<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xmlns:tx="http://www.springframework.org/schema/tx";
xmlns:sec="http://www.springframework.org/schema/security";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.1.xsd";>
<bean id="springSecurityFilterChain"
class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login/**=#NONE#
/**=channelProcessingFilter,httpSessionContextIntegrationFilter,logoutFilter,casProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
</value>
</property>
</bean>
<!-- ===================== SSL SWITCHING ==================== -->
<bean id="channelProcessingFilter"
class="org.springframework.security.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager"
ref="channelDecisionManager" />
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/.*\Z=ANY_CHANNEL
</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter"
class="org.springframework.security.context.HttpSessionContextIntegrationFilter"
/>
<!-- Invoked when the user clicks logout -->
<bean id="logoutFilter"
class="org.springframework.security.ui.logout.LogoutFilter">
<!-- URL redirected to after logout success -->
<constructor-arg
value="https://localhost:8443/cas-core-webui-1.0-SNAPSHOT/logout"; />
<constructor-arg>
<list>
<bean
class="org.springframework.security.ui.logout.SecurityContextLogoutHandler">
<property name="invalidateHttpSession"
value="false" />
</bean>
</list>
</constructor-arg>
</bean>
<!-- performs CAS authentication -->
<bean id="casProcessingFilter"
class="org.springframework.security.ui.cas.CasProcessingFilter">
<property name="authenticationManager"
ref="providerManager" />
<property name="authenticationFailureUrl"
value="/casfailed.jsp" />
<property name="filterProcessesUrl"
value="/j_cas_security_check" />
<property name="defaultTargetUrl" value="/success.jsp" />
</bean>
<!-- this is what hooks up the CAS entry point -->
<bean id="exceptionTranslationFilter"
class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint"
ref="casProcessingFilterEntryPoint" />
</bean>
<bean id="filterSecurityInterceptor"
class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
ref="providerManager" />
<property name="accessDecisionManager"
ref="accessDecisionManager" />
<property name="objectDefinitionSource">
<sec:filter-invocation-definition-source>
<sec:intercept-url pattern="/success.jsp" access="ROLE_MANAGER" />
<sec:intercept-url pattern="/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
</sec:filter-invocation-definition-source>
</property>
</bean>
<!-- hooks up CAS ticket validator and user details loader -->
<bean id="providerManager"
class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="casAuthenticationProvider" />
</list>
</property>
</bean>
<!-- supporting class for filterInvocationInterceptor -->
<bean id="accessDecisionManager"
class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false" />
<property name="decisionVoters">
<list>
<ref local="roleVoter" />
</list>
</property>
</bean>
<bean id="roleVoter"
class="org.springframework.security.vote.RoleVoter">
<property name="rolePrefix" value="" />
</bean>
<bean id="passwordEncoder"
class="org.springframework.security.providers.encoding.ShaPasswordEncoder" />
<!-- <bean id="casSingleSignOutFilter"
class="org.jasig.cas.client.session.SingleSignOutFilter"/>-->
<bean id="userDetailsService"
class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
<property name="userProperties">
<bean
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location"
value="classpath:/META-INF/spring/users.properties" />
</bean>
</property>
</bean>
<!-- Log failed authentication attempts to commons-logging -->
<bean id="loggerListener"
class="org.springframework.security.event.authentication.LoggerListener" />
<bean id="securityContextHolderAwareRequestFilter"
class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"
/>
<bean id="channelDecisionManager"
class="org.springframework.security.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<bean
class="org.springframework.security.securechannel.InsecureChannelProcessor">
<property name="entryPoint"
ref="channelEntryPoint" />
</bean>
</list>
</property>
</bean>
<sec:authentication-manager alias="casAuthenticationManager" />
<bean id="serviceProperties"
class="org.springframework.security.ui.cas.ServiceProperties"
p:service="https://localhost:8443/cas-core-webui-1.0-SNAPSHOT/j_cas_security_check";
p:sendRenew="false" />
<bean id="casProcessingFilterEntryPoint"
class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"
p:loginUrl="https://localhost:8443/cas-core-webui-1.0-SNAPSHOT/login";
p:serviceProperties-ref="serviceProperties" />
<bean id="casAuthenticationProvider"
class="org.springframework.security.providers.cas.CasAuthenticationProvider"
p:key="changeit" p:serviceProperties-ref="serviceProperties"
p:userDetailsService-ref="userDetailsService">
<sec:custom-authentication-provider />
<property name="ticketValidator">
<bean
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0"
value="https://localhost:8443/cas-core-webui-1.0-SNAPSHOT"; />
</bean>
</property>
</bean>
<bean id="channelEntryPoint"
class="org.springframework.security.securechannel.RetryWithHttpsEntryPoint">
<property name="portMapper" ref="portMapper" />
</bean>
<bean id="portMapper"
class="org.springframework.security.util.PortMapperImpl">
<property name="portMappings">
<map>
<entry key="80" value="443" />
<!-- <entry key="8080" value="8443"/>
<entry key="5580" value="8443"/> -->
</map>
</property>
</bean>
</beans>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
