API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 2nd, 2016
108
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.34 KB | None | 0 0
raw download clone embed print report
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <!--
  3. ~ Copyright (c) 2010-2016 Evolveum
  4. ~
  5. ~ Licensed under the Apache License, Version 2.0 (the "License");
  6. ~ you may not use this file except in compliance with the License.
  7. ~ You may obtain a copy of the License at
  8. ~
  9. ~ http://www.apache.org/licenses/LICENSE-2.0
  10. ~
  11. ~ Unless required by applicable law or agreed to in writing, software
  12. ~ distributed under the License is distributed on an "AS IS" BASIS,
  13. ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14. ~ See the License for the specific language governing permissions and
  15. ~ limitations under the License.
  16. -->
  17.  
  18. <beans:beans xmlns="http://www.springframework.org/schema/security"
  19. xmlns:beans="http://www.springframework.org/schema/beans"
  20. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  21. xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
  22. http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
  23.  
  24.  
  25. <global-method-security secured-annotations="enabled"/>
  26.  
  27. <!-- Web services have their own authentication and authorization using CXF interceptors. -->
  28. <http pattern="/model/**" security="none"/>
  29. <http pattern="/ws/**" security="none"/>
  30.  
  31. <!-- REST services have their own authentication and authorization. -->
  32. <http pattern="/rest/**" security="none"/>
  33.  
  34. <http pattern="/js/**" security="none"/>
  35. <http pattern="/css/**" security="none"/>
  36. <http pattern="/img/**" security="none"/>
  37. <http pattern="/wro/**" security="none"/>
  38. <!-- todo fix later with some mounting-->
  39. <http pattern="/wicket/resource/**" security="none"/>
  40.  
  41. <!-- add following: entry-point-ref="casEntryPoint" to the http element before create-session attribute -->
  42. <http create-session="never" auto-config="true" use-expressions="false" access-decision-manager-ref="accessDecisionManager">
  43. <intercept-url pattern="/j_spring_security_check" />
  44. <intercept-url pattern="/spring_security_login" />
  45.  
  46. <intercept-url pattern="/login"/>
  47.  
  48. <intercept-url pattern="/bootstrap" />
  49.  
  50. <intercept-url pattern="/admin/**" access="isFullyAuthenticated()"/> <!-- access="isAuthenticated()"/> -->
  51.  
  52. <intercept-url pattern="/**" access="isFullyAuthenticated()"/>
  53.  
  54. <logout logout-url="/j_spring_security_logout" invalidate-session="true" success-handler-ref="logoutHandler" />
  55.  
  56. <session-management>
  57. <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
  58. </session-management>
  59.  
  60. <!-- For SSO integration use the following: -->
  61. <custom-filter position="PRE_AUTH_FILTER" ref="requestHeaderAuthenticationFilter" />
  62.  
  63. <!-- For SSO CAS integration uncomment following -->
  64. <!--
  65. <custom-filter position="CAS_FILTER" ref="casFilter" />
  66. <logout logout-success-url="/cas-logout.jsp"/>
  67. <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
  68. <custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
  69. -->
  70.  
  71. <!-- login-processing-url must NOT be /login. Otherwise the requests from AJAX components
  72. on the login page will be interpreted as login form sumbit and there will be faux errors. -->
  73. <form-login login-page="/login" login-processing-url="/spring_security_login"
  74. authentication-success-handler-ref="authenticationSuccessHandler"/>
  75.  
  76. <csrf disabled="true"/>
  77. <headers disabled="true"/>
  78. </http>
  79.  
  80. <beans:bean id="authenticationSuccessHandler"
  81. class="com.evolveum.midpoint.web.security.MidPointAuthenticationSuccessHandler">
  82. <!-- After login, return to the last visited page -->
  83. <beans:property name="useReferer" value="true" />
  84. <!--
  85. we will redirect back to login to let wicket initialize it's application/session stuff
  86. login page will redirect us to proper "home" page if we're already authenticated
  87. -->
  88. <beans:property name="defaultTargetUrl" value="/login"/>
  89. </beans:bean>
  90.  
  91. <beans:bean id="accessDecisionManager" class="com.evolveum.midpoint.web.security.MidPointGuiAuthorizationEvaluator">
  92. <beans:constructor-arg name="securityEnforcer" ref="securityEnforcer"/>
  93. </beans:bean>
  94.  
  95. <beans:bean id="logoutHandler" class="com.evolveum.midpoint.web.security.AuditedLogoutHandler">
  96. <beans:property name="defaultTargetUrl" value="https://myidp/logout"/>
  97. </beans:bean>
  98.  
  99. <beans:bean id="midPointAuthenticationProvider"
  100. class="com.evolveum.midpoint.web.security.MidPointAuthenticationProvider">
  101. </beans:bean>
  102.  
  103. <!-- Following bean is used with pre-authentication based on HTTP headers (e.g. for SSO integration) -->
  104. <beans:bean id="requestHeaderAuthenticationFilter"
  105. class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
  106. <beans:property name="principalRequestHeader" value="SM_USER"/>
  107. <beans:property name="authenticationManager" ref="authenticationManager" />
  108. </beans:bean>
  109.  
  110. <authentication-manager alias="authenticationManager">
  111. <authentication-provider ref="midPointAuthenticationProvider"/>
  112. </authentication-manager>
  113.  
  114. <!-- For SSO CAS integration uncomment following and set CASSERVER address and change service url according to your needs-->
  115. <!-- CAS CONFIG -->
  116. <!--
  117. <beans:bean id="serviceProperties"
  118. class="org.springframework.security.cas.ServiceProperties">
  119. <beans:property name="service"
  120. value="http://localhost:8080/midpoint/j_spring_cas_security_check"/>
  121. <beans:property name="sendRenew" value="false"/>
  122. </beans:bean>
  123.  
  124. <beans:bean id="casFilter"
  125. class="org.springframework.security.cas.web.CasAuthenticationFilter">
  126. <beans:property name="authenticationManager" ref="authenticationManager"/>
  127. </beans:bean>
  128.  
  129. <beans:bean id="casEntryPoint"
  130. class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
  131. <beans:property name="loginUrl" value="https://CASSERVER/cas/login"/>
  132. <beans:property name="serviceProperties" ref="serviceProperties"/>
  133. </beans:bean>
  134.  
  135. <authentication-manager alias="authenticationManager">
  136. <authentication-provider ref="casAuthenticationProvider" />
  137. </authentication-manager>
  138.  
  139. <beans:bean id="casAuthenticationProvider"
  140. class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
  141. <beans:property name="authenticationUserDetailsService">
  142. <beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
  143. <beans:constructor-arg ref="userDetailsService" />
  144. </beans:bean>
  145. </beans:property>
  146. <beans:property name="serviceProperties" ref="serviceProperties" />
  147. <beans:property name="ticketValidator">
  148. <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
  149. <beans:constructor-arg index="0" value="https://CASSERVER/cas" />
  150. </beans:bean>
  151. </beans:property>
  152. <beans:property name="key" value="CAS_ID"/>
  153. </beans:bean>
  154.  
  155. -->
  156.  
  157. <!-- For SLO CAS integration uncomment following and set CASSERVER address-->
  158. <!-- LOGOUT -->
  159.  
  160. <!-- This filter handles a Single Logout Request from the CAS Server -->
  161. <!--<beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/> -->
  162. <!-- This filter redirects to the CAS Server to signal Single Logout should be performed -->
  163. <!--<beans:bean id="requestSingleLogoutFilter"
  164. class="org.springframework.security.web.authentication.logout.LogoutFilter">
  165. <beans:constructor-arg value="https://CASSERVER/cas/logout"/>
  166. <beans:constructor-arg>
  167. <beans:bean class=
  168. "org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
  169. </beans:constructor-arg>
  170. <beans:property name="filterProcessesUrl" value="/j_spring_cas_security_logout"/>
  171. </beans:bean>
  172. -->
  173.  
  174.  
  175. </beans:beans>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!