Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?xml version="1.0" encoding="UTF-8"?>
- <!--
- Licensed to Apereo under one or more contributor license
- agreements. See the NOTICE file distributed with this work
- for additional information regarding copyright ownership.
- Apereo licenses this file to you under the Apache License,
- Version 2.0 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a
- copy of the License at the following location:
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
- -->
- <!--
- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that
- | all CAS deployers will need to modify.
- |
- | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.
- | The beans declared in this file are instantiated at context initialization time by the Spring
- | ContextLoaderListener declared in web.xml. It finds this file because this
- | file is among those declared in the context parameter "contextConfigLocation".
- |
- | By far the most common change you will need to make in this file is to change the last bean
- | declaration to replace the default authentication handler with
- | one implementing your approach for authenticating usernames and passwords.
- +-->
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:tx="http://www.springframework.org/schema/tx"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:sec="http://www.springframework.org/schema/security"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
- <!--
- | The authentication manager defines security policy for authentication by specifying at a minimum
- | the authentication handlers that will be used to authenticate credential. While the AuthenticationManager
- | interface supports plugging in another implementation, the default PolicyBasedAuthenticationManager should
- | be sufficient in most cases.
- +-->
- <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
- <constructor-arg>
- <map>
- <!--
- | IMPORTANT
- | Every handler requires a unique name.
- | If more than one instance of the same handler class is configured, you must explicitly
- | set its name to something other than its default name (typically the simple class name).
- -->
- <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
- <entry key-ref="SearchModeSearchDatabaseAuthenticationHandler" value-ref="primaryPrincipalResolver" />
- <!--entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /-->
- </map>
- </constructor-arg>
- <!-- Uncomment the metadata populator to capture the password.
- <property name="authenticationMetaDataPopulators">
- <util:list>
- <bean class="org.jasig.cas.authentication.CacheCredentialsMetaDataPopulator"/>
- </util:list>
- </property>
- -->
- <!--
- | Defines the security policy around authentication. Some alternative policies that ship with CAS:
- |
- | * NotPreventedAuthenticationPolicy - all credential must either pass or fail authentication
- | * AllAuthenticationPolicy - all presented credential must be authenticated successfully
- | * RequiredHandlerAuthenticationPolicy - specifies a handler that must authenticate its credential to pass
- -->
- <property name="authenticationPolicy">
- <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
- </property>
- </bean>
- <!-- Required for proxy ticket mechanism. -->
- <bean id="proxyAuthenticationHandler"
- class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
- p:httpClient-ref="supportsTrustStoreSslSocketFactoryHttpClient" />
- <!-- Authentication method start-->
- <bean id="dataSource"
- class="com.mchange.v2.c3p0.ComboPooledDataSource"
- p:driverClass="com.mysql.jdbc.Driver"
- p:jdbcUrl="jdbc:mysql://localhost:3306/propadmin"
- p:user="root"
- p:password="infoedge" />
- <!-- Authentication method end-->
- <bean id="passwordEncoder"
- class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
- c:encodingAlgorithm="MD5"
- p:characterEncoding="UTF-8" />
- <bean id="SearchModeSearchDatabaseAuthenticationHandler"
- class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler"
- p:dataSource-ref="dataSource"
- p:passwordEncoder-ref="passwordEncoder"
- p:tableUsers="PSWRDS"
- p:fieldUser="USERNAME"
- p:fieldPassword="PASSWORD" />
- <!--
- | TODO: Replace this component with one suitable for your enviroment.
- |
- | This component provides authentication for the kind of credential used in your environment. In most cases
- | credential is a username/password pair that lives in a system of record like an LDAP directory.
- | The most common authentication handler beans:
- |
- | * org.jasig.cas.authentication.LdapAuthenticationHandler
- | * org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler
- | * org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler
- | * org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler
- -->
- <!--bean id="primaryAuthenticationHandler"
- class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
- <property name="users">
- <map>
- <entry key="casuser" value="Mellon"/>
- </map>
- </property>
- </bean-->
- <!-- Required for proxy ticket mechanism -->
- <bean id="proxyPrincipalResolver"
- class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
- <!--
- | Resolves a principal from a credential using an attribute repository that is configured to resolve
- | against a deployer-specific store (e.g. LDAP).
- -->
- <bean id="primaryPrincipalResolver"
- class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver"
- p:principalFactory-ref="principalFactory"
- p:attributeRepository-ref="attributeRepository" />
- <!--
- Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation
- may go against a database or LDAP server. The id should remain "attributeRepository" though.
- +-->
- <bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
- p:backingMap-ref="attrRepoBackingMap" />
- <util:map id="attrRepoBackingMap">
- <entry key="uid" value="uid" />
- <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
- <entry key="groupMembership" value="groupMembership" />
- <entry>
- <key><value>memberOf</value></key>
- <list>
- <value>faculty</value>
- <value>staff</value>
- <value>org</value>
- </list>
- </entry>
- </util:map>
- <bean id="serviceRegistryDao" class="org.jasig.cas.services.JsonServiceRegistryDao"
- c:configDirectory="${service.registry.config.location:classpath:services}" />
- <bean id="auditTrailManager" class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
- <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" />
- <util:list id="monitorsList">
- <bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" />
- <!--
- NOTE
- The following ticket registries support SessionMonitor:
- * DefaultTicketRegistry
- * JpaTicketRegistry
- Remove this monitor if you use an unsupported registry.
- -->
- <bean class="org.jasig.cas.monitor.SessionMonitor"
- p:ticketRegistry-ref="ticketRegistry"
- p:serviceTicketCountWarnThreshold="5000"
- p:sessionCountWarnThreshold="100000" />
- </util:list>
- </beans>
Add Comment
Please, Sign In to add comment