Commit a7da196f authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

721: Move to YML-based configuration

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=721
parent 98514e95
......@@ -22,6 +22,11 @@
<artifactId>core-metamodel</artifactId>
<version>${eu.dariah.de.minfba.core-metamodel.version}</version>
</dependency>
<dependency>
<groupId>eu.dariah.de.minfba.core</groupId>
<artifactId>core-util</artifactId>
<version>${eu.dariah.de.minfba.core-util.version}</version>
</dependency>
<dependency>
<groupId>eu.dariah.eu</groupId>
<artifactId>spring-security-saml2-core</artifactId>
......
......@@ -49,7 +49,7 @@ public class LocalAuthenticationProvider implements AuthenticationProvider {
} else {
throw new BadCredentialsException("Wrong password");
}
} catch (AuthenticationException e) {
} catch (Exception e) {
throw new BadCredentialsException("Provided username and/or password wrong.");
}
}
......
package eu.dariah.de.dariahsp.local;
public class LocalUserConf {
import eu.dariah.de.minfba.core.util.conversion.BaseConfigurationConvertible;
public class LocalUserConf extends BaseConfigurationConvertible {
private static final long serialVersionUID = 5019731121422808251L;
private String username;
private String passhash;
private String[] roles;
......
package eu.dariah.de.dariahsp.local;
import java.io.File;
import java.util.ArrayList;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import eu.dariah.de.dariahsp.model.LocalUserImpl;
import eu.dariah.de.dariahsp.model.Role;
import eu.dariah.de.dariahsp.model.RoleImpl;
public class LocalUserConfService implements UserDetailsService, ApplicationContextAware {
public class LocalUserConfService implements UserDetailsService {
protected static final Logger logger = LoggerFactory.getLogger(LocalUserConfService.class);
private String userfile;
private LocalUserConf[] localUserConfigurations;
@Autowired private ObjectMapper objMapper;
private LocalUserConf[] localUserConfigurations;
public String getUserfile() { return userfile; }
public void setUserfile(String userfile) { this.userfile = userfile; }
public String getUserConf() {
try {
return objMapper.writeValueAsString(localUserConfigurations);
} catch (JsonProcessingException e) {
logger.error("Failed to serialize local user configuration", e);
return null;
}
}
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
File userconf;
userfile = userfile.trim();
public void setUserConf(String userConf) {
try {
if (userfile.startsWith("file:") || userfile.startsWith("classpath:")) {
userconf = applicationContext.getResource(userfile).getFile();
} else {
userconf = new File(userfile);
}
localUserConfigurations = objMapper.readValue(userconf, LocalUserConf[].class);
localUserConfigurations = objMapper.readValue(userConf, LocalUserConf[].class);
} catch (Exception e) {
logger.error("Failed to initialize local user configuration: no local logins will be possible.", e);
logger.error("Failed to deserialize local user configuration", e);
}
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
if (localUserConfigurations!=null) {
......
package eu.dariah.de.dariahsp.local;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.springframework.web.filter.GenericFilterBean;
/**
* This class serves to sole purpose to allow the common configuration of local and saml security and provides a placeholder for
* the required metadata generator filter bean for local security configurations
*
* @author Tobias Gradl, University of Bamberg
*
*/
public class MetadataGeneratorDummyFilterBean extends GenericFilterBean {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
chain.doFilter(request, response);
}
}
package eu.dariah.de.dariahsp.sample.controller;
import java.io.IOException;
import java.util.List;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
......@@ -24,12 +25,13 @@ import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import eu.dariah.de.dariahsp.configuration.ConditionalSamlSecurityConfiguration;
import eu.dariah.de.dariahsp.local.LocalUserConf;
import eu.dariah.de.dariahsp.web.AuthInfoHelper;
import eu.dariah.de.dariahsp.web.RedirectCache;
@Controller
@RequestMapping(value="")
public class HomeController implements ApplicationContextAware {
public class HomeController {
@Autowired private ServletContext servletContext;
@Autowired private RedirectCache redirectCache;
......@@ -37,7 +39,7 @@ public class HomeController implements ApplicationContextAware {
@Autowired private AuthInfoHelper authInfoHelper;
@Autowired private PropertySourcesPlaceholderConfigurer conf;
@Value("#{environment.saml?environment.saml:false}")
private boolean saml;
......@@ -53,11 +55,7 @@ public class HomeController implements ApplicationContextAware {
}
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String getLogout(@RequestParam(value = "error", required = false) String error, @RequestParam(value = "url", defaultValue = "/") String url, HttpServletRequest request, HttpServletResponse response, Model model) throws IOException {
//Object sasa = conf.getAppliedPropertySources().get("localProperties").getProperty("auth.local.test");
Object sasa2 = conf.getAppliedPropertySources().get("localProperties").getProperty("auth.local.huttut");
public String getLogout(@RequestParam(value = "error", required = false) String error, @RequestParam(value = "url", defaultValue = "/") String url, HttpServletRequest request, HttpServletResponse response, Model model) throws IOException {
if (saml && authInfoHelper.getCurrentUserDetails(request).isAuth()) {
return "redirect:/saml/logout" + (!url.equals("/") ? "?loginRedirectUrl=" + url : "");
} else if (!saml && authInfoHelper.getCurrentUserDetails(request).isAuth()) {
......@@ -88,10 +86,4 @@ public class HomeController implements ApplicationContextAware {
model.addAttribute("redirectUrl", url);
return "common/login";
}
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
// TODO Auto-generated method stub
applicationContext.toString();
}
}
saml.local.userfile = classpath:dariahsp_localusers.json
saml.keystore.path = /data/_srv/schereg/key/dfa-de-dariah-eu.jks
# Uncomment if keystore is protected by password
#saml.keystore.pass = somepass
saml.keystore.alias = dfa.de.dariah.eu
# Alias pass is required, leave empty if no alias password is set in keystore
saml.keystore.aliaspass =
saml.metadata.url = https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-test-metadata.xml
#saml.metadata.url = https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-basic-metadata.xml
saml.sp.baseUrl = https://schereg.de.dariah.eu/schereg
saml.sp.entityId = https://schereg.de.dariah.eu
saml.sp.local = true
saml.sp.alias = schereg
#saml.sp.securityProfile = metaiop
#saml.sp.sslSecurityProfile = pkix
#saml.sp.requireArtifactResolveSigned = false
#saml.sp.requireLogoutRequestSigned = false
#saml.sp.requireLogoutResponseSigned = false
saml.sp.signMetadata = true
#saml.sp.signingAlgorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
saml.sp.discovery = true
saml.sp.discovery.url = https://wayf.aai.dfn.de/DFN-AAI-Test/wayf
#saml.sp.discovery.url = https://auth.dariah.eu/CDS/WAYF
saml.sp.discovery.return = https://schereg.de.dariah.eu/schereg/saml/login/alias/schereg?disco=true
saml.sp.ecpEnabled = true
#saml.sp.allowedNameIds = EMAIL, PERSISTENT, X509_SUBJECT
saml.sp.allowedNameIds = EMAIL, TRANSIENT, PERSISTENT, UNSPECIFIED, X509_SUBJECT
saml.sp.signingKey = dfa.de.dariah.eu
saml.sp.encryptionKey = dfa.de.dariah.eu
saml.sp.tlsKey = dfa.de.dariah.eu
saml.sp.attr.names = urn:oid:1.3.6.1.4.1.5923.1.1.1.6, urn:oid:0.9.2342.19200300.100.1.3, urn:oid:1.3.6.1.4.1.5923.1.1.1.7, urn:oid:1.3.6.1.4.1.5923.1.1.1.9, urn:oid:2.16.840.1.113730.3.1.241
saml.sp.attr.nameFormats = urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri
saml.sp.attr.friendlyNames = eduPersonPrincipalName, mail, eduPersonEntitlement, eduPersonScopedAffiliation, displayName
saml.sp.attr.required = true, true, false, false, false
#saml.sp.externalMetadata = /home/tobias/Downloads/spring_saml_metadata.xml
\ No newline at end of file
saml.local.userfile: classpath:dariahsp_localusers.json
saml.keystore.path: /data/_srv/schereg/key/dfa-de-dariah-eu.jks
# Uncomment if keystore is protected by password
#saml.keystore.pass : somepass
saml.keystore.alias: dfa.de.dariah.eu
# Alias pass is required, leave empty if no alias password is set in keystore
saml.keystore.aliaspass: ''
saml.metadata.url: https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-test-metadata.xml
#saml.metadata.url : https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-basic-metadata.xml
saml.sp.baseUrl: https://schereg.de.dariah.eu/schereg
saml.sp.entityId: https://schereg.de.dariah.eu
saml.sp.local: true
saml.sp.alias: schereg
#saml.sp.securityProfile : metaiop
#saml.sp.sslSecurityProfile : pkix
#saml.sp.requireArtifactResolveSigned : false
#saml.sp.requireLogoutRequestSigned : false
#saml.sp.requireLogoutResponseSigned : false
saml.sp.signMetadata : true
#saml.sp.signingAlgorithm : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
saml.sp.discovery: true
saml.sp.discovery.url: https://wayf.aai.dfn.de/DFN-AAI-Test/wayf
#saml.sp.discovery.url : https://auth.dariah.eu/CDS/WAYF
saml.sp.discovery.return: https://schereg.de.dariah.eu/schereg/saml/login/alias/schereg?disco:true
saml.sp.ecpEnabled: true
#saml.sp.allowedNameIds : EMAIL, PERSISTENT, X509_SUBJECT
#saml.sp.allowedNameIds : EMAIL, TRANSIENT, PERSISTENT, UNSPECIFIED, X509_SUBJECT
saml.sp.signingKey: dfa.de.dariah.eu
saml.sp.encryptionKey: dfa.de.dariah.eu
saml.sp.tlsKey: dfa.de.dariah.eu
auth:
local:
users:
- username: 'tobias'
password: 'fuzzl'
- username: 'kathrin'
password: 'hanswurst'
huttut:
- affa: 'uffu0'
kaka:
- pupu: lala0
- lulu: lolo0
- test: ['fupp0', 'fopp0']
- affa: 'uffu1'
kaka:
- pupu: lala1
- lulu: lolo1
- test: ['fupp1', 'fopp1']
test: ['fupp', 'fopp']
local:
users:
- username: 'admin'
passhash: '$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW'
roles: ["ROLE_ADMINISTRATOR"]
- username: 'tgradl'
passhash: '$2a$10$EeajSQQUepa7H7.g4xQCaeO.hjUwh0yzYCMrfOkWCZGe1IiWaexa6'
roles: ["ROLE_CONTRIBUTOR"]
saml:
keystore:
path: /data/_srv/schereg/key/dfa-de-dariah-eu.jks
# Uncomment if keystore is protected by password
#pass: 'somepass'
alias: dfa.de.dariah.eu
aliaspass: ''
metadata:
url: https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-test-metadata.xml
#url: https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-basic-metadata.xml
sp:
local: true
alias: schereg
baseUrl: https://schereg.de.dariah.eu/schereg
entityId: https://schereg.de.dariah.eu
#externalMetadata : /home/tobias/Downloads/spring_saml_metadata.xml
#securityProfile: metaiop
#sslSecurityProfile: pkix
#requireArtifactResolveSigned: false
#requireLogoutRequestSigned: false
#requireLogoutResponseSigned: false
signMetadata : true
#signingAlgorithm : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
discovery:
enabled: true
url: https://wayf.aai.dfn.de/DFN-AAI-Test/wayf
#url: https://auth.dariah.eu/CDS/WAYF
return: https://schereg.de.dariah.eu/schereg/saml/login/alias/schereg?disco:true
ecpEnabled: true
#allowedNameIds: EMAIL, TRANSIENT, PERSISTENT, UNSPECIFIED, X509_SUBJECT
signingKey: dfa.de.dariah.eu
encryptionKey: dfa.de.dariah.eu
tlsKey: dfa.de.dariah.eu
#saml.sp.attr.names : urn:oid:1.3.6.1.4.1.5923.1.1.1.6, urn:oid:0.9.2342.19200300.100.1.3, urn:oid:1.3.6.1.4.1.5923.1.1.1.7, urn:oid:1.3.6.1.4.1.5923.1.1.1.9, urn:oid:2.16.840.1.113730.3.1.241
#saml.sp.attr.nameFormats : urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri
#saml.sp.attr.friendlyNames : eduPersonPrincipalName, mail, eduPersonEntitlement, eduPersonScopedAffiliation, displayName
#saml.sp.attr.required : true, true, false, false, false
#saml.sp.externalMetadata : /home/tobias/Downloads/spring_saml_metadata.xml
\ No newline at end of file
#saml.sp.attr.required : true, true, false, false, false
\ No newline at end of file
[
{
"username" : "admin",
"passhash" : "$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW",
"roles" : ["ROLE_ADMINISTRATOR"]
}
]
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<context:annotation-config/>
<bean id="configLocation" class="java.lang.String">
<constructor-arg value="classpath:dariahsp.yml" />
</bean>
<bean id="properties" class="org.springframework.beans.factory.config.YamlPropertiesFactoryBean">
<property name="resources" ref="configLocation"/>
</bean>
<bean class="eu.dariah.de.minfba.core.util.init.ListAwarePropertySourcesPlaceholderConfigurer">
<property name="properties" ref="properties" />
<property name="objectMapper" ref="objectMapper" />
<property name="conversionService" ref="conversionService" />
</bean>
<bean id="conversionService" class="org.springframework.context.support.ConversionServiceFactoryBean">
<property name="converters">
<list>
<bean class="eu.dariah.de.minfba.core.util.conversion.JsonToStringConverter" />
</list>
</property>
</bean>
<bean id="objectMapper" class="com.fasterxml.jackson.databind.ObjectMapper" />
</beans>
\ No newline at end of file
......@@ -18,21 +18,7 @@
</property>
</bean> -->
<context:annotation-config/>
<bean id="configLocation" class="java.lang.String">
<constructor-arg value="classpath:dariahsp.yml" />
</bean>
<bean id="properties" class="org.springframework.beans.factory.config.YamlPropertiesFactoryBean">
<property name="resources" ref="configLocation"/>
</bean>
<bean class="eu.dariah.de.minfba.core.web.init.ListAwarePropertySourcesPlaceholderConfigurer">
<property name="properties" ref="properties" />
<property name="objectMapper" ref="objectMapper" />
</bean>
<bean id="objectMapper" class="com.fasterxml.jackson.databind.ObjectMapper" />
<context:component-scan base-package="eu.dariah.de.dariahsp.configuration" />
</beans>
\ No newline at end of file
......@@ -88,14 +88,14 @@
<!-- Central storage of cryptographic keys -->
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg value="file:${saml.keystore.path:#{null}}"/>
<constructor-arg type="java.lang.String" value="${saml.keystore.pass:#{null}}"/>
<constructor-arg value="file:${auth.saml.keystore.path:#{null}}"/>
<constructor-arg type="java.lang.String" value="${auth.saml.keystore.pass:#{null}}"/>
<constructor-arg>
<map>
<entry key="${saml.keystore.alias:noalias}" value="${saml.keystore.aliaspass:#{null}}"/>
<entry key="${auth.saml.keystore.alias:noalias}" value="${auth.saml.keystore.aliaspass:#{null}}"/>
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="${saml.keystore.alias:#{null}}"/>
<constructor-arg type="java.lang.String" value="${auth.saml.keystore.alias:#{null}}"/>
</bean>
</beans>
\ No newline at end of file
......@@ -33,6 +33,8 @@
<security:request-cache ref="requestCache"/>
</security:http> -->
<bean id="metadataGeneratorFilter" class="eu.dariah.de.dariahsp.local.MetadataGeneratorDummyFilterBean" />
<!-- Filters for processing of local authentication -->
<bean id="authFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
......@@ -78,7 +80,7 @@
<bean id="localAuthenticationProvider" class="eu.dariah.de.dariahsp.local.LocalAuthenticationProvider">
<property name="localUserDb">
<bean class="eu.dariah.de.dariahsp.local.LocalUserConfService">
<property name="userfile" value="${saml.local.userfile}" />
<property name="userConf" value="${auth.local.users}" />
</bean>
</property>
<property name="userService" ref="userDetailsService" />
......
......@@ -59,7 +59,7 @@
</bean>
<bean id="externalLocalSpMetadataConfigured" class="java.lang.Boolean">
<constructor-arg value="#{'${saml.sp.externalMetadata:null}'!='null'}" />
<constructor-arg value="#{'${auth.saml.sp.externalMetadata:null}'!='null'}" />
</bean>
<!-- Filter automatically generates default SP metadata -->
......@@ -67,16 +67,16 @@
<bean id="metadataGeneratorFilter" class="eu.dariah.de.dariahsp.saml.metadata.ConditionalMetadataGeneratorFilter">
<constructor-arg>
<bean class="eu.dariah.de.dariahsp.saml.metadata.AttributeMetadataGenerator">
<property name="entityBaseURL" value="${saml.sp.baseUrl}" />
<property name="entityId" value="${saml.sp.entityId}" />
<property name="includeDiscoveryExtension" value="${saml.sp.discovery}" />
<property name="nameID" value="#{'${saml.sp.allowedNameIds:EMAIL,TRANSIENT,PERSISTENT,UNSPECIFIED,X509_SUBJECT}'.split(',')}" />
<property name="entityBaseURL" value="${auth.saml.sp.baseUrl}" />
<property name="entityId" value="${auth.saml.sp.entityId}" />
<property name="includeDiscoveryExtension" value="${auth.saml.sp.discovery.enabled}" />
<property name="nameID" value="#{'${auth.saml.sp.allowedNameIds:EMAIL,TRANSIENT,PERSISTENT,UNSPECIFIED,X509_SUBJECT}'.split(',')}" />
<property name="extendedMetadata" ref="localSpMetadata" />
<property name="attributeNames" value="${saml.sp.attr.names:null}" />
<property name="attributeFriendlyNames" value="${saml.sp.attr.friendlyNames:null}" />
<property name="attributeNameFormats" value="${saml.sp.attr.nameFormats:null}" />
<property name="attributeRequired" value="${saml.sp.attr.required:null}" />
<property name="attributeNames" value="${auth.saml.sp.attr.names:null}" />
<property name="attributeFriendlyNames" value="${auth.saml.sp.attr.friendlyNames:null}" />
<property name="attributeNameFormats" value="${auth.saml.sp.attr.nameFormats:null}" />
<property name="attributeRequired" value="${auth.saml.sp.attr.required:null}" />
</bean>
</constructor-arg>
<constructor-arg ref="externalLocalSpMetadataConfigured" />
......@@ -91,7 +91,7 @@
</constructor-arg>
<constructor-arg>
<bean class="org.opensaml.util.resource.FilesystemResource">
<constructor-arg value="${saml.sp.externalMetadata:''}"/>
<constructor-arg value="${auth.saml.sp.externalMetadata:''}"/>
</bean>
</constructor-arg>
<constructor-arg ref="externalLocalSpMetadataConfigured" />
......@@ -102,28 +102,28 @@
</bean>
<bean id="localSpMetadata" class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="local" value="${saml.sp.local:true}"/>
<property name="alias" value="${saml.sp.alias}"/>
<property name="securityProfile" value="${saml.sp.securityProfile:metaiop}"/>
<property name="sslSecurityProfile" value="${saml.sp.sslSecurityProfile:pkix}"/>
<property name="sslHostnameVerification" value="${saml.sp.sslHostnameVerification:default}"/>
<property name="local" value="${auth.saml.sp.local:true}"/>
<property name="alias" value="${auth.saml.sp.alias}"/>
<property name="securityProfile" value="${auth.saml.sp.securityProfile:metaiop}"/>
<property name="sslSecurityProfile" value="${auth.saml.sp.sslSecurityProfile:pkix}"/>
<property name="sslHostnameVerification" value="${auth.saml.sp.sslHostnameVerification:default}"/>
<property name="encryptionKey" value="${saml.sp.encryptionKey}" />
<property name="tlsKey" value="${saml.sp.tlsKey}" />
<property name="signMetadata" value="${saml.sp.signMetadata}" />
<property name="encryptionKey" value="${auth.saml.sp.encryptionKey}" />
<property name="tlsKey" value="${auth.saml.sp.tlsKey}" />
<property name="signMetadata" value="${auth.saml.sp.signMetadata}" />
<property name="ecpEnabled" value="${saml.sp.ecpEnabled}" />
<property name="signingKey" value="${saml.sp.signingKey}" />
<property name="ecpEnabled" value="${auth.saml.sp.ecpEnabled}" />
<property name="signingKey" value="${auth.saml.sp.signingKey}" />
<property name="requireArtifactResolveSigned" value="${saml.sp.requireArtifactResolveSigned:true}"/>
<property name="requireLogoutRequestSigned" value="${saml.sp.requireLogoutRequestSigned:true}"/>
<property name="requireLogoutResponseSigned" value="${saml.sp.requireLogoutResponseSigned:false}"/>
<property name="requireArtifactResolveSigned" value="${auth.saml.sp.requireArtifactResolveSigned:true}"/>
<property name="requireLogoutRequestSigned" value="${auth.saml.sp.requireLogoutRequestSigned:true}"/>
<property name="requireLogoutResponseSigned" value="${auth.saml.sp.requireLogoutResponseSigned:false}"/>
<property name="signingAlgorithm" value="${saml.sp.signingAlgorithm:http://www.w3.org/2001/04/xmldsig-more#rsa-sha256}" />
<property name="signingAlgorithm" value="${auth.saml.sp.signingAlgorithm:http://www.w3.org/2001/04/xmldsig-more#rsa-sha256}" />
<property name="idpDiscoveryEnabled" value="${saml.sp.discovery}" />
<property name="idpDiscoveryURL" value="${saml.sp.discovery.url}" />
<property name="idpDiscoveryResponseURL" value="${saml.sp.discovery.return}" />
<property name="idpDiscoveryEnabled" value="${auth.saml.sp.discovery.enabled}" />
<property name="idpDiscoveryURL" value="${auth.saml.sp.discovery.url}" />
<property name="idpDiscoveryResponseURL" value="${auth.saml.sp.discovery.return}" />
</bean>
<!-- The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there -->
......@@ -140,9 +140,9 @@
<!-- IDP Metadata configuration - paths to metadata of IDPs in circle of trust is here -->
<bean id="metadata" class="eu.dariah.de.dariahsp.saml.metadata.ConditionalMetadataManager">
<constructor-arg value="${saml.sp.externalMetadata:#{null}}" />
<constructor-arg value="${auth.saml.sp.externalMetadata:#{null}}" />
<constructor-arg ref="externalMetadata" />
<constructor-arg value="${saml.sp.entityId}"/>
<constructor-arg value="${auth.saml.sp.entityId}"/>
<constructor-arg>
<list>
......@@ -150,7 +150,7 @@
<bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
<!-- URL containing the metadata -->
<constructor-arg>
<value type="java.lang.String">${saml.metadata.url}</value>
<value type="java.lang.String">${auth.saml.metadata.url}</value>
</constructor-arg>
<!-- Timeout for metadata loading in ms -->
<constructor-arg>
......
......@@ -12,9 +12,9 @@
<mvc:annotation-driven />
<mvc:resources location="/resources/" mapping="/resources/**" cache-period="31556926"/>
<import resource="../config-context.xml"/>
<sec:global-method-security pre-post-annotations="enabled" secured-annotations="enabled" />
<context:annotation-config/>
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
......