1 <?xml version="1.0" encoding="UTF-8"?>
2 <beans xmlns="http://www.springframework.org/schema/beans"
3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:sec="http://www.springframework.org/schema/security"
5 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
6 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
10 Lecture des fichiers de properties
14 <bean id="placeholderConfig4"
15 class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
16 <property name="locations">
18 <value>WEB-INF/cas.properties</value>
19 <value>WEB-INF/context-ldap.properties</value>
22 <property name="ignoreUnresolvablePlaceholders" value="true"/>
25 <!-- Bean de configuration du connecteur LDAP -->
27 <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource" >
28 <description>ContextSource of the LDAP server and common connexion.</description>
29 <property name="urls" value="${urls}" />
30 <property name="userDn" value="${rootDN}" />
31 <property name="password" value="${password}" />
32 <property name="base" value="${base}" />
33 <property name="dirObjectFactory" value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
36 <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
37 <description>LDAPTemplate spring bean.</description>
38 <constructor-arg ref="contextSource" />
42 <bean id="ldapDAO" class="com.pentila.jackrabbit.auth.LdapDAO">
43 <property name="ldapTemplate"><ref local="ldapTemplate" /></property>
44 <property name="attrLogin" value="${attrLogin}" />
45 <property name="attrId" value="${attrId}" />
46 <property name="branchPeople" value="${userbase}" />
47 <property name="additionalFilter" value="${additionalFilter}"/>
50 <!-- Bean servant à la reprensentation des utilisateurs / roles -->
52 <bean id="userService" class="com.pentila.jackrabbit.auth.CasAuth">
53 <constructor-arg index="0" value="ROLE_MEMBER" />
55 <property name="ldapDAO"><ref local="ldapDAO" /></property>
59 <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
60 <property name="service"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/j_spring_cas_security_check</value></property>
61 <property name="sendRenew"><value>false</value></property>
64 <!-- Provider d'authentification 1 (Etablissement) -->
66 <bean id="casAuthenticationProvider1" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
67 <property name="userDetailsService"><ref bean="userService"/></property>
69 <property name="serviceProperties" ref="serviceProperties" />
70 <property name="ticketValidator">
71 <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
73 <!-- URL du CAS 1 (etablissement) -->
75 <constructor-arg index="0" value="https://tice-a85.univ-savoie.fr:8443/cas" />
76 <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
79 * property 'proxyCallbackUrl' : https://server:port/jackrabbit-webapp-1.4/receptor
82 <property name="proxyCallbackUrl" value="https://tice-a85.univ-savoie.fr:8443/jackrabbit-webapp-1.4/receptor" />
86 <property name="key"><value>my_password_for_this_auth_provider_only</value></property>
89 <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
95 <bean id="casAuthenticationProvider2" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
96 <property name="userDetailsService"><ref bean="userService"/></property>
98 <property name="serviceProperties" ref="serviceProperties" />
99 <property name="ticketValidator">
100 <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
102 <!-- URL du CAS 2 (EmaEval) -->
104 <constructor-arg index="0" value="https://tice-a85.univ-savoie.fr:8443/cas2" />
105 <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
108 * property 'proxyCallbackUrl' : https://server:port/jackrabbit-webapp-1.4/receptor
111 <property name="proxyCallbackUrl" value="https://tice-a85.univ-savoie.fr:8443/jackrabbit-webapp-1.4/receptor" />
114 <property name="key"><value>my_password_for_this_auth_provider_only</value></property>
120 ======================== FILTER CHAIN =======================
122 <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
123 <property name="filterInvocationDefinitionSource">
125 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
126 PATTERN_TYPE_APACHE_ANT
127 /**=httpSessionContextIntegrationFilter,casProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
132 <!-- Bean CasProcessingFilter -->
134 <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
135 <property name="authenticationManager"><ref bean="authenticationManager"/></property>
136 <property name="authenticationFailureUrl"><value>/casfailed.jsp</value></property>
137 <property name="defaultTargetUrl"><value>/</value></property>
138 <property name="filterProcessesUrl"><value>/j_spring_cas_security_check</value></property>
141 <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
142 <property name="providers">
145 <!-- Ajout des Providers (dans l'ordre) -->
147 <ref bean="casAuthenticationProvider1" />
148 <ref bean="casAuthenticationProvider2"/>
149 <ref local="anonymousAuthenticationProvider"/>
155 <!-- Bean anonymousProcessingFilter -->
157 <bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
158 <property name="key"><value>foobar</value></property>
159 <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
162 <bean id="anonymousAuthenticationProvider" class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
163 <property name="key"><value>foobar</value></property>
167 <!-- Bean casProcessingFilterEntryPoint
169 Point d'entrée du systeme d'authentification MultiCas
171 * property 'loginUrl' : URL de la page de login pour le système MultiCas : http://server:port/jackrabbit-webapp-1.4/login.jsp
172 * property 'responseUrl' : URL de la page de reponse pour le système MultiCas : http://server:port/jackrabbit-webapp-1.4/response.jsp
173 * property 'loginUrls' : Urls des pages de login des differents serveurs CAS
174 * property 'logoutUrls' : Urls des pages de logout des differents serveurs CAS
175 * property 'loginFormUrl' : Url de la page de presentation des Serveurs CAS pour le système MultiCas
179 <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.util.MultiCasProcessingFilterEntryPoint">
180 <property name="loginUrl"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/login.jsp</value></property>
181 <property name="responseUrl"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/response.jsp</value></property>
182 <property name="loginUrls">
184 <value>https://tice-a85.univ-savoie.fr:8443/cas/login</value>
185 <value>https://tice-a85.univ-savoie.fr:8443/cas2/login</value>
188 <property name="logoutUrls">
190 <value>https://tice-a85.univ-savoie.fr:8443/cas/logout</value>
191 <value>https://tice-a85.univ-savoie.fr:8443/cas2/logout</value>
194 <property name="loginFormUrl"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/loginFormPage.jsp</value></property>
195 <property name="serviceProperties"><ref bean="serviceProperties"/></property>
200 <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
201 <property name="authenticationEntryPoint"><ref bean="casProcessingFilterEntryPoint"/></property>
204 <bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
206 <bean id="runAsManager" class="org.springframework.security.runas.RunAsManagerImpl">
207 <property name="key"><value>my_run_as_password</value></property>
210 <bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
212 <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
213 <property name="allowIfAllAbstainDecisions"><value>false</value></property>
214 <property name="decisionVoters">
216 <ref bean="roleVoter"/>
217 <bean class="org.springframework.security.vote.AuthenticatedVoter"/>
224 Définition des règles de securité selon les roles
228 <bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
229 <property name="authenticationManager"><ref bean="authenticationManager"/></property>
230 <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
231 <property name="runAsManager"><ref bean="runAsManager"/></property>
232 <property name="objectDefinitionSource">
234 PATTERN_TYPE_APACHE_ANT
235 /logout.jsp=ROLE_MEMBER
236 /response.jsp=ROLE_MEMBER
237 /loginFormPage.jsp=ROLE_ANONYMOUS
238 /login.jsp=ROLE_ANONYMOUS
239 /logoutMultiCas.jsp=ROLE_ANONYMOUS,ROLE_MEMBER