--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:sec="http://www.springframework.org/schema/security"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
+
+
+
+<bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+ <property name="loginFormUrl"><value>/login.jsp</value></property>
+ <property name="forceHttps"><value>false</value></property>
+ </bean>
+
+
+
+<bean id="placeholderConfig4"
+ class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+ <property name="locations">
+ <list>
+ <value>WEB-INF/cas.properties</value>
+ <value>WEB-INF/context-ldap.properties</value>
+ </list>
+ </property>
+ <property name="ignoreUnresolvablePlaceholders" value="true"/>
+ </bean>
+
+<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource" >
+ <description>ContextSource of the LDAP server and common connexion.</description>
+ <property name="urls" value="${urls}" />
+ <property name="userDn" value="${rootDN}" />
+ <property name="password" value="${password}" />
+ <property name="base" value="${base}" />
+ <property name="dirObjectFactory" value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
+ </bean>
+
+ <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
+ <description>LDAPTemplate spring bean.</description>
+ <constructor-arg ref="contextSource" />
+ </bean>
+
+
+
+<bean id="ldapDAO" class="com.pentila.jackrabbit.auth.LdapDAO">
+<property name="ldapTemplate"><ref local="ldapTemplate" /></property>
+<property name="attrLogin" value="${attrLogin}" />
+<property name="attrId" value="${attrId}" />
+<property name="branchPeople" value="${userbase}" />
+<property name="additionalFilter" value="${additionalFilter}"/>
+</bean>
+
+
+<bean id="userService" class="com.pentila.jackrabbit.auth.CasAuth">
+<constructor-arg index="0" value="ROLE_MEMBER" />
+
+<property name="ldapDAO"><ref local="ldapDAO" /></property>
+
+</bean>
+
+<bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
+ <property name="service"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/j_spring_cas_security_check</value></property>
+ <property name="sendRenew"><value>false</value></property>
+</bean>
+
+<!-- Provider 1 -->
+
+
+<bean id="casAuthenticationProvider1" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
+ <property name="userDetailsService"><ref bean="userService"/></property>
+
+ <property name="serviceProperties" ref="serviceProperties" />
+ <property name="ticketValidator">
+ <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
+ <constructor-arg index="0" value="https://tice-a85.univ-savoie.fr:8443/cas" />
+ <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
+ <property name="proxyCallbackUrl" value="https://tice-a85.univ-savoie.fr:8443/jackrabbit-webapp-1.4/receptor" />
+ </bean>
+ </property>
+
+ <property name="key"><value>my_password_for_this_auth_provider_only</value></property>
+</bean>
+
+<bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
+
+
+
+
+<!-- END 1 -->
+
+
+
+
+<!-- Provider 2 -->
+
+<bean id="casAuthenticationProvider2" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
+ <property name="userDetailsService"><ref bean="userService"/></property>
+
+ <property name="serviceProperties" ref="serviceProperties" />
+ <property name="ticketValidator">
+ <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
+ <constructor-arg index="0" value="https://tice-a85.univ-savoie.fr:8443/cas2" />
+ <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
+ <property name="proxyCallbackUrl" value="https://tice-a85.univ-savoie.fr:8443/jackrabbit-webapp-1.4/receptor" />
+ </bean>
+ </property>
+ <property name="key"><value>my_password_for_this_auth_provider_only</value></property>
+</bean>
+
+
+
+
+
+<!-- END 2 -->
+
+
+
+
+
+
+ <!-- ======================== FILTER CHAIN =======================
+ ACLs later: requestMethodsFilter
+ Not in 1.0-RC1: exceptionTranslationFilter,
+ Later: ,rememberMeProcessingFilter
+ /**=httpSessionContextIntegrationFilter,casProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
+ Web services currently can't use the filter chain because Axis instantiates
+ the web service handler classes, not Spring. However, we can do the context integration
+ filter, which associates a security context with the http session, and call
+ into the Acegi beans from the service handler
+ -->
+ <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
+ <property name="filterInvocationDefinitionSource">
+ <value>
+ CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+ PATTERN_TYPE_APACHE_ANT
+ /**=httpSessionContextIntegrationFilter,casProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
+ </value>
+ </property>
+ </bean>
+
+
+
+<bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
+ <property name="authenticationManager"><ref bean="authenticationManager"/></property>
+ <property name="authenticationFailureUrl"><value>/casfailed.jsp</value></property>
+ <property name="defaultTargetUrl"><value>/</value></property>
+ <property name="filterProcessesUrl"><value>/j_spring_cas_security_check</value></property>
+</bean>
+
+ <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
+ <property name="providers">
+ <list>
+
+ <ref bean="casAuthenticationProvider1" />
+ <ref bean="casAuthenticationProvider2"/>
+ <ref local="anonymousAuthenticationProvider"/>
+
+ </list>
+ </property>
+ </bean>
+
+ <bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
+ <property name="key"><value>foobar</value></property>
+ <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
+ </bean>
+
+ <bean id="anonymousAuthenticationProvider" class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
+ <property name="key"><value>foobar</value></property>
+ </bean>
+
+<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.util.MultiCasProcessingFilterEntryPoint">
+ <property name="loginUrl"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/login.jsp</value></property>
+ <property name="responseUrl"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/response.jsp</value></property>
+ <property name="loginUrls">
+ <list>
+ <value>https://tice-a85.univ-savoie.fr:8443/cas/login</value>
+ <value>https://tice-a85.univ-savoie.fr:8443/cas2/login</value>
+ </list>
+ </property>
+ <property name="logoutUrls">
+ <list>
+ <value>https://tice-a85.univ-savoie.fr:8443/cas/logout</value>
+ <value>https://tice-a85.univ-savoie.fr:8443/cas2/logout</value>
+ </list>
+ </property>
+ <property name="loginFormUrl"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/loginFormPage.jsp</value></property>
+ <property name="serviceProperties"><ref bean="serviceProperties"/></property>
+
+</bean>
+
+
+<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
+ <property name="authenticationEntryPoint"><ref bean="casProcessingFilterEntryPoint"/></property>
+ </bean>
+
+<!--
+<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
+ <property name="authenticationEntryPoint"><ref bean="authenticationProcessingFilterEntryPoint"/></property>
+ </bean>
+-->
+
+<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
+
+<bean id="runAsManager" class="org.springframework.security.runas.RunAsManagerImpl">
+ <property name="key"><value>my_run_as_password</value></property>
+ </bean>
+
+ <bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
+
+ <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
+ <property name="allowIfAllAbstainDecisions"><value>false</value></property>
+ <property name="decisionVoters">
+ <list>
+ <ref bean="roleVoter"/>
+ <bean class="org.springframework.security.vote.AuthenticatedVoter"/>
+ </list>
+ </property>
+ </bean>
+
+
+<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
+ <property name="authenticationManager"><ref bean="authenticationManager"/></property>
+ <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
+ <property name="runAsManager"><ref bean="runAsManager"/></property>
+ <property name="objectDefinitionSource">
+ <value>
+ PATTERN_TYPE_APACHE_ANT
+ /logout.jsp=ROLE_MEMBER
+ /response.jsp=ROLE_MEMBER
+ /loginFormPage.jsp=ROLE_ANONYMOUS
+ /login.jsp=ROLE_ANONYMOUS
+ /logoutMultiCas.jsp=ROLE_ANONYMOUS,ROLE_MEMBER
+ /**=ROLE_MEMBER
+ </value>
+ </property>
+ </bean>
+
+
+
+</beans>