--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:sec="http://www.springframework.org/schema/security"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
+
+
+<bean id="placeholderConfig4"
+ class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+ <property name="locations">
+ <list>
+ <value>WEB-INF/cas.properties</value>
+ <value>WEB-INF/context-ldap.properties</value>
+ </list>
+ </property>
+ <property name="ignoreUnresolvablePlaceholders" value="true"/>
+ </bean>
+
+
+
+ <bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy" >
+ <sec:filter-chain-map path-type="ant">
+ <sec:filter-chain pattern="/server/**" filters="none"/>
+ <sec:filter-chain pattern="/**" filters="httpSessionContextIntegrationFilter,basicProcessingFilter,casProcessingFilter,anonymousProcessingFilter,CasExceptionTranslationFilter,filterInvocationInterceptor"/>
+ </sec:filter-chain-map>
+ </bean>
+
+
+<bean id="anonymousProcessingFilter" class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
+ <property name="key"><value>foobar</value></property>
+ <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
+ </bean>
+
+ <bean id="anonymousAuthenticationProvider" class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
+ <property name="key"><value>foobar</value></property>
+ </bean>
+
+<bean id="basicProcessingFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
+ <property name="authenticationManager"><ref local="authenticationManager"/></property>
+ <property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
+ </bean>
+
+ <bean id="basicAuthExceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
+ <property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
+ </bean>
+
+ <bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
+ <property name="realmName"><value>Protected Area</value></property>
+ </bean>
+
+ <bean id="CasExceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
+
+ <property name="authenticationEntryPoint"><ref bean="casProcessingFilterEntryPoint"/></property>
+ </bean>
+
+<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
+
+<bean id="runAsManager" class="org.springframework.security.access.intercept.RunAsManagerImpl">
+ <property name="key"><value>my_run_as_password</value></property>
+ </bean>
+
+
+<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/>
+
+<bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
+ <property name="allowIfAllAbstainDecisions"><value>false</value></property>
+ <property name="decisionVoters">
+ <list>
+ <ref bean="roleVoter"/>
+ <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
+ </list>
+ </property>
+ </bean>
+
+
+
+
+<bean id="filterInvocationInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
+ <property name="authenticationManager"><ref bean="authenticationManager"/></property>
+ <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
+ <property name="runAsManager"><ref bean="runAsManager"/></property>
+<property name="securityMetadataSource">
+ <sec:filter-security-metadata-source>
+ <sec:intercept-url pattern="/repository/**" access="ROLE_MEMBER"/>
+ </sec:filter-security-metadata-source>
+ </property>
+
+
+ </bean>
+
+
+
+
+
+<!--
+ <sec:http entry-point-ref="casProcessingFilterEntryPoint">
+
+ <sec:intercept-url pattern="/repository/**" access="ROLE_MEMBER" />
+ <sec:logout logout-success-url="/cas-logout.jsp"/>
+ <sec:custom-filter ref="casProcessingFilter" after="CAS_FILTER"/>
+ </sec:http>
+-->
+
+
+ <sec:authentication-manager alias="authenticationManager">
+ <sec:authentication-provider ref="ldapAuthProvider" />
+ <sec:authentication-provider ref="casAuthenticationProvider" />
+ </sec:authentication-manager>
+
+ <bean id="casProcessingFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
+ <property name="authenticationManager" ref="authenticationManager"/>
+
+ <!--<property name="authenticationFailureUrl" value="/casfailed.jsp"/>
+ <property name="defaultTargetUrl" value="/"/>
+ --><!--<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
+ <property name="proxyReceptorUrl" value="/${WEBAPP_CONTAINER}/receptor" />
+-->
+ </bean>
+
+ <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
+ <property name="loginUrl" value="https://${CAS_HOST}/cas/login"/>
+ <property name="encodeServiceUrlWithSessionId" value="false"/>
+ <property name="serviceProperties" ref="serviceProperties"/>
+
+ </bean>
+
+ <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
+ <property name="userDetailsService" ref="userService"/>
+ <property name="serviceProperties" ref="serviceProperties" />
+ <property name="ticketValidator">
+ <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
+ <constructor-arg index="0" value="https://${CAS_HOST}/cas" />
+ <!--<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
+ <property name="proxyCallbackUrl" value="https://${SERVICE_HOST}/${WEBAPP_CONTAINER}/receptor" /> -->
+
+</bean>
+ </property>
+
+ <property name="key" value="an_id_for_this_auth_provider_only"/>
+ </bean>
+
+ <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
+
+ <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
+ <property name="service" value="https://${SERVICE_HOST}/${WEBAPP_CONTAINER}/j_spring_cas_security_check"/>
+ <property name="sendRenew" value="false"/>
+ </bean>
+
+
+
+<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource" >
+ <description>ContextSource of the LDAP server and common connexion.</description>
+ <property name="urls" value="${urls}" />
+ <property name="userDn" value="${rootDN}" />
+ <property name="password" value="${password}" />
+ <property name="base" value="${base}" />
+ <property name="dirObjectFactory" value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
+ </bean>
+
+ <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
+ <description>LDAPTemplate spring bean.</description>
+ <constructor-arg ref="contextSource" />
+ </bean>
+
+
+
+<bean id="ldapDAO" class="com.pentila.jackrabbit.auth.LdapDAO">
+<property name="ldapTemplate"><ref local="ldapTemplate" /></property>
+<property name="attrLogin" value="${attrLogin}" />
+<property name="attrId" value="${attrId}" />
+<property name="branchPeople" value="${userbase}" />
+<property name="additionalFilter" value="${additionalFilter}"/>
+</bean>
+
+
+<bean id="userService" class="com.pentila.jackrabbit.auth.CasAuth">
+<constructor-arg index="0" value="ROLE_MEMBER" />
+<property name="ldapDAO"><ref local="ldapDAO" /></property>
+</bean>
+
+
+
+
+ <bean id="ldapAuthProvider"
+ class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
+ <constructor-arg>
+ <bean
+ class="org.springframework.security.ldap.authentication.BindAuthenticator">
+ <constructor-arg ref="contextSource" />
+ <property name="userDnPatterns">
+ <list>
+ <value>${attrLogin}={0},ou=People</value>
+ </list>
+ </property>
+ </bean>
+ </constructor-arg>
+ <constructor-arg>
+ <bean class="com.pentila.jackrabbit.auth.MyLdapAuthoritiesPopulator">
+ <property name="userDetailService">
+ <ref bean="userService" />
+ </property>
+ </bean>
+ </constructor-arg>
+</bean>
+
+<!--
+ <sec:ldap-server id="ok_ldap" url="ldap://193.48.120.93:389/" manager-dn="cn=Manager,dc=portfolio,dc=org" manager-password="superuser" />
+
+ <sec:ldap-user-service id="userService" server-ref="ok_ldap"
+ user-search-filter="uid={0}"
+ user-search-base="ou=people, dc=portfolio, dc=org"
+ group-search-filter="uniquemember={0}"
+ group-search-base="ou=groupes, dc=portfolio, dc=org"
+ role-prefix="ROLE_" />
+-->
+
+<!--
+<sec:user-service id="userService">
+<sec:user name="stagiaire1" password="vlad" authorities="system" />
+</sec:user-service>
+-->
+
+
+</beans>
+
--- /dev/null
+CAS_HOST=tice-a85.univ-savoie.fr\r
+SERVICE_HOST=tice-a85.univ-savoie.fr\r
+SERVICE_PORT=\r
+SERVICE_SPORT=8443\r
+WEBAPP_CONTAINER=jackrabbit-webapp-2.3.3\r
+CAS_PORT=\r
--- /dev/null
+#ldap server:port\r
+urls=ldap://193.48.120.85:389\r
+#login\r
+rootDN=cn=root,dc=lyon,dc=iufm,dc=fr\r
+password=iufm69\r
+base=dc=lyon,dc=iufm,dc=fr\r
+\r
+attrLogin=uid\r
+attrId=uid\r
+\r
+#ldap user attributes\r
+userbase=ou=People\r
+additionalFilter=(objectClass=person)\r
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
+<web-app>
+ <display-name>Jackrabbit JCR Server</display-name>
+
+<context-param>
+<param-name>webAppRootKey</param-name>
+<param-value>jack23</param-value>
+</context-param>
+
+<context-param>
+<param-name>contextConfigLocation</param-name>
+<param-value>/WEB-INF/applicationContext-cache.xml;
+ /WEB-INF/applicationContext-security.xml;
+</param-value>
+</context-param>
+<context-param>
+ <param-name>log4jConfigLocation</param-name>
+ <param-value>/WEB-INF/classes/log4j.properties</param-value>
+ </context-param>
+
+
+<filter>
+ <filter-name>springSecurityFilterChain</filter-name>
+ <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+ <init-param>
+ <param-name>targetBean</param-name>
+ <param-value>springSecurityFilterChain</param-value>
+ </init-param>
+ </filter>
+ <filter-mapping>
+ <filter-name>springSecurityFilterChain</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
+
+<filter>
+ <filter-name>Spring character encoding filter</filter-name>
+ <filter-class>org.springframework.web.filter.CharacterEncodingFilter
+ </filter-class>
+ <init-param>
+ <param-name>encoding</param-name>
+ <param-value>UTF-8</param-value>
+ </init-param>
+ <init-param>
+ <param-name>forceEncoding</param-name>
+ <param-value>true</param-value>
+ </init-param>
+ </filter>
+
+<filter-mapping>
+ <filter-name>Spring character encoding filter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+ <listener>
+ <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+ </listener>
+
+ <listener>
+ <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
+ </listener>
+
+
+
+
+<listener>
+ <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
+ </listener>
+
+
+
+ <listener>
+ <!-- Releases all Derby resources when the webapp is undeployed. -->
+ <!-- See https://issues.apache.org/jira/browse/JCR-1301 -->
+ <listener-class>
+ org.apache.jackrabbit.j2ee.DerbyShutdown
+ </listener-class>
+ </listener>
+
+ <!-- ====================================================================== -->
+ <!-- R E P O S I T O R Y S T A R T U P S E R V L E T -->
+ <!-- ====================================================================== -->
+ <servlet>
+ <servlet-name>RepositoryStartup</servlet-name>
+ <description>
+ Repository servlet that starts the repository and registers it to JNDI ans RMI.
+ If you already have the repository registered in this appservers JNDI context,
+ or if its accessible via RMI, you do not need to use this servlet.
+ </description>
+ <servlet-class>org.apache.jackrabbit.j2ee.RepositoryStartupServlet</servlet-class>
+
+ <init-param>
+ <param-name>bootstrap-config</param-name>
+ <param-value>jackrabbit/bootstrap.properties</param-value>
+ <description>
+ Property file that hold the same initialization properties than
+ the init-params below. If a parameter is specified in both
+ places the one in the bootstrap-config wins.
+ </description>
+ </init-param>
+
+ <!--
+ <init-param>
+ <param-name>repository-config</param-name>
+ <param-value>/WEB-INF/repository/repository.xml</param-value>
+ <description>the repository config location</description>
+ </init-param>
+
+ <init-param>
+ <param-name>repository-home</param-name>
+ <param-value>jackrabbit/repository</param-value>
+ <description>the repository home</description>
+ </init-param>
+
+ <init-param>
+ <param-name>repository-name</param-name>
+ <param-value>jackrabbit.repository</param-value>
+ <description>Repository Name under which the repository is registered via JNDI/RMI</description>
+ </init-param>
+ -->
+
+ <!--
+ the following 3 parameters deal with registering the repository to
+ a RMI registry. if all parameters are omitted, the repository will
+ not be registered.
+ -->
+ <!--
+ <init-param>
+ <param-name>rmi-port</param-name>
+ <param-value>0</param-value>
+ <description>
+ The RMI port for registering the repository in the RMI Registry.
+ If equals 0, the default port is used.
+ </description>
+ </init-param>
+ <init-param>
+ <param-name>rmi-host</param-name>
+ <param-value>localhost</param-value>
+ <description>
+ The RMI host for registering the repository in the RMI Registry.
+ If equals "" or missing, the default host is used.
+ </description>
+ </init-param>
+ <init-param>
+ <param-name>rmi-uri</param-name>
+ <param-value></param-value>
+ <description>
+ The RMI uri for registering the repository in the RMI Registry.
+ If missing, the uri is composed using the other rmi parameters
+ and will have the format: //{rmi-host}:{rmi-port}/{repository-name}
+ </description>
+ </init-param>
+ -->
+ <!--
+ JNDI environment variables for creating the initial context
+ (all init parameters starting with java.naming.* will be added to the initial context environment).
+ -->
+ <!--
+ <init-param>
+ <param-name>java.naming.provider.url</param-name>
+ <param-value>http://www.apache.org/jackrabbit</param-value>
+ </init-param>
+ <init-param>
+ <param-name>java.naming.factory.initial</param-name>
+ <param-value>org.apache.jackrabbit.core.jndi.provider.DummyInitialContextFactory</param-value>
+ </init-param>
+ -->
+ <load-on-startup>2</load-on-startup>
+ </servlet>
+
+
+ <!-- ====================================================================== -->
+ <!-- R E P O S I T O R Y S E R V L E T -->
+ <!-- ====================================================================== -->
+ <servlet>
+ <servlet-name>Repository</servlet-name>
+ <description>
+ This servlet provides other servlets and jsps a common way to access
+ the repository. The repository can be accessed via JNDI, RMI or Webdav.
+ </description>
+ <servlet-class>org.apache.jackrabbit.j2ee.RepositoryAccessServlet</servlet-class>
+
+ <init-param>
+ <param-name>bootstrap-config</param-name>
+ <param-value>jackrabbit/bootstrap.properties</param-value>
+ <description>
+ Property file that hold the same initialization properties than
+ the init-params below. If a parameter is specified in both
+ places the one in the bootstrap-config wins.
+ </description>
+ </init-param>
+ <!--
+ <init-param>
+ <param-name>repository.context.attribute.name</param-name>
+ <param-value>javax.jcr.Repository</param-value>
+ <description>
+ If this is set, the RepositoryAccessServlet expects a Repository in the ServletContext
+ attribute having this name. This allows servlets of this module to be used with repositories
+ initialized by the jackrabbit-jcr-servlet module utilities.
+ </description>
+ </init-param>
+ -->
+ <!--
+ <init-param>
+ <param-name>repository-name</param-name>
+ <param-value>jackrabbit.repository</param-value>
+ <description>Repository Name that is used to retrieve it via JNDI</description>
+ </init-param>
+ -->
+ <!--
+ JNDI environment variables for creating the initial context
+ (all init parameters starting with java.naming.* will be added to the initial context environment).
+ -->
+ <!--
+ <init-param>
+ <param-name>java.naming.provider.url</param-name>
+ <param-value>http://www.apache.org/jackrabbit</param-value>
+ </init-param>
+ <init-param>
+ <param-name>java.naming.factory.initial</param-name>
+ <param-value>org.apache.jackrabbit.core.jndi.provider.DummyInitialContextFactory</param-value>
+ </init-param>
+ -->
+ <!--
+ RMI url, if RMI remoting is needed
+ -->
+ <!--
+ <init-param>
+ <param-name>rmi-uri</param-name>
+ <param-value>///jackrabbit.repository</param-value>
+ <description>The URI for the RMI connection.</description>
+ </init-param>
+ -->
+
+ <load-on-startup>3</load-on-startup>
+ </servlet>
+
+ <!-- ====================================================================== -->
+ <!-- W E B D A V S E R V L E T -->
+ <!-- ====================================================================== -->
+ <servlet>
+ <servlet-name>Webdav</servlet-name>
+ <description>
+ The webdav servlet that connects HTTP request to the repository.
+ </description>
+ <servlet-class>org.apache.jackrabbit.j2ee.SimpleWebdavServlet</servlet-class>
+
+ <init-param>
+ <param-name>resource-path-prefix</param-name>
+ <param-value>/repository</param-value>
+ <description>
+ defines the prefix for spooling resources out of the repository.
+ </description>
+ </init-param>
+
+ <init-param>
+ <param-name>missing-auth-mapping</param-name>
+ <param-value>anonymous:anonymous</param-value>
+ <description>
+ Defines how a missing authorization header should be handled.
+ 1) If this init-param is missing, a 401 response is generated.
+ This is suitable for clients (eg. webdav clients) for which
+ sending a proper authorization header is not possible if the
+ server never sent a 401.
+ 2) If this init-param is present with an empty value,
+ null-credentials are returned, thus forcing an null login
+ on the repository.
+ 3) If this init-param is present with the value 'guestcredentials'
+ java.jcr.GuestCredentials are used to login to the repository.
+ 4) If this init-param has a 'user:password' value, the respective
+ simple credentials are generated.
+ </description>
+ </init-param>
+
+ <!--
+ Optional parameter to define the value of the 'WWW-Authenticate' header
+ -->
+ <!--
+ <init-param>
+ <param-name>authenticate-header</param-name>
+ <param-value>Basic realm="Jackrabbit Webdav Server"</param-value>
+ <description>
+ Defines the value of the 'WWW-Authenticate' header.
+ </description>
+ </init-param>
+ -->
+ <!--
+ Parameter used to configure behaviour of webdav resources such as:
+ - distinction between collections and non-collections
+ - resource filtering
+ -->
+ <init-param>
+ <param-name>resource-config</param-name>
+ <param-value>/WEB-INF/config.xml</param-value>
+ <description>
+ Defines various dav-resource configuration parameters.
+ </description>
+ </init-param>
+ <!--
+ Optional parameter to define the behaviour of the referrer-based CSRF protection
+ -->
+ <!--
+ <init-param>
+ <param-name>csrf-protection</param-name>
+ <param-value>host1.domain.com,host2.domain.org</param-value>
+ <description>
+ Defines the behaviour of the referrer based CSRF protection
+ 1) If omitted or left empty the (default) behaviour is to allow only requests with
+ an empty referrer header or a referrer host equal to the server host
+ 2) May also contain a comma separated list of additional allowed referrer hosts
+ 3) If set to 'disabled' no referrer checking will be performed at all
+ </description>
+ </init-param>
+ -->
+ <load-on-startup>4</load-on-startup>
+ </servlet>
+
+ <!-- ====================================================================== -->
+ <!-- J C R R E M O T I N G S E R V L E T -->
+ <!-- ====================================================================== -->
+ <servlet>
+ <servlet-name>JCRWebdavServer</servlet-name>
+ <description>
+ The servlet used to remote JCR calls over HTTP.
+ </description>
+ <servlet-class>org.apache.jackrabbit.j2ee.JcrRemotingServlet</servlet-class>
+ <init-param>
+ <param-name>missing-auth-mapping</param-name>
+ <param-value></param-value>
+ <description>
+ Defines how a missing authorization header should be handled.
+ 1) If this init-param is missing, a 401 response is generated.
+ This is suitable for clients (eg. webdav clients) for which
+ sending a proper authorization header is not possible if the
+ server never sent a 401.
+ 2) If this init-param is present with an empty value,
+ null-credentials are returned, thus forcing an null login
+ on the repository.
+ 3) If this init-param is present with the value 'guestcredentials'
+ java.jcr.GuestCredentials are used to login to the repository.
+ 4) If this init-param has a 'user:password' value, the respective
+ simple credentials are generated.
+ </description>
+ </init-param>
+ <!--
+ Optional parameter to define the value of the 'WWW-Authenticate' header
+ -->
+ <!--
+ <init-param>
+ <param-name>authenticate-header</param-name>
+ <param-value>Basic realm="Jackrabbit Webdav Server"</param-value>
+ <description>
+ Defines the value of the 'WWW-Authenticate' header.
+ </description>
+ </init-param>
+ -->
+ <init-param>
+ <param-name>resource-path-prefix</param-name>
+ <param-value>/server</param-value>
+ <description>
+ defines the prefix for spooling resources out of the repository.
+ </description>
+ </init-param>
+ <!--
+ Init parameters specific for JcrRemotingServlet
+ -->
+ <!--
+ <init-param>
+ <param-name>home</param-name>
+ <param-value></param-value>
+ <description>JcrRemotingServlet: Optional home directory for JcrRemotingServlet temporary files (default: "jackrabbit")</description>
+ </init-param>
+ <init-param>
+ <param-name>temp-directory</param-name>
+ <param-value></param-value>
+ <description>JcrRemotingServlet: Optional temporary directory name (under home, default: "tmp")</description>
+ </init-param>
+ -->
+ <init-param>
+ <param-name>batchread-config</param-name>
+ <param-value>/WEB-INF/batchread.properties</param-value>
+ <description>JcrRemotingServlet: Optional mapping from node type names to default depth.</description>
+ </init-param>
+ <!-- init-param>
+ <param-name>concurrency-level</param-name>
+ <param-value>50</param-value>
+ <description>Number of concurrent requests expected. Default value is 50.</description>
+ </init-param -->
+ <!--
+ Optional parameter to define the behaviour of the referrer-based CSRF protection
+ -->
+ <!--
+ <init-param>
+ <param-name>csrf-protection</param-name>
+ <param-value>host1.domain.com,host2.domain.org</param-value>
+ <description>
+ Defines the behaviour of the referrer based CSRF protection
+ 1) If omitted or left empty the (default) behaviour is to allow only requests with
+ an empty referrer header or a referrer host equal to the server host
+ 2) May also contain a comma separated list of additional allowed referrer hosts
+ 3) If set to 'disabled' no referrer checking will be performed at all
+ </description>
+ </init-param>
+ --> <load-on-startup>5</load-on-startup>
+ </servlet>
+
+ <!-- ====================================================================== -->
+ <!-- R M I B I N D I N G S E R V L E T -->
+ <!-- ====================================================================== -->
+ <servlet>
+ <servlet-name>RMI</servlet-name>
+ <servlet-class>org.apache.jackrabbit.servlet.remote.RemoteBindingServlet</servlet-class>
+ </servlet>
+
+ <!-- ====================================================================== -->
+ <!-- S E R V L E T M A P P I N G -->
+ <!-- ====================================================================== -->
+ <servlet-mapping>
+ <servlet-name>RepositoryStartup</servlet-name>
+ <url-pattern>/admin/*</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>Webdav</servlet-name>
+ <url-pattern>/repository/*</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>JCRWebdavServer</servlet-name>
+ <url-pattern>/server/*</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>RMI</servlet-name>
+ <url-pattern>/rmi</url-pattern>
+ </servlet-mapping>
+
+ <!-- ====================================================================== -->
+ <!-- W E L C O M E F I L E S -->
+ <!-- ====================================================================== -->
+ <welcome-file-list>
+ <welcome-file>index.jsp</welcome-file>
+ </welcome-file-list>
+
+ <error-page>
+ <exception-type>org.apache.jackrabbit.j2ee.JcrApiNotFoundException</exception-type>
+ <location>/error/classpath.jsp</location>
+ </error-page>
+ <error-page>
+ <exception-type>javax.jcr.RepositoryException</exception-type>
+ <location>/error/repository.jsp</location>
+ </error-page>
+
+</web-app>
--- /dev/null
+#bootstrap properties for the repository startup servlet.
+#Tue Sep 09 15:17:37 CEST 2008
+java.naming.factory.initial=org.apache.jackrabbit.core.jndi.provider.DummyInitialContextFactory
+repository.home=jackrabbit
+rmi.enabled=true
+repository.config=jackrabbit/repository.xml
+repository.name=jackrabbit.repository
+rmi.host=193.48.120.85
+java.naming.provider.url=http\://www.apache.org/jackrabbit
+jndi.enabled=true
+rmi.port=1111
--- /dev/null
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE Repository PUBLIC "-//The Apache Software Foundation//DTD Jackrabbit 1.4//EN"
+ "http://jackrabbit.apache.org/dtd/repository-1.4.dtd">
+<!-- Example Repository Configuration File -->
+<Repository>
+ <!--
+ virtual file system where the repository stores global state
+ (e.g. registered namespaces, custom node types, etc.)
+ -->
+ <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
+ <param name="path" value="${rep.home}/repository"/>
+ </FileSystem>
+
+ <!--
+ security configuration
+ -->
+
+ <Security appName="Jackrabbit">
+ <!--
+ access manager:
+ class: FQN of class implementing the AccessManager interface
+ -->
+ <!--<AccessManager class="org.apache.jackrabbit.core.security.SimpleAccessManager">-->
+ <!-- <param name="config" value="${rep.home}/access.xml"/> -->
+ <!--</AccessManager>-->
+
+ <AccessManager class="com.pentila.jackrabbit.auth.CASAccessManager">
+ <!-- <param name="config" value="${rep.home}/access.xml"/> -->
+ <param name="access" value="restricted"/>
+ </AccessManager>
+
+
+
+ <LoginModule class="com.pentila.jackrabbit.auth.CASLoginModule">
+ <!-- anonymous user name ('anonymous' is the default value) -->
+ <param name="cas_validate_url" value="https://tice-a85.univ-savoie.fr:8443/cas/serviceValidate"/>
+ <param name="service" value="http://tice-a93.univ-savoie.fr:9999/jackrabbit-webapp-1.4"/>
+ <!--
+ default user name to be used instead of the anonymous user
+ when no login credentials are provided (unset by default)
+ -->
+ <!-- <param name="defaultUserId" value="superuser"/> -->
+ </LoginModule>
+
+
+ <!--
+ <LoginModule class="org.apache.jackrabbit.core.security.SimpleLoginModule">-->
+ <!-- anonymous user name ('anonymous' is the default value) -->
+ <!--<param name="anonymousId" value="anonymous"/>-->
+ <!--
+ default user name to be used instead of the anonymous user
+ when no login credentials are provided (unset by default)
+ -->
+ <!-- <param name="defaultUserId" value="superuser"/> -->
+ <!--</LoginModule>-->
+
+
+ </Security>
+
+ <!--
+ location of workspaces root directory and name of default workspace
+ -->
+ <Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="default"/>
+ <!--
+ workspace configuration template:
+ used to create the initial workspace if there's no workspace yet
+ -->
+ <Workspace name="${wsp.name}">
+ <!--
+ virtual file system of the workspace:
+ class: FQN of class implementing the FileSystem interface
+ -->
+ <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
+ <param name="path" value="${wsp.home}"/>
+ </FileSystem>
+ <!--
+ persistence manager of the workspace:
+ class: FQN of class implementing the PersistenceManager interface
+ -->
+
+<!--
+
+ <PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.DerbyPersistenceManager">
+ <param name="url" value="jdbc:derby:${wsp.home}/db;create=true"/>
+ <param name="schemaObjectPrefix" value="${wsp.name}_"/>
+ </PersistenceManager>
+
+
+-->
+
+<PersistenceManager class="org.apache.jackrabbit.core.persistence.pool.PostgreSQLPersistenceManager">
+ <param name="bundleCacheSize" value="8" />
+
+<param name="consistencyCheck" value="false" />
+<!--
+<param name="consistencyFix" value="true" />
+-->
+ <param name="minBlobSize" value="4096" />
+ <param name="driver" value="org.postgresql.Driver"/>
+ <param name="url" value="jdbc:postgresql://localhost/jackrabbit"/>
+ <param name="schema" value="postgresql"/>
+ <param name="user" value="postgres"/>
+ <param name="password" value="root"/>
+ <param name="schemaObjectPrefix" value="${wsp.name}_"/>
+ <param name="errorHandling" value=""/>
+ </PersistenceManager>
+<!--
+
+
+<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
+ <param name="driver" value="javax.naming.InitialContext"/>
+ <param name="url" value="java:comp/env/jdbc/Workspaces"/>
+ <param name="schemaObjectPrefix" value="${wsp.name}_"/>
+ <param name="schema" value="postgresql"/>
+</PersistenceManager>
+-->
+ <!--
+
+ Search index and the file system it uses.
+ class: FQN of class implementing the QueryHandler interface
+ -->
+ <SearchIndex class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
+ <param name="path" value="${wsp.home}/index"/>
+ <param name="textFilterClasses" value="org.apache.jackrabbit.extractor.MsWordTextExtractor,org.apache.jackrabbit.extractor.MsExcelTextExtractor,org.apache.jackrabbit.extractor.MsPowerPointTextExtractor,org.apache.jackrabbit.extractor.PdfTextExtractor,org.apache.jackrabbit.extractor.OpenOfficeTextExtractor,org.apache.jackrabbit.extractor.RTFTextExtractor,org.apache.jackrabbit.extractor.HTMLTextExtractor,org.apache.jackrabbit.extractor.XMLTextExtractor"/>
+ <param name="extractorPoolSize " value="2"/>
+ <param name="supportHighlighting" value="true"/>
+ </SearchIndex>
+ </Workspace>
+
+ <!--
+ Configures the versioning
+ -->
+ <Versioning rootPath="${rep.home}/version">
+ <!--
+ Configures the filesystem to use for versioning for the respective
+ persistence manager
+ -->
+ <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
+ <param name="path" value="${rep.home}/version" />
+ </FileSystem>
+
+ <!--
+ Configures the persistence manager to be used for persisting version state.
+ Please note that the current versioning implementation is based on
+ a 'normal' persistence manager, but this could change in future
+ implementations.
+ -->
+ <PersistenceManager class="org.apache.jackrabbit.core.persistence.pool.DerbyPersistenceManager">
+ <param name="url" value="jdbc:derby:${rep.home}/version/db;create=true"/>
+ <param name="schemaObjectPrefix" value="version_"/>
+ </PersistenceManager>
+ </Versioning>
+
+ <!--
+ Search index for content that is shared repository wide
+ (/jcr:system tree, contains mainly versions)
+ -->
+ <SearchIndex class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
+ <param name="path" value="${rep.home}/repository/index"/>
+ <param name="textFilterClasses" value="org.apache.jackrabbit.extractor.MsWordTextExtractor,org.apache.jackrabbit.extractor.MsExcelTextExtractor,org.apache.jackrabbit.extractor.MsPowerPointTextExtractor,org.apache.jackrabbit.extractor.PdfTextExtractor,org.apache.jackrabbit.extractor.OpenOfficeTextExtractor,org.apache.jackrabbit.extractor.RTFTextExtractor,org.apache.jackrabbit.extractor.HTMLTextExtractor,org.apache.jackrabbit.extractor.XMLTextExtractor"/>
+ <param name="extractorPoolSize " value="2"/>
+ <param name="supportHighlighting" value="true"/>
+ </SearchIndex>
+
+<DataStore class="org.apache.jackrabbit.core.data.FileDataStore"/>
+
+</Repository>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+ <nodeTypes xmlns:evalcomp="internal"
+ xmlns:fn="http://www.w3.org/2005/xpath-functions"
+ xmlns:fn_old="http://www.w3.org/2004/10/xpath-functions"
+ xmlns:jcr="http://www.jcp.org/jcr/1.0"
+ xmlns:mix="http://www.jcp.org/jcr/mix/1.0"
+ xmlns:nt="http://www.jcp.org/jcr/nt/1.0"
+ xmlns:rep="internal"
+ xmlns:sv="http://www.jcp.org/jcr/sv/1.0"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+
+ <nodeType name="nt:customNode">
+ <propertyDefinition name="jcr:shared" requiredType="String" autoCreated="false" mandatory="false" onParentVersion="COPY" protected="false" multiple="true"/>
+ <propertyDefinition name="jcr:owner" requiredType="String" autoCreated="false" mandatory="false" onParentVersion="COPY" protected="false" multiple="true"/>
+ </nodeType>
+
+
+ <nodeType hasOrderableChildNodes="true" isMixin="false" name="jcr:extfolder">
+ <supertypes>
+ <supertype>nt:folder</supertype>
+ <supertype>nt:customNode</supertype>
+ </supertypes>
+ </nodeType>
+
+ <nodeType hasOrderableChildNodes="true" isMixin="false" name="jcr:extfile">
+ <supertypes>
+ <supertype>nt:file</supertype>
+ <supertype>nt:customNode</supertype>
+ </supertypes>
+ </nodeType>
+
+</nodeTypes>
--- /dev/null
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:cache="http://www.springframework.org/schema/cache"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">
+ <cache:annotation-driven />
+
+
+ <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager" p:cache-manager-ref="ehcache"/>
+
+<!-- Ehcache library setup -->
+<bean id="ehcache" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" p:config-location="classpath:ehcache-application.xml"/>
+
+
+</beans>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:sec="http://www.springframework.org/schema/security"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
+
+
+
+<bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+ <property name="loginFormUrl"><value>/login.jsp</value></property>
+ <property name="forceHttps"><value>false</value></property>
+ </bean>
+
+
+
+<bean id="placeholderConfig4"
+ class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+ <property name="locations">
+ <list>
+ <value>WEB-INF/cas.properties</value>
+ <value>WEB-INF/context-ldap.properties</value>
+ </list>
+ </property>
+ <property name="ignoreUnresolvablePlaceholders" value="true"/>
+ </bean>
+
+<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource" >
+ <description>ContextSource of the LDAP server and common connexion.</description>
+ <property name="urls" value="${urls}" />
+ <property name="userDn" value="${rootDN}" />
+ <property name="password" value="${password}" />
+ <property name="base" value="${base}" />
+ <property name="dirObjectFactory" value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
+ </bean>
+
+ <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
+ <description>LDAPTemplate spring bean.</description>
+ <constructor-arg ref="contextSource" />
+ </bean>
+
+
+
+<bean id="ldapDAO" class="com.pentila.jackrabbit.auth.LdapDAO">
+<property name="ldapTemplate"><ref local="ldapTemplate" /></property>
+<property name="attrLogin" value="${attrLogin}" />
+<property name="attrId" value="${attrId}" />
+<property name="branchPeople" value="${userbase}" />
+<property name="additionalFilter" value="${additionalFilter}"/>
+</bean>
+
+
+<bean id="userService" class="com.pentila.jackrabbit.auth.CasAuth">
+<constructor-arg index="0" value="ROLE_MEMBER" />
+
+<property name="ldapDAO"><ref local="ldapDAO" /></property>
+
+</bean>
+
+<bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
+ <property name="service"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/j_spring_cas_security_check</value></property>
+ <property name="sendRenew"><value>false</value></property>
+</bean>
+
+<!-- Provider 1 -->
+
+
+<bean id="casAuthenticationProvider1" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
+ <property name="userDetailsService"><ref bean="userService"/></property>
+
+ <property name="serviceProperties" ref="serviceProperties" />
+ <property name="ticketValidator">
+ <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
+ <constructor-arg index="0" value="https://tice-a85.univ-savoie.fr:8443/cas" />
+ <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
+ <property name="proxyCallbackUrl" value="https://tice-a85.univ-savoie.fr:8443/jackrabbit-webapp-1.4/receptor" />
+ </bean>
+ </property>
+
+ <property name="key"><value>my_password_for_this_auth_provider_only</value></property>
+</bean>
+
+<bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
+
+
+
+
+<!-- END 1 -->
+
+
+
+
+<!-- Provider 2 -->
+
+<bean id="casAuthenticationProvider2" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
+ <property name="userDetailsService"><ref bean="userService"/></property>
+
+ <property name="serviceProperties" ref="serviceProperties" />
+ <property name="ticketValidator">
+ <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
+ <constructor-arg index="0" value="https://tice-a85.univ-savoie.fr:8443/cas2" />
+ <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
+ <property name="proxyCallbackUrl" value="https://tice-a85.univ-savoie.fr:8443/jackrabbit-webapp-1.4/receptor" />
+ </bean>
+ </property>
+ <property name="key"><value>my_password_for_this_auth_provider_only</value></property>
+</bean>
+
+
+
+
+
+<!-- END 2 -->
+
+
+
+
+
+
+ <!-- ======================== FILTER CHAIN =======================
+ ACLs later: requestMethodsFilter
+ Not in 1.0-RC1: exceptionTranslationFilter,
+ Later: ,rememberMeProcessingFilter
+ /**=httpSessionContextIntegrationFilter,casProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
+ Web services currently can't use the filter chain because Axis instantiates
+ the web service handler classes, not Spring. However, we can do the context integration
+ filter, which associates a security context with the http session, and call
+ into the Acegi beans from the service handler
+ -->
+ <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
+ <property name="filterInvocationDefinitionSource">
+ <value>
+ CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+ PATTERN_TYPE_APACHE_ANT
+ /**=httpSessionContextIntegrationFilter,casProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
+ </value>
+ </property>
+ </bean>
+
+
+
+<bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
+ <property name="authenticationManager"><ref bean="authenticationManager"/></property>
+ <property name="authenticationFailureUrl"><value>/casfailed.jsp</value></property>
+ <property name="defaultTargetUrl"><value>/</value></property>
+ <property name="filterProcessesUrl"><value>/j_spring_cas_security_check</value></property>
+</bean>
+
+ <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
+ <property name="providers">
+ <list>
+
+ <ref bean="casAuthenticationProvider1" />
+ <ref bean="casAuthenticationProvider2"/>
+ <ref local="anonymousAuthenticationProvider"/>
+
+ </list>
+ </property>
+ </bean>
+
+ <bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
+ <property name="key"><value>foobar</value></property>
+ <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
+ </bean>
+
+ <bean id="anonymousAuthenticationProvider" class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
+ <property name="key"><value>foobar</value></property>
+ </bean>
+
+<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.util.MultiCasProcessingFilterEntryPoint">
+ <property name="loginUrl"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/login.jsp</value></property>
+ <property name="responseUrl"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/response.jsp</value></property>
+ <property name="loginUrls">
+ <list>
+ <value>https://tice-a85.univ-savoie.fr:8443/cas/login</value>
+ <value>https://tice-a85.univ-savoie.fr:8443/cas2/login</value>
+ </list>
+ </property>
+ <property name="logoutUrls">
+ <list>
+ <value>https://tice-a85.univ-savoie.fr:8443/cas/logout</value>
+ <value>https://tice-a85.univ-savoie.fr:8443/cas2/logout</value>
+ </list>
+ </property>
+ <property name="loginFormUrl"><value>http://tice-a85.univ-savoie.fr:8080/jackrabbit-webapp-1.4/loginFormPage.jsp</value></property>
+ <property name="serviceProperties"><ref bean="serviceProperties"/></property>
+
+</bean>
+
+
+<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
+ <property name="authenticationEntryPoint"><ref bean="casProcessingFilterEntryPoint"/></property>
+ </bean>
+
+<!--
+<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
+ <property name="authenticationEntryPoint"><ref bean="authenticationProcessingFilterEntryPoint"/></property>
+ </bean>
+-->
+
+<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
+
+<bean id="runAsManager" class="org.springframework.security.runas.RunAsManagerImpl">
+ <property name="key"><value>my_run_as_password</value></property>
+ </bean>
+
+ <bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
+
+ <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
+ <property name="allowIfAllAbstainDecisions"><value>false</value></property>
+ <property name="decisionVoters">
+ <list>
+ <ref bean="roleVoter"/>
+ <bean class="org.springframework.security.vote.AuthenticatedVoter"/>
+ </list>
+ </property>
+ </bean>
+
+
+<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
+ <property name="authenticationManager"><ref bean="authenticationManager"/></property>
+ <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
+ <property name="runAsManager"><ref bean="runAsManager"/></property>
+ <property name="objectDefinitionSource">
+ <value>
+ PATTERN_TYPE_APACHE_ANT
+ /logout.jsp=ROLE_MEMBER
+ /response.jsp=ROLE_MEMBER
+ /loginFormPage.jsp=ROLE_ANONYMOUS
+ /login.jsp=ROLE_ANONYMOUS
+ /logoutMultiCas.jsp=ROLE_ANONYMOUS,ROLE_MEMBER
+ /**=ROLE_MEMBER
+ </value>
+ </property>
+ </bean>
+
+
+
+</beans>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:sec="http://www.springframework.org/schema/security"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
+
+
+<bean id="placeholderConfig4"
+ class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+ <property name="locations">
+ <list>
+ <value>WEB-INF/cas.properties</value>
+ <value>WEB-INF/context-ldap.properties</value>
+ </list>
+ </property>
+ <property name="ignoreUnresolvablePlaceholders" value="true"/>
+ </bean>
+
+<sec:http entry-point-ref="casProcessingFilterEntryPoint">
+ <!--<sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR" requires-channel="https"/>-->
+ <sec:intercept-url pattern="/repository/**" access="ROLE_MEMBER" />
+ <sec:logout logout-success-url="/cas-logout.jsp"/>
+ <sec:custom-filter ref="casProcessingFilter" after="CAS_FILTER"/>
+ </sec:http>
+
+ <sec:authentication-manager alias="authenticationManager">
+ <sec:authentication-provider ref="casAuthenticationProvider" />
+ </sec:authentication-manager>
+
+ <bean id="casProcessingFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
+ <property name="authenticationManager" ref="authenticationManager"/>
+
+ <!--<property name="authenticationFailureUrl" value="/casfailed.jsp"/>
+ <property name="defaultTargetUrl" value="/"/>
+ --><!--<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
+ <property name="proxyReceptorUrl" value="/${WEBAPP_CONTAINER}/receptor" />
+-->
+ </bean>
+
+ <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
+ <property name="loginUrl" value="https://${CAS_HOST}/cas/login"/>
+ <property name="serviceProperties" ref="serviceProperties"/>
+
+ </bean>
+
+ <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
+ <property name="userDetailsService" ref="userService"/>
+ <property name="serviceProperties" ref="serviceProperties" />
+ <property name="ticketValidator">
+ <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
+ <constructor-arg index="0" value="https://${CAS_HOST}/cas" />
+ <!--<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
+ <property name="proxyCallbackUrl" value="https://${SERVICE_HOST}/${WEBAPP_CONTAINER}/receptor" /> -->
+
+</bean>
+ </property>
+
+ <property name="key" value="an_id_for_this_auth_provider_only"/>
+ </bean>
+
+ <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
+
+ <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
+ <property name="service" value="https://${SERVICE_HOST}/${WEBAPP_CONTAINER}/j_spring_cas_security_check"/>
+ <property name="sendRenew" value="false"/>
+ </bean>
+
+
+
+<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource" >
+ <description>ContextSource of the LDAP server and common connexion.</description>
+ <property name="urls" value="${urls}" />
+ <property name="userDn" value="${rootDN}" />
+ <property name="password" value="${password}" />
+ <property name="base" value="${base}" />
+ <property name="dirObjectFactory" value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
+ </bean>
+
+ <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
+ <description>LDAPTemplate spring bean.</description>
+ <constructor-arg ref="contextSource" />
+ </bean>
+
+
+
+<bean id="ldapDAO" class="com.pentila.jackrabbit.auth.LdapDAO">
+<property name="ldapTemplate"><ref local="ldapTemplate" /></property>
+<property name="attrLogin" value="${attrLogin}" />
+<property name="attrId" value="${attrId}" />
+<property name="branchPeople" value="${userbase}" />
+<property name="additionalFilter" value="${additionalFilter}"/>
+</bean>
+
+
+<bean id="userService" class="com.pentila.jackrabbit.auth.CasAuth">
+<constructor-arg index="0" value="ROLE_MEMBER" />
+
+<property name="ldapDAO"><ref local="ldapDAO" /></property>
+
+</bean>
+
+<!--
+ <sec:ldap-server id="ok_ldap" url="ldap://193.48.120.93:389/" manager-dn="cn=Manager,dc=portfolio,dc=org" manager-password="superuser" />
+
+ <sec:ldap-user-service id="userService" server-ref="ok_ldap"
+ user-search-filter="uid={0}"
+ user-search-base="ou=people, dc=portfolio, dc=org"
+ group-search-filter="uniquemember={0}"
+ group-search-base="ou=groupes, dc=portfolio, dc=org"
+ role-prefix="ROLE_" />
+-->
+
+<!--
+<sec:user-service id="userService">
+<sec:user name="stagiaire1" password="vlad" authorities="system" />
+</sec:user-service>
+-->
+
+
+</beans>
+