SHOW:
|
|
- or go back to the newest paste.
| 1 | <?xml version="1.0" encoding="UTF-8"?> | |
| 2 | <!-- | |
| 3 | ||
| 4 | Licensed to Jasig under one or more contributor license | |
| 5 | agreements. See the NOTICE file distributed with this work | |
| 6 | for additional information regarding copyright ownership. | |
| 7 | Jasig licenses this file to you under the Apache License, | |
| 8 | Version 2.0 (the "License"); you may not use this file | |
| 9 | except in compliance with the License. You may obtain a | |
| 10 | copy of the License at the following location: | |
| 11 | ||
| 12 | http://www.apache.org/licenses/LICENSE-2.0 | |
| 13 | ||
| 14 | Unless required by applicable law or agreed to in writing, | |
| 15 | software distributed under the License is distributed on an | |
| 16 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
| 17 | KIND, either express or implied. See the License for the | |
| 18 | specific language governing permissions and limitations | |
| 19 | under the License. | |
| 20 | ||
| 21 | --> | |
| 22 | <!-- | |
| 23 | | deployerConfigContext.xml centralizes into one file some of the declarative configuration that | |
| 24 | | all CAS deployers will need to modify. | |
| 25 | | | |
| 26 | | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment. | |
| 27 | | The beans declared in this file are instantiated at context initialization time by the Spring | |
| 28 | | ContextLoaderListener declared in web.xml. It finds this file because this | |
| 29 | | file is among those declared in the context parameter "contextConfigLocation". | |
| 30 | | | |
| 31 | | By far the most common change you will need to make in this file is to change the last bean | |
| 32 | | declaration to replace the default authentication handler with | |
| 33 | | one implementing your approach for authenticating usernames and passwords. | |
| 34 | +--> | |
| 35 | ||
| 36 | <beans xmlns="http://www.springframework.org/schema/beans" | |
| 37 | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| 38 | xmlns:p="http://www.springframework.org/schema/p" | |
| 39 | xmlns:c="http://www.springframework.org/schema/c" | |
| 40 | xmlns:tx="http://www.springframework.org/schema/tx" | |
| 41 | xmlns:util="http://www.springframework.org/schema/util" | |
| 42 | xmlns:sec="http://www.springframework.org/schema/security" | |
| 43 | xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd | |
| 44 | http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd | |
| 45 | http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd | |
| 46 | http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> | |
| 47 | ||
| 48 | <!-- | |
| 49 | | The authentication manager defines security policy for authentication by specifying at a minimum | |
| 50 | | the authentication handlers that will be used to authenticate credential. While the AuthenticationManager | |
| 51 | | interface supports plugging in another implementation, the default PolicyBasedAuthenticationManager should | |
| 52 | | be sufficient in most cases. | |
| 53 | +--> | |
| 54 | <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> | |
| 55 | <constructor-arg> | |
| 56 | <map> | |
| 57 | <!-- | |
| 58 | | IMPORTANT | |
| 59 | | Every handler requires a unique name. | |
| 60 | | If more than one instance of the same handler class is configured, you must explicitly | |
| 61 | | set its name to something other than its default name (typically the simple class name). | |
| 62 | --> | |
| 63 | <!--<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />--> | |
| 64 | <entry key-ref="dbAuthenticationHandler" value-ref="primaryPrincipalResolver"/> | |
| 65 | <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver"></entry> | |
| 66 | </map> | |
| 67 | </constructor-arg> | |
| 68 | ||
| 69 | <property name="authenticationMetaDataPopulators"> | |
| 70 | <util:list> | |
| 71 | <!-- #DEMO# --> | |
| 72 | <bean class="org.jasig.cas.support.pac4j.authentication.ClientAuthenticationMetaDataPopulator" /> | |
| 73 | <!-- #DEMO# --> | |
| 74 | </util:list> | |
| 75 | </property> | |
| 76 | ||
| 77 | ||
| 78 | <!-- | |
| 79 | | Defines the security policy around authentication. Some alternative policies that ship with CAS: | |
| 80 | | | |
| 81 | | * NotPreventedAuthenticationPolicy - all credential must either pass or fail authentication | |
| 82 | | * AllAuthenticationPolicy - all presented credential must be authenticated successfully | |
| 83 | | * RequiredHandlerAuthenticationPolicy - specifies a handler that must authenticate its credential to pass | |
| 84 | --> | |
| 85 | <property name="authenticationPolicy"> | |
| 86 | <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" /> | |
| 87 | </property> | |
| 88 | </bean> | |
| 89 | ||
| 90 | <!-- PostgreSQL connector --> | |
| 91 | <bean id="dataSource" class="org.apache.tomcat.jdbc.pool.DataSource" destroy-method="close"> | |
| 92 | <property name="driverClassName" value="org.postgresql.Driver" /> | |
| 93 | <property name="url" value="HIDDEN" /> | |
| 94 | <property name="username" value="HIDDEN" /> | |
| 95 | <property name="password" value="HIDDEN" /> | |
| 96 | <property name="initialSize" value="5" /> | |
| 97 | <property name="maxActive" value="10" /> | |
| 98 | <property name="maxIdle" value="5" /> | |
| 99 | <property name="minIdle" value="2" /> | |
| 100 | </bean> | |
| 101 | ||
| 102 | <!-- Required for proxy ticket mechanism. --> | |
| 103 | <!--<bean id="proxyAuthenticationHandler"--> | |
| 104 | <!--class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"--> | |
| 105 | <!--p:httpClient-ref="httpClient" />--> | |
| 106 | ||
| 107 | <bean id="passwordEncoder" | |
| 108 | class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" | |
| 109 | c:encodingAlgorithm="MD5" | |
| 110 | p:characterEncoding="UTF-8" /> | |
| 111 | ||
| 112 | <bean id="dbAuthenticationHandler" | |
| 113 | class="org.jasig.cas.adaptors.jdbc.CustomDatabaseAuthenticationHandler" | |
| 114 | p:dataSource-ref="dataSource" | |
| 115 | p:passwordEncoder-ref="passwordEncoder" | |
| 116 | p:sqlFindSaltPasswordByEmail="HIDDEN" | |
| 117 | p:sqlFindSaltPasswordByUsername="HIDDEN"/> | |
| 118 | ||
| 119 | <!-- | |
| 120 | | TODO: Replace this component with one suitable for your enviroment. | |
| 121 | | | |
| 122 | | This component provides authentication for the kind of credential used in your environment. In most cases | |
| 123 | | credential is a username/password pair that lives in a system of record like an LDAP directory. | |
| 124 | | The most common authentication handler beans: | |
| 125 | | | |
| 126 | | * org.jasig.cas.authentication.LdapAuthenticationHandler | |
| 127 | | * org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler | |
| 128 | | * org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler | |
| 129 | | * org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler | |
| 130 | --> | |
| 131 | <!-- #DEMO# --> | |
| 132 | <bean id="primaryAuthenticationHandler" class="org.jasig.cas.support.pac4j.authentication.handler.support.ClientAuthenticationHandler"> | |
| 133 | <constructor-arg index="0" ref="clients"/> | |
| 134 | </bean> | |
| 135 | <!-- #DEMO# --> | |
| 136 | ||
| 137 | ||
| 138 | <!-- Required for proxy ticket mechanism --> | |
| 139 | <!--<bean id="proxyPrincipalResolver"--> | |
| 140 | <!--class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />--> | |
| 141 | ||
| 142 | ||
| 143 | <!-- | |
| 144 | | Resolves a principal from a credential using an attribute repository that is configured to resolve | |
| 145 | | against a deployer-specific store (e.g. LDAP). | |
| 146 | --> | |
| 147 | ||
| 148 | <bean id="primaryPrincipalResolver" | |
| 149 | class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" > | |
| 150 | <property name="attributeRepository" ref="attributeRepository" /> | |
| 151 | </bean> | |
| 152 | ||
| 153 | ||
| 154 | <!-- | |
| 155 | Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation | |
| 156 | may go against a database or LDAP server. The id should remain "attributeRepository" though. | |
| 157 | +--> | |
| 158 | ||
| 159 | ||
| 160 | <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao" | |
| 161 | p:backingMap-ref="attrRepoBackingMap" /> | |
| 162 | ||
| 163 | <util:map id="attrRepoBackingMap"> | |
| 164 | <!-- facebook --> | |
| 165 | <entry key="uid" value="uid" /> | |
| 166 | <entry key="email" value="email" /> | |
| 167 | <entry key="first_name" value="first_name" /> | |
| 168 | <entry key="last_name" value="last_name" /> | |
| 169 | <entry key="username" value="username" /> | |
| 170 | ||
| 171 | <!-- google --> | |
| 172 | <entry key="verified_email" value="verified_email" /> | |
| 173 | <entry key="name" value="name" /> | |
| 174 | <entry key="given_name" value="given_name" /> | |
| 175 | <entry key="family_name" value="family_name" /> | |
| 176 | ||
| 177 | </util:map> | |
| 178 | ||
| 179 | <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" | |
| 180 | p:registeredServices-ref="registeredServicesList" /> | |
| 181 | ||
| 182 | <util:list id="registeredServicesList"> | |
| 183 | ||
| 184 | <bean class="org.jasig.cas.services.RegexRegisteredService" | |
| 185 | - | p:id="1" p:name="mydomain.com" p:description="Allow mydomain.com connection" |
| 185 | + | p:id="1" p:name="example.com" p:description="Allow example.com connection" |
| 186 | - | p:serviceId="^http://mydomain.com/.*" p:evaluationOrder="1" > |
| 186 | + | p:serviceId="^http://example.com/.*" p:evaluationOrder="1" > |
| 187 | ||
| 188 | <property name="attributeReleasePolicy"> | |
| 189 | <bean class="org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy"> | |
| 190 | <property name="allowedAttributes"> | |
| 191 | <list> | |
| 192 | <!-- facebook --> | |
| 193 | <value>uid</value> | |
| 194 | <value>email</value> | |
| 195 | <value>first_name</value> | |
| 196 | <value>last_name</value> | |
| 197 | <value>username</value> | |
| 198 | ||
| 199 | <!-- google --> | |
| 200 | <value>verified_email</value> | |
| 201 | <value>name</value> | |
| 202 | <value>given_name</value> | |
| 203 | <value>family_name</value> | |
| 204 | ||
| 205 | </list> | |
| 206 | </property> | |
| 207 | </bean> | |
| 208 | </property> | |
| 209 | </bean> | |
| 210 | ||
| 211 | ||
| 212 | </util:list> | |
| 213 | ||
| 214 | ||
| 215 | <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> | |
| 216 | ||
| 217 | <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" /> | |
| 218 | ||
| 219 | <util:list id="monitorsList"> | |
| 220 | <bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" /> | |
| 221 | <!-- | |
| 222 | NOTE | |
| 223 | The following ticket registries support SessionMonitor: | |
| 224 | * DefaultTicketRegistry | |
| 225 | * JpaTicketRegistry | |
| 226 | Remove this monitor if you use an unsupported registry. | |
| 227 | --> | |
| 228 | <bean class="org.jasig.cas.monitor.SessionMonitor" | |
| 229 | p:ticketRegistry-ref="ticketRegistry" | |
| 230 | p:serviceTicketCountWarnThreshold="5000" | |
| 231 | p:sessionCountWarnThreshold="100000" /> | |
| 232 | </util:list> | |
| 233 | </beans> |
