190 <bean id="runAsManager" class="org.springframework.security.runas.RunAsManagerImpl">
191 <property name="key"><value>my_run_as_password</value></property>
194 <bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
196 <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
197 <property name="allowIfAllAbstainDecisions"><value>false</value></property>
198 <property name="decisionVoters">
200 <ref bean="roleVoter"/>
201 <bean class="org.springframework.security.vote.AuthenticatedVoter"/>
208 Définition des règles de securité selon les roles
212 <bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
213 <property name="authenticationManager"><ref bean="authenticationManager"/></property>
214 <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
215 <property name="runAsManager"><ref bean="runAsManager"/></property>
216 <property name="objectDefinitionSource">
218 PATTERN_TYPE_APACHE_ANT
219 /EvalCompInst.jsp=ROLE_MANAGER
220 /EvalCompPeda.jsp=ROLE_PEDA
221 /EvalCompTech.jsp=ROLE_TECH
222 /EvalComp.jsp=ROLE_USER
223 /Preferences.jsp=ROLE_USER
224 /exportvalidation.jsp=ROLE_SCO
225 /Ressource.jsp=ROLE_USER
226 /hibernate4gwt/**=ROLE_USER
227 /uploadWSFile/**=ROLE_USER
228 /logout.jsp=ROLE_USER
229 /response.jsp=ROLE_USER
230 /loginFormPage.jsp=ROLE_ANONYMOUS
231 /login.jsp=ROLE_ANONYMOUS
232 /logoutMultiCas.jsp=ROLE_ANONYMOUS,ROLE_USER