Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?xml version="1.0" encoding="UTF-8"?>
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c" xmlns:tx="http://www.springframework.org/schema/tx"
- xmlns:util="http://www.springframework.org/schema/util" xmlns:sec="http://www.springframework.org/schema/security"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
- http://www.springframework.org/schema/tx
- http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.2.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util.xsd">
- <bean id="authenticationManager"
- class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
- <constructor-arg>
- <map>
- <entry key-ref="ldapAuthenticationHandler" value-ref="usernamePasswordCredentialsResolver" />
- </map>
- </constructor-arg>
- </bean>
- <bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler"
- p:principalIdAttribute="uid">
- <constructor-arg ref="authenticator" />
- <property name="principalAttributeMap">
- <map>
- <entry key="mail" value="mail" />
- <entry key="cn" value="cn" />
- </map>
- </property>
- </bean>
- <bean id="authenticator" class="org.ldaptive.auth.Authenticator"
- c:resolver-ref="pooledSearchDnResolver" c:handler-ref="pooledBindHandler" />
- <!-- <bean id="pooledSearchDnResolver" class="org.ldaptive.auth.PooledSearchDnResolver"
- p:baseDn="dc=example,dc=com(CHANGE-TO-YOUR-PROPERTY)" p:subtreeSearch="true"
- p:allowMultipleDns="false" p:connectionFactory-ref="pooledConnectionFactory"
- p:userFilter="uid(CHANGE-TO-YOUR-PROPERTY)={user}" /> -->
- <bean id="pooledSearchDnResolver" class="org.ldaptive.auth.PooledSearchDnResolver"
- p:baseDn="ou=users,ou=system,dc=example,dc=com" p:subtreeSearch="true"
- p:allowMultipleDns="false" p:connectionFactory-ref="pooledConnectionFactory"
- p:userFilter="uid={user}" />
- <bean id="pooledBindHandler" class="org.ldaptive.auth.PooledBindAuthenticationHandler"
- p:connectionFactory-ref="pooledConnectionFactory" />
- <bean id="pooledConnectionFactory" class="org.ldaptive.pool.PooledConnectionFactory"
- p:connectionPool-ref="connectionPool" />
- <bean id="connectionPool" class="org.ldaptive.pool.BlockingConnectionPool"
- init-method="initialize" p:poolConfig-ref="ldapPoolConfig"
- p:blockWaitTime="3000" p:validator-ref="searchValidator"
- p:pruneStrategy-ref="pruneStrategy" p:connectionFactory-ref="connectionFactory" />
- <bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
- p:minPoolSize="3" p:maxPoolSize="10" p:validateOnCheckOut="true"
- p:validatePeriodically="false" p:validatePeriod="300" />
- <bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />
- <bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
- p:prunePeriod="300" p:idleTime="600" />
- <bean id="connectionFactory" class="org.ldaptive.DefaultConnectionFactory"
- p:connectionConfig-ref="connectionConfig" />
- <!-- <bean id="connectionConfig" class="org.ldaptive.ConnectionConfig"
- p:ldapUrl="ldap://localhost(CHANGE-TO-YOUR-PROPERTY):10389(CHANGE-TO-YOUR-PROPERTY)"
- p:connectTimeout="3000" p:useStartTLS="false"
- p:connectionInitializer-ref="bindConnectionInitializer" /> -->
- <bean id="connectionConfig" class="org.ldaptive.ConnectionConfig"
- p:ldapUrl="ldap://localhost:10389"
- p:connectTimeout="3000" p:useStartTLS="false"
- p:connectionInitializer-ref="bindConnectionInitializer" />
- <!-- <bean id="bindConnectionInitializer" class="org.ldaptive.BindConnectionInitializer"
- p:bindDn="uid=admin,ou=system(CHANGE-TO-YOUR-PROPERTY)">
- <property name="bindCredential">
- <bean class="org.ldaptive.Credential" c:password="secret(CHANGE-TO-YOUR-PROPERTY)" />
- </property>
- </bean> -->
- <bean id="bindConnectionInitializer" class="org.ldaptive.BindConnectionInitializer"
- p:bindDn="uid=admin,ou=system">
- <property name="bindCredential">
- <bean class="org.ldaptive.Credential" c:password="secret" />
- </property>
- </bean>
- <!-- | Credential-to-principal resolver beans -->
- <bean id="usernamePasswordCredentialsResolver"
- class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
- <bean id="httpBasedCredentialsResolver"
- class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
- <!-- Required for proxy ticket mechanism. -->
- <bean id="proxyAuthenticationHandler"
- class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
- p:httpClient-ref="httpClient" />
- <bean id="primaryAuthenticationHandler"
- class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
- <property name="users">
- <map>
- <entry key="casuser" value="Mellon" />
- </map>
- </property>
- </bean>
- <!-- Required for proxy ticket mechanism -->
- <bean id="proxyPrincipalResolver"
- class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
- <!-- | Resolves a principal from a credential using an attribute repository
- that is configured to resolve | against a deployer-specific store (e.g. LDAP). -->
- <bean id="primaryPrincipalResolver"
- class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver">
- <property name="attributeRepository" ref="attributeRepository" />
- </bean>
- <!-- Bean that defines the attributes that a service may return. This example
- uses the Stub/Mock version. A real implementation may go against a database
- or LDAP server. The id should remain "attributeRepository" though. + -->
- <bean id="attributeRepository"
- class="org.jasig.services.persondir.support.StubPersonAttributeDao"
- p:backingMap-ref="attrRepoBackingMap" />
- <util:map id="attrRepoBackingMap">
- <entry key="uid" value="uid" />
- <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
- <entry key="groupMembership" value="groupMembership" />
- </util:map>
- <!-- Sample, in-memory data store for the ServiceRegistry. A real implementation
- would probably want to replace this with the JPA-backed ServiceRegistry DAO
- The name of this bean should remain "serviceRegistryDao". + -->
- <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
- p:registeredServices-ref="registeredServicesList" />
- <util:list id="registeredServicesList">
- <bean class="org.jasig.cas.services.RegexRegisteredService" p:id="0"
- p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols"
- p:serviceId="^(https?|imaps?)://.*" p:evaluationOrder="10000001" />
- <!-- Use the following definition instead of the above to further restrict
- access to services within your domain (including sub domains). Note that
- example.com must be replaced with the domain you wish to permit. This example
- also demonstrates the configuration of an attribute filter that only allows
- for attributes whose length is 3. -->
- <!-- <bean class="org.jasig.cas.services.RegexRegisteredService"> <property
- name="id" value="1" /> <property name="name" value="HTTP and IMAP on example.com"
- /> <property name="description" value="Allows HTTP(S) and IMAP(S) protocols
- on example.com" /> <property name="serviceId" value="^(https?|imaps?)://([A-Za-z0-9_-]+\.)*example\.com/.*"
- /> <property name="evaluationOrder" value="0" /> <property name="attributeFilter">
- <bean class="org.jasig.cas.services.support.RegisteredServiceRegexAttributeFilter"
- c:regex="^\w{3}$" /> </property> </bean> -->
- </util:list>
- <bean id="auditTrailManager"
- class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
- <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor"
- p:monitors-ref="monitorsList" />
- <util:list id="monitorsList">
- <bean class="org.jasig.cas.monitor.MemoryMonitor"
- p:freeMemoryWarnThreshold="10" />
- <!-- NOTE The following ticket registries support SessionMonitor: * DefaultTicketRegistry
- * JpaTicketRegistry Remove this monitor if you use an unsupported registry. -->
- <bean class="org.jasig.cas.monitor.SessionMonitor"
- p:ticketRegistry-ref="ticketRegistry"
- p:serviceTicketCountWarnThreshold="5000" p:sessionCountWarnThreshold="100000" />
- </util:list>
- </beans>
Add Comment
Please, Sign In to add comment