--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+* Copyright Igor Barma, Eric Brun, Alexandre Desoubeaux, Christian Martel,
+* (2 décembre 2008)
+*
+* Ce logiciel est un programme informatique servant à l'évaluation des
+* compétences.
+*
+* Ce logiciel est régi par la licence CeCILL soumise au droit français et
+* respectant les principes de diffusion des logiciels libres. Vous pouvez
+* utiliser, modifier et/ou redistribuer ce programme sous les conditions
+* de la licence CeCILL telle que diffusée par le CEA, le CNRS et l'INRIA
+* sur le site "http://www.cecill.info".
+*
+* En contrepartie de l'accessibilité au code source et des droits de copie,
+* de modification et de redistribution accordés par cette licence, il n'est
+* offert aux utilisateurs qu'une garantie limitée. Pour les mêmes raisons,
+* seule une responsabilité restreinte pèse sur l'auteur du programme, le
+* titulaire des droits patrimoniaux et les concédants successifs.
+*
+* A cet égard l'attention de l'utilisateur est attirée sur les risques
+* associés au chargement, à l'utilisation, à la modification et/ou au
+* développement et à la reproduction du logiciel par l'utilisateur étant
+* donné sa spécificité de logiciel libre, qui peut le rendre complexe à
+* manipuler et qui le réserve donc à des développeurs et des professionnels
+* avertis possédant des connaissances informatiques approfondies. Les
+* utilisateurs sont donc invités à charger et tester l'adéquation du
+* logiciel à leurs besoins dans des conditions permettant d'assurer la
+* sécurité de leurs systèmes et ou de leurs données et, plus généralement,
+* à l'utiliser et l'exploiter dans les mêmes conditions de sécurité.
+*
+* Le fait que vous puissiez accéder à cet en-tête signifie que vous avez
+* pris connaissance de la licence CeCILL, et que vous en avez accepté les
+* termes.
+-->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
+
+ <!-- <sec:http entry-point-ref="casProcessingFilterEntryPoint">
+ <sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"
+ requires-channel="https"/>
+
+ <sec:intercept-url pattern="/EvalCompInst.jsp"
+ access="ROLE_MANAGER" />
+ <sec:intercept-url pattern="/EvalCompPeda.jsp"
+ access="ROLE_PEDA" />
+ <sec:intercept-url pattern="/EvalCompTech.jsp"
+ access="ROLE_TECH" />
+ <sec:intercept-url pattern="/EvalComp.jsp" access="ROLE_USER" />
+ <sec:intercept-url pattern="/Preferences.jsp"
+ access="ROLE_USER" />
+ <sec:intercept-url pattern="/exportvalidation.jsp"
+ access="ROLE_SCO,ROLE_OBSERVER" />
+ <sec:intercept-url pattern="/previewExport.jsp"
+ access="ROLE_PJURY,ROLE_MANAGER" />
+ <sec:intercept-url pattern="/Ressource.jsp" access="ROLE_USER" />
+ <sec:intercept-url pattern="/hibernate4gwt/**"
+ access="ROLE_USER" />
+ <sec:intercept-url pattern="/uploadWSFile/**"
+ access="ROLE_USER" />
+ <sec:intercept-url pattern="/logout.jsp" access="ROLE_USER" />
+ <sec:intercept-url pattern="/receptor" access="ROLE_ANONYMOUS" />
+ <sec:intercept-url pattern="/**"
+ access="ROLE_MANAGER" />
+
+ <sec:logout logout-success-url="/cas-logout.jsp"/>
+ <sec:custom-filter ref="casProcessingFilter" after="CAS_FILTER" />
+ </sec:http>
+ -->
+
+<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy" >
+ <sec:filter-chain-map path-type="ant">
+
+ <!--<sec:filter-chain pattern="/do/not/filter" filters="none"/>-->
+ <!-- <sec:filter-chain pattern="/evaluationdefinitions/**" filters="none" /> -->
+
+ <!--<sec:filter-chain pattern="/receptor" filters="httpSessionContextIntegrationFilter,anonymousProcessingFilter,filterInvocationInterceptor" />-->
+ <sec:filter-chain pattern="/webservices/**" filters="httpSessionContextIntegrationFilter,basicProcessingFilter,basicAuthExceptionTranslationFilter,filterInvocationInterceptor" />
+ <sec:filter-chain pattern="/login/**" filters="none"/>
+ <sec:filter-chain pattern="/**" filters="httpSessionContextIntegrationFilter,usernamePasswordProcessingFilter,casProcessingFilter,CasExceptionTranslationFilter,filterInvocationInterceptor" />
+ </sec:filter-chain-map>
+
+</bean>
+
+<bean id="filterInvocationInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
+ <property name="authenticationManager"><ref bean="authenticationManager"/></property>
+ <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
+ <property name="runAsManager"><ref bean="runAsManager"/></property>
+ <property name="securityMetadataSource">
+ <sec:filter-security-metadata-source>
+ <sec:intercept-url pattern="/EvalCompInst.jsp"
+ access="ROLE_MANAGER" />
+ <sec:intercept-url pattern="/EvalCompPeda.jsp"
+ access="ROLE_PEDA" />
+ <sec:intercept-url pattern="/EvalCompTech.jsp"
+ access="ROLE_TECH" />
+ <sec:intercept-url pattern="/EvalComp.jsp" access="ROLE_USER" />
+ <sec:intercept-url pattern="/Preferences.jsp"
+ access="ROLE_USER" />
+ <sec:intercept-url pattern="/exportvalidation.jsp"
+ access="ROLE_SCO,ROLE_OBSERVER" />
+ <sec:intercept-url pattern="/previewExport.jsp"
+ access="ROLE_PJURY,ROLE_MANAGER" />
+ <sec:intercept-url pattern="/Ressource.jsp" access="ROLE_USER" />
+ <sec:intercept-url pattern="/hibernate4gwt/**"
+ access="ROLE_USER" />
+ <sec:intercept-url pattern="/uploadWSFile/**"
+ access="ROLE_USER" />
+ <sec:intercept-url pattern="/examenServlet/**"
+ access="ROLE_USER" />
+ <sec:intercept-url pattern="/logout.jsp" access="ROLE_USER" />
+ <sec:intercept-url pattern="/getFile.jsp" access="ROLE_ANONYMOUS,ROLE_USER" />
+ <sec:intercept-url pattern="/receptor" access="ROLE_ANONYMOUS" />
+ <sec:intercept-url pattern="/login/**" access="ROLE_ANONYMOUS" />
+ <sec:intercept-url pattern="/webservices/**" access="ROLE_USER"/>
+
+<sec:intercept-url pattern="/**"
+ access="ROLE_MANAGER" />
+
+ </sec:filter-security-metadata-source>
+ </property>
+</bean>
+
+<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
+
+<!-- <property name="forceEagerSessionCreation"><value>true</value></property> -->
+</bean>
+<bean id="runAsManager" class="org.springframework.security.access.intercept.RunAsManagerImpl">
+ <property name="key"><value>my_run_as_password</value></property>
+</bean>
+
+<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/>
+
+<bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
+ <property name="allowIfAllAbstainDecisions"><value>false</value></property>
+ <property name="decisionVoters">
+ <list>
+ <ref bean="roleVoter"/>
+ <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
+ </list>
+ </property>
+</bean>
+
+ <bean id="CasExceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
+
+ <property name="authenticationEntryPoint"><ref bean="casProcessingFilterEntryPoint"/></property>
+ </bean>
+
+ <sec:authentication-manager alias="authenticationManager">
+
+ <sec:authentication-provider>
+ <sec:user-service>
+ <sec:user name="admin" password="echo" authorities="ROLE_USER,ROLE_TECH,ROLE_MANAGER" />
+ </sec:user-service>
+ </sec:authentication-provider>
+ <sec:authentication-provider ref="casAuthenticationProvider" />
+ <sec:authentication-provider ref="authentication-provider-ldap" />
+ <sec:authentication-provider ref="anonymousAuthenticationProvider" />
+ </sec:authentication-manager>
+
+ <bean id="casProcessingFilter"
+ class="org.springframework.security.cas.web.CasAuthenticationFilter">
+
+ <property name="authenticationManager" ref="authenticationManager" />
+
+ <!-- <property name="authenticationFailureUrl" value="/casfailed.jsp"/>
+ <property name="defaultTargetUrl" value="/"/> <property name="proxyGrantingTicketStorage"
+ ref="proxyGrantingTicketStorage" /> <property name="proxyReceptorUrl" value="/${WEBAPP_CONTAINER}/receptor"
+ /> -->
+ </bean>
+
+ <bean id="casProcessingFilterEntryPoint"
+ class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
+ <property name="loginUrl" value="https://${CAS_HOST}/cas/login" />
+ <property name="serviceProperties" ref="serviceProperties" />
+ <property name="encodeServiceUrlWithSessionId" value="false" />
+ </bean>
+
+
+<bean id="basicProcessingFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
+
+<property name="authenticationManager"><ref local="authenticationManager"/></property>
+ <!--<property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>-->
+ <property name="ignoreFailure"><value>true</value></property>
+ </bean>
+
+ <bean id="basicAuthExceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
+ <property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
+ </bean>
+
+ <bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
+ <property name="realmName"><value>Demo</value></property>
+ </bean>
+
+<bean id="usernamePasswordProcessingFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
+ <property name="authenticationManager"><ref local="authenticationManager"/></property>
+</bean>
+
+
+ <bean id="serviceTicketValidator"
+ class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
+ <constructor-arg index="0" value="https://${CAS_HOST}/cas" />
+ <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
+ <property name="proxyCallbackUrl"
+ value="https://${SERVICE_HOST}/receptor" />
+ <property name="proxyRetriever">
+ <bean class="org.jasig.cas.client.proxy.Cas20ProxyRetriever">
+ <constructor-arg index="0" value="https://${CAS_HOST}/cas" />
+
+ </bean>
+ </property>
+ </bean>
+
+ <bean id="casAuthenticationProvider"
+ class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
+
+ <property name="userDetailsService" ref="userService" />
+ <property name="serviceProperties" ref="serviceProperties" />
+ <property name="ticketValidator" ref="serviceTicketValidator" />
+
+ <property name="key" value="an_id_for_this_auth_provider_only" />
+ </bean>
+
+
+ <bean id="proxyTicketReceptor"
+ class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter">
+
+ <property name="proxyReceptorUrl" value="/receptor" />
+ <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
+ </bean>
+
+
+
+ <bean id="proxyGrantingTicketStorage"
+ class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
+
+ <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
+ <property name="service"
+ value="https://${SERVICE_HOST}/${WEBAPP_CONTAINER}/j_spring_cas_security_check" />
+ <property name="sendRenew" value="false" />
+ </bean>
+
+ <bean id="userService" class="com.pentila.evalcomp.ldap.MyUserDetailsService">
+ <property name="ldapDAO">
+ <ref bean="ldapTarget" />
+ </property>
+ <property name="entityManager">
+ <ref bean="entityManager" />
+ </property>
+ </bean>
+
+
+ <bean id="anonymousProcessingFilter"
+ class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
+ <property name="key">
+ <value>foobar</value>
+ </property>
+ <property name="userAttribute">
+ <value>anonymousUser,ROLE_ANONYMOUS</value>
+ </property>
+ </bean>
+
+ <bean id="anonymousAuthenticationProvider"
+ class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
+ <property name="key">
+ <value>foobar</value>
+ </property>
+ </bean>
+
+
+
+
+ <sec:ldap-server id="ok_ldap" url="${urls}/${base}"
+ manager-dn="${rootDN}" manager-password="${password}" />
+
+
+<bean id="authentication-provider-ldap"
+ class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
+
+ <constructor-arg>
+ <bean
+ class="org.springframework.security.ldap.authentication.BindAuthenticator">
+ <constructor-arg ref="ok_ldap" />
+ <property name="userDnPatterns">
+ <list>
+ <value>${loginAttr}={0},ou=People</value>
+ </list>
+ </property>
+ </bean>
+ </constructor-arg>
+ <constructor-arg>
+ <bean class="com.pentila.evalcomp.ldap.MyLdapAuthoritiesPopulator">
+ <property name="userDetailService">
+ <ref bean="userService" />
+ </property>
+ </bean>
+ </constructor-arg>
+ <property name="userDetailsContextMapper">
+ <bean class="com.pentila.evalcomp.ldap.MyUserDetailsContextMapper">
+ <constructor-arg ref="userService" />
+ </bean>
+ </property>
+ </bean>
+
+</beans>