1 <?xml version="1.0" encoding="UTF-8"?>
2 <beans xmlns="http://www.springframework.org/schema/beans"
3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:sec="http://www.springframework.org/schema/security"
5 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
6 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
10 <bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
11 <property name="loginFormUrl"><value>/login.jsp</value></property>
12 <property name="forceHttps"><value>false</value></property>
17 <bean id="placeholderConfig4"
18 class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
19 <property name="locations">
21 <value>WEB-INF/cas.properties</value>
22 <value>WEB-INF/context-ldap.properties</value>
25 <property name="ignoreUnresolvablePlaceholders" value="true"/>
28 <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource" >
29 <description>ContextSource of the LDAP server and common connexion.</description>
30 <property name="urls" value="${urls}" />
31 <property name="userDn" value="${rootDN}" />
32 <property name="password" value="${password}" />
33 <property name="base" value="${base}" />
34 <property name="dirObjectFactory" value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
37 <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
38 <description>LDAPTemplate spring bean.</description>
39 <constructor-arg ref="contextSource" />
44 <bean id="ldapDAO" class="com.pentila.jackrabbit.auth.LdapDAO">
45 <property name="ldapTemplate"><ref local="ldapTemplate" /></property>
46 <property name="attrLogin" value="${attrLogin}" />
47 <property name="attrId" value="${attrId}" />
48 <property name="branchPeople" value="${userbase}" />
49 <property name="additionalFilter" value="${additionalFilter}"/>
53 <bean id="userService" class="com.pentila.jackrabbit.auth.CasAuth">
54 <constructor-arg index="0" value="ROLE_MEMBER" />
56 <property name="ldapDAO"><ref local="ldapDAO" /></property>
60 <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
61 <property name="service"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/j_spring_cas_security_check</value></property>
62 <property name="sendRenew"><value>false</value></property>
68 <bean id="casAuthenticationProvider1" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
69 <property name="userDetailsService"><ref bean="userService"/></property>
71 <property name="serviceProperties" ref="serviceProperties" />
72 <property name="ticketValidator">
73 <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
74 <constructor-arg index="0" value="https://tice-a85.univ-savoie.fr:8443/cas" />
75 <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
76 <property name="proxyCallbackUrl" value="https://tice-a85.univ-savoie.fr:8443/jackrabbit-webapp-1.4/receptor" />
80 <property name="key"><value>my_password_for_this_auth_provider_only</value></property>
83 <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
95 <bean id="casAuthenticationProvider2" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
96 <property name="userDetailsService"><ref bean="userService"/></property>
98 <property name="serviceProperties" ref="serviceProperties" />
99 <property name="ticketValidator">
100 <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
101 <constructor-arg index="0" value="https://tice-a85.univ-savoie.fr:8443/cas2" />
102 <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
103 <property name="proxyCallbackUrl" value="https://tice-a85.univ-savoie.fr:8443/jackrabbit-webapp-1.4/receptor" />
106 <property name="key"><value>my_password_for_this_auth_provider_only</value></property>
120 <!-- ======================== FILTER CHAIN =======================
121 ACLs later: requestMethodsFilter
122 Not in 1.0-RC1: exceptionTranslationFilter,
123 Later: ,rememberMeProcessingFilter
124 /**=httpSessionContextIntegrationFilter,casProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
125 Web services currently can't use the filter chain because Axis instantiates
126 the web service handler classes, not Spring. However, we can do the context integration
127 filter, which associates a security context with the http session, and call
128 into the Acegi beans from the service handler
130 <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
131 <property name="filterInvocationDefinitionSource">
133 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
134 PATTERN_TYPE_APACHE_ANT
135 /**=httpSessionContextIntegrationFilter,casProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
142 <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
143 <property name="authenticationManager"><ref bean="authenticationManager"/></property>
144 <property name="authenticationFailureUrl"><value>/casfailed.jsp</value></property>
145 <property name="defaultTargetUrl"><value>/</value></property>
146 <property name="filterProcessesUrl"><value>/j_spring_cas_security_check</value></property>
149 <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
150 <property name="providers">
153 <ref bean="casAuthenticationProvider1" />
154 <ref bean="casAuthenticationProvider2"/>
155 <ref local="anonymousAuthenticationProvider"/>
161 <bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
162 <property name="key"><value>foobar</value></property>
163 <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
166 <bean id="anonymousAuthenticationProvider" class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
167 <property name="key"><value>foobar</value></property>
170 <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.util.MultiCasProcessingFilterEntryPoint">
171 <property name="loginUrl"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/login.jsp</value></property>
172 <property name="responseUrl"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/response.jsp</value></property>
173 <property name="loginUrls">
175 <value>https://tice-a85.univ-savoie.fr:8443/cas/login</value>
176 <value>https://tice-a85.univ-savoie.fr:8443/cas2/login</value>
179 <property name="logoutUrls">
181 <value>https://tice-a85.univ-savoie.fr:8443/cas/logout</value>
182 <value>https://tice-a85.univ-savoie.fr:8443/cas2/logout</value>
185 <property name="loginFormUrl"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/loginFormPage.jsp</value></property>
186 <property name="serviceProperties"><ref bean="serviceProperties"/></property>
191 <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
192 <property name="authenticationEntryPoint"><ref bean="casProcessingFilterEntryPoint"/></property>
196 <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
197 <property name="authenticationEntryPoint"><ref bean="authenticationProcessingFilterEntryPoint"/></property>
201 <bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
203 <bean id="runAsManager" class="org.springframework.security.runas.RunAsManagerImpl">
204 <property name="key"><value>my_run_as_password</value></property>
207 <bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
209 <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
210 <property name="allowIfAllAbstainDecisions"><value>false</value></property>
211 <property name="decisionVoters">
213 <ref bean="roleVoter"/>
214 <bean class="org.springframework.security.vote.AuthenticatedVoter"/>
220 <bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
221 <property name="authenticationManager"><ref bean="authenticationManager"/></property>
222 <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
223 <property name="runAsManager"><ref bean="runAsManager"/></property>
224 <property name="objectDefinitionSource">
226 PATTERN_TYPE_APACHE_ANT
227 /logout.jsp=ROLE_MEMBER
228 /response.jsp=ROLE_MEMBER
229 /loginFormPage.jsp=ROLE_ANONYMOUS
230 /login.jsp=ROLE_ANONYMOUS
231 /logoutMultiCas.jsp=ROLE_ANONYMOUS,ROLE_MEMBER