721: Move to YML-based configuration

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=721

dariahsp-core/pom.xml

@@ -22,6 +22,11 @@
 		<artifactId>core-metamodel</artifactId>
 		<version>${eu.dariah.de.minfba.core-metamodel.version}</version>
 	</dependency>
+	<dependency>
+		<groupId>eu.dariah.de.minfba.core</groupId>
+		<artifactId>core-util</artifactId>
+		<version>${eu.dariah.de.minfba.core-util.version}</version>
+	</dependency>
   	<dependency>
   		<groupId>eu.dariah.eu</groupId>
     	<artifactId>spring-security-saml2-core</artifactId>

dariahsp-core/src/main/java/eu/dariah/de/dariahsp/local/LocalAuthenticationProvider.java

@@ -49,7 +49,7 @@ public class LocalAuthenticationProvider implements AuthenticationProvider {
 			} else {
 				throw new BadCredentialsException("Wrong password");
 			}
-		} catch (AuthenticationException e) {
+		} catch (Exception e) {
 			throw new BadCredentialsException("Provided username and/or password wrong.");
 		}
 	}

dariahsp-core/src/main/java/eu/dariah/de/dariahsp/local/LocalUserConf.java

 package eu.dariah.de.dariahsp.local;
 
-public class LocalUserConf {
+import eu.dariah.de.minfba.core.util.conversion.BaseConfigurationConvertible;
+
+public class LocalUserConf extends BaseConfigurationConvertible {
+	private static final long serialVersionUID = 5019731121422808251L;
+
 	private String username;
 	private String passhash;
 	private String[] roles;

dariahsp-core/src/main/java/eu/dariah/de/dariahsp/local/LocalUserConfService.java

 package eu.dariah.de.dariahsp.local;
 
-import java.io.File;
 import java.util.ArrayList;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.crypto.password.PasswordEncoder;
-
+import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 import eu.dariah.de.dariahsp.model.LocalUserImpl;
 import eu.dariah.de.dariahsp.model.Role;
 import eu.dariah.de.dariahsp.model.RoleImpl;
 
-public class LocalUserConfService implements UserDetailsService, ApplicationContextAware {
+public class LocalUserConfService implements UserDetailsService {
 	protected static final Logger logger = LoggerFactory.getLogger(LocalUserConfService.class);
 		
-	private String userfile;
-	private LocalUserConf[] localUserConfigurations;
-	
 	@Autowired private ObjectMapper objMapper;
 	
+	private LocalUserConf[] localUserConfigurations;
 	
-	public String getUserfile() { return userfile; }
-	public void setUserfile(String userfile) { this.userfile = userfile; }
 	
-
+	public String getUserConf() { 
+		try {
+			return objMapper.writeValueAsString(localUserConfigurations);
+		} catch (JsonProcessingException e) {
+			logger.error("Failed to serialize local user configuration", e);
+			return null;
+		} 
+	}
 	
-	@Override
-	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
-		File userconf;
-		userfile = userfile.trim();
+	public void setUserConf(String userConf) {
 		try {
-			if (userfile.startsWith("file:") || userfile.startsWith("classpath:")) {
-				userconf = applicationContext.getResource(userfile).getFile();
-			} else {
-				userconf = new File(userfile); 
-			}
-			localUserConfigurations = objMapper.readValue(userconf, LocalUserConf[].class);
+			localUserConfigurations = objMapper.readValue(userConf, LocalUserConf[].class);
 		} catch (Exception e) {
-			logger.error("Failed to initialize local user configuration: no local logins will be possible.", e);
+			logger.error("Failed to deserialize local user configuration", e);
 		}
 	}
 	
+
+	
+	
 	@Override
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 		if (localUserConfigurations!=null) {

dariahsp-core/src/main/java/eu/dariah/de/dariahsp/local/MetadataGeneratorDummyFilterBean.java

+package eu.dariah.de.dariahsp.local;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+import org.springframework.web.filter.GenericFilterBean;
+
+/**
+ * This class serves to sole purpose to allow the common configuration of local and saml security and provides a placeholder for 
+ * 	the required metadata generator filter bean for local security configurations
+ * 
+ * @author Tobias Gradl, University of Bamberg
+ * 
+ */
+public class MetadataGeneratorDummyFilterBean extends GenericFilterBean {
+
+	@Override
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+		chain.doFilter(request, response);
+	}
+
+}

dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/controller/HomeController.java

 package eu.dariah.de.dariahsp.sample.controller;
 
 import java.io.IOException;
+import java.util.List;
 
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
@@ -24,12 +25,13 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 
 import eu.dariah.de.dariahsp.configuration.ConditionalSamlSecurityConfiguration;
+import eu.dariah.de.dariahsp.local.LocalUserConf;
 import eu.dariah.de.dariahsp.web.AuthInfoHelper;
 import eu.dariah.de.dariahsp.web.RedirectCache;
 
 @Controller
 @RequestMapping(value="") 
-public class HomeController implements ApplicationContextAware  {
+public class HomeController  {
 	@Autowired private ServletContext servletContext;
 
 	@Autowired private RedirectCache redirectCache;
@@ -37,7 +39,7 @@ public class HomeController implements ApplicationContextAware  {
 	@Autowired private AuthInfoHelper authInfoHelper;
 
 	@Autowired private PropertySourcesPlaceholderConfigurer conf;
-
+	
 	
 	@Value("#{environment.saml?environment.saml:false}")
 	private boolean saml;
@@ -53,11 +55,7 @@ public class HomeController implements ApplicationContextAware  {
     }
 	
 	@RequestMapping(value = "/logout", method = RequestMethod.GET)
-	public String getLogout(@RequestParam(value = "error", required = false) String error, @RequestParam(value = "url", defaultValue = "/") String url, HttpServletRequest request, HttpServletResponse response, Model model) throws IOException  {
-		
-		//Object sasa = conf.getAppliedPropertySources().get("localProperties").getProperty("auth.local.test");
-		Object sasa2 = conf.getAppliedPropertySources().get("localProperties").getProperty("auth.local.huttut");
-		
+	public String getLogout(@RequestParam(value = "error", required = false) String error, @RequestParam(value = "url", defaultValue = "/") String url, HttpServletRequest request, HttpServletResponse response, Model model) throws IOException  {	
 		if (saml && authInfoHelper.getCurrentUserDetails(request).isAuth()) {
 			return "redirect:/saml/logout" + (!url.equals("/") ? "?loginRedirectUrl=" + url : "");
 		} else if (!saml && authInfoHelper.getCurrentUserDetails(request).isAuth()) {
@@ -88,10 +86,4 @@ public class HomeController implements ApplicationContextAware  {
 		model.addAttribute("redirectUrl", url);
 		return "common/login";
 	}
-
-	@Override
-	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
-		// TODO Auto-generated method stub
-		applicationContext.toString();
-	}
 }

dariahsp-sample/src/main/resources/dariahsp.conf

-saml.local.userfile = classpath:dariahsp_localusers.json
-
-
-saml.keystore.path			= /data/_srv/schereg/key/dfa-de-dariah-eu.jks
-
-# Uncomment if keystore is protected by password
-#saml.keystore.pass			= somepass
-
-saml.keystore.alias			= dfa.de.dariah.eu
-
-# Alias pass is required, leave empty if no alias password is set in keystore
-saml.keystore.aliaspass		= 
-
-
-saml.metadata.url			= https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-test-metadata.xml
-#saml.metadata.url			= https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-basic-metadata.xml
-
-saml.sp.baseUrl				= https://schereg.de.dariah.eu/schereg
-saml.sp.entityId			= https://schereg.de.dariah.eu
-
-saml.sp.local				= true
-saml.sp.alias				= schereg
-#saml.sp.securityProfile	= metaiop
-#saml.sp.sslSecurityProfile = pkix
-
-#saml.sp.requireArtifactResolveSigned = false
-#saml.sp.requireLogoutRequestSigned = false
-#saml.sp.requireLogoutResponseSigned = false
-
-saml.sp.signMetadata		= true
-#saml.sp.signingAlgorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
-
-saml.sp.discovery			= true
-saml.sp.discovery.url		= https://wayf.aai.dfn.de/DFN-AAI-Test/wayf
-#saml.sp.discovery.url		= https://auth.dariah.eu/CDS/WAYF
-saml.sp.discovery.return	= https://schereg.de.dariah.eu/schereg/saml/login/alias/schereg?disco=true
-saml.sp.ecpEnabled			= true
-
-#saml.sp.allowedNameIds		= EMAIL, PERSISTENT, X509_SUBJECT
-saml.sp.allowedNameIds		= EMAIL, TRANSIENT, PERSISTENT, UNSPECIFIED, X509_SUBJECT
-
-saml.sp.signingKey			= dfa.de.dariah.eu
-saml.sp.encryptionKey		= dfa.de.dariah.eu
-saml.sp.tlsKey				= dfa.de.dariah.eu
-
-saml.sp.attr.names 			= urn:oid:1.3.6.1.4.1.5923.1.1.1.6, urn:oid:0.9.2342.19200300.100.1.3, urn:oid:1.3.6.1.4.1.5923.1.1.1.7, urn:oid:1.3.6.1.4.1.5923.1.1.1.9, urn:oid:2.16.840.1.113730.3.1.241 
-saml.sp.attr.nameFormats 	= urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri
-saml.sp.attr.friendlyNames 	= eduPersonPrincipalName, mail, eduPersonEntitlement, eduPersonScopedAffiliation, displayName
-saml.sp.attr.required 		= true, true, false, false, false
-
-#saml.sp.externalMetadata	= /home/tobias/Downloads/spring_saml_metadata.xml
\ No newline at end of file

dariahsp-sample/src/main/resources/dariahsp.yml

-saml.local.userfile: classpath:dariahsp_localusers.json
-
-
-saml.keystore.path: /data/_srv/schereg/key/dfa-de-dariah-eu.jks
-
-# Uncomment if keystore is protected by password
-#saml.keystore.pass     : somepass
-
-saml.keystore.alias: dfa.de.dariah.eu
-
-# Alias pass is required, leave empty if no alias password is set in keystore
-saml.keystore.aliaspass: '' 
-
-
-saml.metadata.url: https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-test-metadata.xml
-#saml.metadata.url      : https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-basic-metadata.xml
-
-saml.sp.baseUrl: https://schereg.de.dariah.eu/schereg
-saml.sp.entityId: https://schereg.de.dariah.eu
-
-saml.sp.local: true
-saml.sp.alias: schereg
-#saml.sp.securityProfile  : metaiop
-#saml.sp.sslSecurityProfile : pkix
-
-#saml.sp.requireArtifactResolveSigned : false
-#saml.sp.requireLogoutRequestSigned : false
-#saml.sp.requireLogoutResponseSigned : false
-
-saml.sp.signMetadata    : true
-#saml.sp.signingAlgorithm : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
-
-saml.sp.discovery: true
-saml.sp.discovery.url: https://wayf.aai.dfn.de/DFN-AAI-Test/wayf
-#saml.sp.discovery.url    : https://auth.dariah.eu/CDS/WAYF
-saml.sp.discovery.return: https://schereg.de.dariah.eu/schereg/saml/login/alias/schereg?disco:true
-saml.sp.ecpEnabled: true
-
-#saml.sp.allowedNameIds   : EMAIL, PERSISTENT, X509_SUBJECT
-#saml.sp.allowedNameIds    : EMAIL, TRANSIENT, PERSISTENT, UNSPECIFIED, X509_SUBJECT
-
-saml.sp.signingKey: dfa.de.dariah.eu
-saml.sp.encryptionKey: dfa.de.dariah.eu
-saml.sp.tlsKey: dfa.de.dariah.eu
-
-
 auth:
- local: 
-   users:  
-     - username: 'tobias'
-       password: 'fuzzl'
-     - username: 'kathrin'
-       password: 'hanswurst'
-   huttut:
-    - affa: 'uffu0'
-      kaka: 
-       - pupu: lala0
-       - lulu: lolo0
-       - test: ['fupp0', 'fopp0']
-    - affa: 'uffu1'
-      kaka: 
-       - pupu: lala1
-       - lulu: lolo1
-       - test: ['fupp1', 'fopp1']
-   test: ['fupp', 'fopp'] 
+  local: 
+    users:  
+      - username: 'admin'
+        passhash: '$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW'
+        roles: ["ROLE_ADMINISTRATOR"]
+      - username: 'tgradl'
+        passhash: '$2a$10$EeajSQQUepa7H7.g4xQCaeO.hjUwh0yzYCMrfOkWCZGe1IiWaexa6'
+        roles: ["ROLE_CONTRIBUTOR"]
+  saml:
+    keystore:
+      path: /data/_srv/schereg/key/dfa-de-dariah-eu.jks
+      # Uncomment if keystore is protected by password
+      #pass: 'somepass'
+      alias: dfa.de.dariah.eu
+      aliaspass: ''
+    metadata:
+      url: https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-test-metadata.xml
+      #url: https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-basic-metadata.xml
+    sp:
+      local: true
+      alias: schereg
+      baseUrl: https://schereg.de.dariah.eu/schereg
+      entityId: https://schereg.de.dariah.eu
+      #externalMetadata : /home/tobias/Downloads/spring_saml_metadata.xml
+      #securityProfile: metaiop
+      #sslSecurityProfile: pkix
+      #requireArtifactResolveSigned: false
+      #requireLogoutRequestSigned: false
+      #requireLogoutResponseSigned: false
+      signMetadata    : true
+      #signingAlgorithm : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
+      discovery:
+        enabled: true
+        url: https://wayf.aai.dfn.de/DFN-AAI-Test/wayf
+        #url: https://auth.dariah.eu/CDS/WAYF
+        return: https://schereg.de.dariah.eu/schereg/saml/login/alias/schereg?disco:true
+      ecpEnabled: true
+      #allowedNameIds: EMAIL, TRANSIENT, PERSISTENT, UNSPECIFIED, X509_SUBJECT
+      signingKey: dfa.de.dariah.eu
+      encryptionKey: dfa.de.dariah.eu
+      tlsKey: dfa.de.dariah.eu
+
 
 #saml.sp.attr.names      : urn:oid:1.3.6.1.4.1.5923.1.1.1.6, urn:oid:0.9.2342.19200300.100.1.3, urn:oid:1.3.6.1.4.1.5923.1.1.1.7, urn:oid:1.3.6.1.4.1.5923.1.1.1.9, urn:oid:2.16.840.1.113730.3.1.241 
 #saml.sp.attr.nameFormats  : urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri
 #saml.sp.attr.friendlyNames  : eduPersonPrincipalName, mail, eduPersonEntitlement, eduPersonScopedAffiliation, displayName
-#saml.sp.attr.required     : true, true, false, false, false
-
-#saml.sp.externalMetadata : /home/tobias/Downloads/spring_saml_metadata.xml
\ No newline at end of file
+#saml.sp.attr.required     : true, true, false, false, false
\ No newline at end of file

dariahsp-sample/src/main/resources/dariahsp_localusers.json

-[
-	{
-		"username" : "admin",
-		"passhash" : "$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW",
-		"roles" : ["ROLE_ADMINISTRATOR"]
-	}
-]
\ No newline at end of file

dariahsp-sample/src/main/resources/spring/config-context.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
+
+	<context:annotation-config/>
+	
+	<bean id="configLocation" class="java.lang.String">
+		<constructor-arg value="classpath:dariahsp.yml" />
+	</bean>
+	<bean id="properties" class="org.springframework.beans.factory.config.YamlPropertiesFactoryBean">
+	    <property name="resources" ref="configLocation"/>
+	</bean>
+
+	<bean class="eu.dariah.de.minfba.core.util.init.ListAwarePropertySourcesPlaceholderConfigurer">
+	    <property name="properties" ref="properties" />
+	    <property name="objectMapper" ref="objectMapper" />
+	    <property name="conversionService" ref="conversionService" />
+	</bean>
+	
+	<bean id="conversionService" class="org.springframework.context.support.ConversionServiceFactoryBean">
+        <property name="converters">
+            <list>
+                <bean class="eu.dariah.de.minfba.core.util.conversion.JsonToStringConverter" />
+            </list>
+        </property>
+    </bean>
+	
+	<bean id="objectMapper" class="com.fasterxml.jackson.databind.ObjectMapper" />
+	
+</beans>
\ No newline at end of file

dariahsp-sample/src/main/resources/spring/root-context.xml

@@ -18,21 +18,7 @@
 		</property>
 	</bean> -->
 	
-	<context:annotation-config/>
 	
-	<bean id="configLocation" class="java.lang.String">
-		<constructor-arg value="classpath:dariahsp.yml" />
-	</bean>
-	<bean id="properties" class="org.springframework.beans.factory.config.YamlPropertiesFactoryBean">
-	    <property name="resources" ref="configLocation"/>
-	</bean>
-
-	<bean class="eu.dariah.de.minfba.core.web.init.ListAwarePropertySourcesPlaceholderConfigurer">
-	    <property name="properties" ref="properties" />
-	    <property name="objectMapper" ref="objectMapper" />
-	</bean>
-	
-	<bean id="objectMapper" class="com.fasterxml.jackson.databind.ObjectMapper" />
 	
 	<context:component-scan base-package="eu.dariah.de.dariahsp.configuration" />
 </beans>
\ No newline at end of file

dariahsp-sample/src/main/resources/spring/security/security-context-common.xml

@@ -88,14 +88,14 @@
 
 	<!-- Central storage of cryptographic keys -->
     <bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
-        <constructor-arg value="file:${saml.keystore.path:#{null}}"/>
-        <constructor-arg type="java.lang.String" value="${saml.keystore.pass:#{null}}"/>
+        <constructor-arg value="file:${auth.saml.keystore.path:#{null}}"/>
+        <constructor-arg type="java.lang.String" value="${auth.saml.keystore.pass:#{null}}"/>
         <constructor-arg>
             <map>
-                <entry key="${saml.keystore.alias:noalias}" value="${saml.keystore.aliaspass:#{null}}"/>
+                <entry key="${auth.saml.keystore.alias:noalias}" value="${auth.saml.keystore.aliaspass:#{null}}"/>
             </map>
         </constructor-arg>
-        <constructor-arg type="java.lang.String" value="${saml.keystore.alias:#{null}}"/>
+        <constructor-arg type="java.lang.String" value="${auth.saml.keystore.alias:#{null}}"/>
     </bean>
 
 </beans>
\ No newline at end of file

dariahsp-sample/src/main/resources/spring/security/security-context-local.xml

@@ -33,6 +33,8 @@
 		<security:request-cache ref="requestCache"/>
 	</security:http> -->
 	    
+	<bean id="metadataGeneratorFilter" class="eu.dariah.de.dariahsp.local.MetadataGeneratorDummyFilterBean" />
+	    
     <!-- Filters for processing of local authentication -->
     <bean id="authFilter" class="org.springframework.security.web.FilterChainProxy">
     	<security:filter-chain-map request-matcher="ant">
@@ -78,7 +80,7 @@
 	<bean id="localAuthenticationProvider" class="eu.dariah.de.dariahsp.local.LocalAuthenticationProvider">
 		<property name="localUserDb">
 			<bean class="eu.dariah.de.dariahsp.local.LocalUserConfService">
-				<property name="userfile" value="${saml.local.userfile}" />
+				<property name="userConf" value="${auth.local.users}" />
 			</bean>
 		</property>
 		<property name="userService" ref="userDetailsService" />

dariahsp-sample/src/main/resources/spring/security/security-context-saml.xml

@@ -59,7 +59,7 @@
     </bean>
 
 	<bean id="externalLocalSpMetadataConfigured" class="java.lang.Boolean">
-		<constructor-arg value="#{'${saml.sp.externalMetadata:null}'!='null'}" />
+		<constructor-arg value="#{'${auth.saml.sp.externalMetadata:null}'!='null'}" />
 	</bean>
 
     <!-- Filter automatically generates default SP metadata -->
@@ -67,16 +67,16 @@
     <bean id="metadataGeneratorFilter" class="eu.dariah.de.dariahsp.saml.metadata.ConditionalMetadataGeneratorFilter">
         <constructor-arg>
             <bean class="eu.dariah.de.dariahsp.saml.metadata.AttributeMetadataGenerator">
-            	<property name="entityBaseURL" value="${saml.sp.baseUrl}" />
-            	<property name="entityId" value="${saml.sp.entityId}" />
-            	<property name="includeDiscoveryExtension" value="${saml.sp.discovery}" />
-            	<property name="nameID" value="#{'${saml.sp.allowedNameIds:EMAIL,TRANSIENT,PERSISTENT,UNSPECIFIED,X509_SUBJECT}'.split(',')}" />
+            	<property name="entityBaseURL" value="${auth.saml.sp.baseUrl}" />
+            	<property name="entityId" value="${auth.saml.sp.entityId}" />
+            	<property name="includeDiscoveryExtension" value="${auth.saml.sp.discovery.enabled}" />
+            	<property name="nameID" value="#{'${auth.saml.sp.allowedNameIds:EMAIL,TRANSIENT,PERSISTENT,UNSPECIFIED,X509_SUBJECT}'.split(',')}" />
                 <property name="extendedMetadata" ref="localSpMetadata" />
                 
-                <property name="attributeNames" value="${saml.sp.attr.names:null}" />
-                <property name="attributeFriendlyNames" value="${saml.sp.attr.friendlyNames:null}" />
-                <property name="attributeNameFormats" value="${saml.sp.attr.nameFormats:null}" />
-                <property name="attributeRequired" value="${saml.sp.attr.required:null}" />
+                <property name="attributeNames" value="${auth.saml.sp.attr.names:null}" />
+                <property name="attributeFriendlyNames" value="${auth.saml.sp.attr.friendlyNames:null}" />
+                <property name="attributeNameFormats" value="${auth.saml.sp.attr.nameFormats:null}" />
+                <property name="attributeRequired" value="${auth.saml.sp.attr.required:null}" />
             </bean>
         </constructor-arg>
         <constructor-arg ref="externalLocalSpMetadataConfigured" />
@@ -91,7 +91,7 @@
 	            </constructor-arg>
 	            <constructor-arg>
 	                <bean class="org.opensaml.util.resource.FilesystemResource">
-	                    <constructor-arg value="${saml.sp.externalMetadata:''}"/>
+	                    <constructor-arg value="${auth.saml.sp.externalMetadata:''}"/>
 	                </bean>
 	            </constructor-arg>
 	            <constructor-arg ref="externalLocalSpMetadataConfigured" />
@@ -102,28 +102,28 @@
 	</bean>
     
     <bean id="localSpMetadata" class="org.springframework.security.saml.metadata.ExtendedMetadata">
-    	<property name="local" value="${saml.sp.local:true}"/>
-        <property name="alias" value="${saml.sp.alias}"/>
-        <property name="securityProfile" value="${saml.sp.securityProfile:metaiop}"/>
-        <property name="sslSecurityProfile" value="${saml.sp.sslSecurityProfile:pkix}"/>
-        <property name="sslHostnameVerification" value="${saml.sp.sslHostnameVerification:default}"/>
+    	<property name="local" value="${auth.saml.sp.local:true}"/>
+        <property name="alias" value="${auth.saml.sp.alias}"/>
+        <property name="securityProfile" value="${auth.saml.sp.securityProfile:metaiop}"/>
+        <property name="sslSecurityProfile" value="${auth.saml.sp.sslSecurityProfile:pkix}"/>
+        <property name="sslHostnameVerification" value="${auth.saml.sp.sslHostnameVerification:default}"/>
     
-    	<property name="encryptionKey" value="${saml.sp.encryptionKey}" />
-        <property name="tlsKey" value="${saml.sp.tlsKey}" />
-        <property name="signMetadata" value="${saml.sp.signMetadata}" />
+    	<property name="encryptionKey" value="${auth.saml.sp.encryptionKey}" />
+        <property name="tlsKey" value="${auth.saml.sp.tlsKey}" />
+        <property name="signMetadata" value="${auth.saml.sp.signMetadata}" />
         
-        <property name="ecpEnabled" value="${saml.sp.ecpEnabled}" />
-        <property name="signingKey" value="${saml.sp.signingKey}" />
+        <property name="ecpEnabled" value="${auth.saml.sp.ecpEnabled}" />
+        <property name="signingKey" value="${auth.saml.sp.signingKey}" />
         
-        <property name="requireArtifactResolveSigned" value="${saml.sp.requireArtifactResolveSigned:true}"/>
-        <property name="requireLogoutRequestSigned" value="${saml.sp.requireLogoutRequestSigned:true}"/>
-        <property name="requireLogoutResponseSigned" value="${saml.sp.requireLogoutResponseSigned:false}"/>
+        <property name="requireArtifactResolveSigned" value="${auth.saml.sp.requireArtifactResolveSigned:true}"/>
+        <property name="requireLogoutRequestSigned" value="${auth.saml.sp.requireLogoutRequestSigned:true}"/>
+        <property name="requireLogoutResponseSigned" value="${auth.saml.sp.requireLogoutResponseSigned:false}"/>
         
-        <property name="signingAlgorithm" value="${saml.sp.signingAlgorithm:http://www.w3.org/2001/04/xmldsig-more#rsa-sha256}" />
+        <property name="signingAlgorithm" value="${auth.saml.sp.signingAlgorithm:http://www.w3.org/2001/04/xmldsig-more#rsa-sha256}" />
         
-        <property name="idpDiscoveryEnabled" value="${saml.sp.discovery}" />
-        <property name="idpDiscoveryURL" value="${saml.sp.discovery.url}" />
-        <property name="idpDiscoveryResponseURL" value="${saml.sp.discovery.return}" />
+        <property name="idpDiscoveryEnabled" value="${auth.saml.sp.discovery.enabled}" />
+        <property name="idpDiscoveryURL" value="${auth.saml.sp.discovery.url}" />
+        <property name="idpDiscoveryResponseURL" value="${auth.saml.sp.discovery.return}" />
     </bean>
  
     <!-- The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there -->
@@ -140,9 +140,9 @@
 
     <!-- IDP Metadata configuration - paths to metadata of IDPs in circle of trust is here -->
     <bean id="metadata" class="eu.dariah.de.dariahsp.saml.metadata.ConditionalMetadataManager">
-    	<constructor-arg value="${saml.sp.externalMetadata:#{null}}" />
+    	<constructor-arg value="${auth.saml.sp.externalMetadata:#{null}}" />
     	<constructor-arg ref="externalMetadata" />
-    	<constructor-arg value="${saml.sp.entityId}"/>
+    	<constructor-arg value="${auth.saml.sp.entityId}"/>
         <constructor-arg>
             <list>
                 
@@ -150,7 +150,7 @@
                 <bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
                     <!-- URL containing the metadata -->
                     <constructor-arg>
-                        <value type="java.lang.String">${saml.metadata.url}</value>
+                        <value type="java.lang.String">${auth.saml.metadata.url}</value>
                     </constructor-arg>
                     <!-- Timeout for metadata loading in ms -->
                     <constructor-arg>

dariahsp-sample/src/main/resources/spring/servlet/servlet-context.xml

@@ -12,9 +12,9 @@
 	<mvc:annotation-driven />
 	<mvc:resources location="/resources/" mapping="/resources/**" cache-period="31556926"/>
 	
+	<import resource="../config-context.xml"/>
 	
 	<sec:global-method-security pre-post-annotations="enabled" secured-annotations="enabled" />
-<context:annotation-config/>
 	<mvc:interceptors>
 		<mvc:interceptor>
 			<mvc:mapping path="/**"/>