security-context-local.xml 4.6 KB
Newer Older
1
<beans xmlns:security="http://www.springframework.org/schema/security"
2
3
4
	xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:context="http://www.springframework.org/schema/context"
5
6
7
	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
8
				
9
10
	<import resource="security-context-common.xml"/>	

11
12
13

	

14
	
15
	<!-- <security:http disable-url-rewriting="true" auto-config="true" use-expressions="false" access-decision-manager-ref="accessDecisionManager" >
16
17
		<security:csrf disabled="true"/>
		<security:intercept-url pattern="/test/jumboFluid" requires-channel="http" access="IS_AUTHENTICATED_FULLY" />
18
		
19
20
		<security:custom-filter ref="redirectionAwareFilter" before="PRE_AUTH_FILTER" />
		<security:custom-filter ref="redirectionAwareFilter" after="REQUEST_CACHE_FILTER" />
21
		
22
23
24
		 <security:intercept-url pattern="/saml/web/**" access="IS_AUTHENTICATED_FULLY"/>
		
		<security:form-login 
25
			authentication-success-handler-ref="successRedirectHandler"
26
27
28
29
30
			login-page="/login" 
			authentication-failure-url="/login?error"
			username-parameter="username"
			password-parameter="password"
			/>
31
		<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/" />
32
		
33
		<security:request-cache ref="requestCache"/>
34
	</security:http> -->
35
	    
36
37
38
39
40
    <bean id="metadataGenerator" class="eu.dariah.de.dariahsp.saml.metadata.AttributeMetadataGenerator" scope="prototype">
        <property name="requiredAttributes" ref="requiredAttributes" />
    </bean>
        
	   
41
42
43
    <!-- Filters for processing of local authentication -->
    <bean id="authFilter" class="org.springframework.security.web.FilterChainProxy">
    	<security:filter-chain-map request-matcher="ant">
44
    		<security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
45
46
47
48
49
50
51
52
53
54
55
56
57
        	<security:filter-chain pattern="/localsec/login/**" filters="loginFilter"/>
        	<security:filter-chain pattern="/localsec/logout/**" filters="logoutFilter"/>
        </security:filter-chain-map>
    </bean>
    
    <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
    	<constructor-arg ref="successLogoutHandler" />
    	<constructor-arg ref="logoutHandler" />
    
    	<property name="filterProcessesUrl" value="/localsec/logout" />
    </bean>
    
    <bean id="loginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" >
58
    	<property name="authenticationManager" ref="authenticationManager" />
59
    	<property name="filterProcessesUrl" value="/localsec/login" />
60
61
62
    	
    	<property name="authenticationSuccessHandler" ref="successRedirectHandler" />
    	
63
64
65
66
67
    </bean>
    
    <bean id="logoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
        <property name="invalidateHttpSession" value="true"/>
        <property name="clearAuthentication" value="true" />
68
69
70
71
72
73
    </bean>
    
    <security:authentication-manager id="authenticationManager" alias="authenticationManager">
	  <security:authentication-provider ref="localAuthenticationProvider" />
	</security:authentication-manager>
    
74
75
76
77
	<bean id="securityEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
		<constructor-arg value="/login" />
		<property name="forceHttps" value="true" />
	</bean>
78
	
79
	
80
 	<!-- Map only for ajax calls; how??? entry-point-ref="ajaxEntryPoint"  -->
81
82
83
  	<bean id="ajaxEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint">
	</bean>
	
84
85
86
	<bean id="localAuthenticationProvider" class="eu.dariah.de.dariahsp.local.LocalAuthenticationProvider">
		<property name="localUserDb">
			<bean class="eu.dariah.de.dariahsp.local.LocalUserConfService">
87
				<property name="userConf" value="${auth.local.users}" />
88
89
90
			</bean>
		</property>
		<property name="userService" ref="userDetailsService" />
91
		<property name="encoder"><bean class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/></property>
92
	</bean>
93
94
95
96
97
98
99
100
101
	
	<!-- IDP Metadata configuration - paths to metadata of IDPs in circle of trust is here -->
    <bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
    	<constructor-arg>
            <list>
            </list>
     	</constructor-arg>
    </bean>
	
102
</beans>