Commit 04251508 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

715: Make SAML administration accessible from local logins

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=715
parent 4e0cae0f
......@@ -51,5 +51,20 @@
</map>
</property>
</bean>
<!-- Initialization of OpenSAML library-->
<bean class="org.springframework.security.saml.SAMLBootstrap"/>
<!-- Central storage of cryptographic keys -->
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg value="file:${saml.keystore.path:#{null}}"/>
<constructor-arg type="java.lang.String" value="${saml.keystore.pass:#{null}}"/>
<constructor-arg>
<map>
<entry key="${saml.keystore.alias:noalias}" value="${saml.keystore.aliaspass:#{null}}"/>
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="${saml.keystore.alias:#{null}}"/>
</bean>
</beans>
\ No newline at end of file
<beans xmlns:sec="http://www.springframework.org/schema/security"
<beans xmlns:security="http://www.springframework.org/schema/security"
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
......@@ -9,32 +9,34 @@
<import resource="security-context-common.xml"/>
<sec:http disable-url-rewriting="true" auto-config="true" use-expressions="false" entry-point-ref="ajaxEntryPoint" access-decision-manager-ref="accessDecisionManager" >
<sec:csrf disabled="true"/>
<sec:intercept-url pattern="/test/jumboFluid" requires-channel="http" access="IS_AUTHENTICATED_FULLY" />
<security:http disable-url-rewriting="true" auto-config="true" use-expressions="false" entry-point-ref="ajaxEntryPoint" access-decision-manager-ref="accessDecisionManager" >
<security:csrf disabled="true"/>
<security:intercept-url pattern="/test/jumboFluid" requires-channel="http" access="IS_AUTHENTICATED_FULLY" />
<sec:custom-filter ref="redirectionAwareFilter" before="PRE_AUTH_FILTER" />
<sec:custom-filter ref="redirectionAwareFilter" after="REQUEST_CACHE_FILTER" />
<security:custom-filter ref="redirectionAwareFilter" before="PRE_AUTH_FILTER" />
<security:custom-filter ref="redirectionAwareFilter" after="REQUEST_CACHE_FILTER" />
<sec:form-login
<security:intercept-url pattern="/saml/web/**" access="IS_AUTHENTICATED_FULLY"/>
<security:form-login
authentication-success-handler-ref="successRedirectHandler"
login-page="/login"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password"
/>
<sec:logout invalidate-session="true" logout-url="/logout" logout-success-url="/" />
<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/" />
<sec:request-cache ref="requestCache"/>
</sec:http>
<security:request-cache ref="requestCache"/>
</security:http>
<bean id="ajaxEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint">
</bean>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="localAuthenticationProvider" />
</sec:authentication-manager>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="localAuthenticationProvider" />
</security:authentication-manager>
<bean id="localAuthenticationProvider" class="eu.dariah.de.dariahsp.local.LocalAuthenticationProvider">
<property name="localUserDb">
......@@ -44,4 +46,13 @@
</property>
<property name="userService" ref="userDetailsService" />
</bean>
<!-- IDP Metadata configuration - paths to metadata of IDPs in circle of trust is here -->
<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>
</list>
</constructor-arg>
</bean>
</beans>
\ No newline at end of file
......@@ -85,18 +85,6 @@
<!-- Logger for SAML messages and events -->
<bean id="samlLogger" class="org.springframework.security.saml.log.SAMLDefaultLogger"/>
<!-- Central storage of cryptographic keys -->
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg value="file:${saml.keystore.path}"/>
<constructor-arg type="java.lang.String" value="${saml.keystore.pass:#{null}}"/>
<constructor-arg>
<map>
<entry key="${saml.keystore.alias}" value="${saml.keystore.aliaspass}"/>
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="${saml.keystore.alias}"/>
</bean>
<!-- Entry point to initialize authentication, default values taken from properties file -->
<bean id="samlEntryPoint" class="org.springframework.security.saml.SAMLEntryPoint">
<property name="defaultProfileOptions">
......@@ -394,13 +382,6 @@
<bean id="paosBinding" class="org.springframework.security.saml.processor.HTTPPAOS11Binding">
<constructor-arg ref="parserPool"/>
</bean>
<!-- Initialization of OpenSAML library-->
<bean class="org.springframework.security.saml.SAMLBootstrap"/>
<!-- Initialization of the velocity engine -->
<bean id="velocityEngine" class="org.springframework.security.saml.util.VelocityFactory" factory-method="getEngine"/>
......
......@@ -36,5 +36,5 @@
</bean>
<context:component-scan base-package="eu.dariah.de.dariahsp.sample.controller" />
<!-- <context:component-scan base-package="eu.dariah.de.dariahsp.saml.web.controller" /> -->
<context:component-scan base-package="eu.dariah.de.dariahsp.saml.web.controller" />
</beans>
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment