Project

General

Profile

1
<?xml version="1.0" encoding="UTF-8"?>
2
<!--<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
3
       xmlns:context="http://www.springframework.org/schema/context"
4
       xmlns="http://www.springframework.org/schema/beans"
5
       xmlns:security="http://www.springframework.org/schema/security"
6
       xmlns:util="http://www.springframework.org/schema/util"
7
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
8
	    http://www.springframework.org/schema/context
9
	    http://www.springframework.org/schema/context/spring-context-4.0.xsd
10
	    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
11
        http://www.springframework.org/schema/util
12
        http://www.springframework.org/schema/util/spring-util.xsd"
13
       default-autowire="byName"> -->
14
<beans xmlns="http://www.springframework.org/schema/beans"
15
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
16
       xmlns:context="http://www.springframework.org/schema/context"
17
       xmlns:security="http://www.springframework.org/schema/security"
18
       xmlns:util="http://www.springframework.org/schema/util"
19
       xsi:schemaLocation="
20
		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
21
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
22
		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
23
		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd"
24
       default-autowire="byType">
25

    
26

    
27
    <!--<bean id="dataSourceConnector" class="eu.dnetlib.openaire.user.store.DataSourceConnector" init-method="init" autowire="byName">-->
28
        <!--<property name="username" value="${openaire.users.db.username}"/>-->
29
        <!--<property name="password" value="${openaire.users.db.password}"/>-->
30
        <!--<property name="dbUrl" value="${openaire.users.db.url}" />-->
31
        <!--<property name="driver" value="${openaire.users.db.driverClassName}" />-->
32
    <!--</bean>-->
33

    
34
    <!--<bean id="sqlMigrationUserDAO" class="eu.dnetlib.openaire.user.dao.SQLMigrationUserDAO" autowire="byName"/>-->
35

    
36
    <!--<bean id="userVerificationDAO" class="eu.dnetlib.openaire.user.dao.UserVerificationDAO">-->
37
        <!--<property name="dataSourceConnector" ref="dataSourceConnector"/>-->
38
    <!--</bean>-->
39

    
40
    <bean id="ldapConnector" class="eu.dnetlib.openaire.user.store.LDAPConnector">
41
        <property name="address" value="${services.userman.ldap.address}"/>
42
        <property name="username" value="${services.userman.ldap.username}"/>
43
        <property name="usersDN" value="${services.userman.ldap.usersDN}" />
44
        <property name="password" value="${services.userman.ldap.password}" />
45
        <property name="port" value="${services.userman.ldap.port}" />
46
    </bean>
47

    
48
    <bean id="ldapActions" class="eu.dnetlib.openaire.user.utils.LDAPActions">
49
        <property name="ldapConnector" ref="ldapConnector"/>
50
    </bean>
51

    
52
    <bean id="emailSender" class="eu.dnetlib.openaire.user.utils.EmailSender" >
53
        <property name="username" value="${mail.users.username}"/>
54
        <property name="password" value="${mail.users.password}"/>
55
        <property name="host" value="${mail.smtp.host}" />
56
        <property name="port" value="${mail.smtp.port}" />
57
        <property name="from" value="${mail.smtp.from}" />
58
    </bean>
59

    
60
    <!--<bean id="verificationActions" class="eu.dnetlib.openaire.user.utils.VerificationActions">-->
61
        <!--<property name="dataSourceConnector" ref="dataSourceConnector"/>-->
62
    <!--</bean>-->
63

    
64
    <bean id="mUserActionsLDAP" class="eu.dnetlib.openaire.user.ldap.MUserActionsLDAP"/>
65

    
66
    <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/>
67
    
68
    <security:http auto-config="false" use-expressions="true"
69
                   disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
70
                   pattern="/**">
71

    
72
        <security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
73

    
74
        <security:logout logout-url="/openid_logout" invalidate-session="true"/>
75

    
76
    </security:http>
77

    
78
    <bean id="requestContextFilter" class="org.springframework.web.filter.RequestContextFilter"/>
79

    
80
    <bean id="webexpressionHandler"
81
          class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
82

    
83

    
84
    <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
85
        <constructor-arg type="java.lang.String" value="/openid_connect_login"/>
86
    </bean>
87

    
88
    <security:authentication-manager alias="authenticationManager">
89
        <security:authentication-provider ref="openIdConnectAuthenticationProvider" />
90
    </security:authentication-manager>
91

    
92
    <bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
93
        <property name="authoritiesMapper">
94
            <bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper">
95
                <property name="admins" ref="namedAdmins" />
96
            </bean>
97
        </property>
98
    </bean>
99

    
100
    <util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
101
        <!--
102
            This is an example of how to set up a user as an administrator: they'll be given ROLE_ADMIN in addition to ROLE_USER.
103
            Note that having an administrator role on the IdP doesn't grant administrator access on this client.
104

    
105
            These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.
106
        -->
107
        <bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
108
            <constructor-arg name="subject" value="subject_value" />
109
            <constructor-arg name="issuer" value="${oidc.issuer}" />
110
        </bean>
111
    </util:set>
112

    
113

    
114
    <bean class="eu.dnetlib.openaire.user.security.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">
115
        <property name="frontEndURI" value="${webbapp.front}"/>
116
        <property name="frontPath" value="${webbapp.front.path}"/>
117
        <property name="frontDomain" value="${webbapp.front.domain}"/>
118
    </bean>
119

    
120
    <!--<bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>-->
121
    <!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">-->
122
        <!--<property name="filterProcessesUrl" value="/logout"/>-->
123
        <!--<constructor-arg index="0" value="/"/>-->
124
        <!--<constructor-arg index="1">-->
125
            <!--<list>-->
126
                <!--<ref bean="securityContextLogoutHandler"/>-->
127
                <!--&lt;!&ndash;ref bean="myLogoutHandler"/&ndash;&gt;-->
128
            <!--</list>-->
129
        <!--</constructor-arg>-->
130
    <!--</bean>-->
131

    
132
    <!--<bean class="eu.dnetlib.openaire.user.security.FrontEndLinkURILogoutSuccessHandler" id="frontEndRedirectLogout"/>-->
133

    
134
    <!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">-->
135
        <!--<property name="filterProcessesUrl" value="/logout"/>-->
136
        <!--<constructor-arg index="0" value="/"/>-->
137
        <!--<constructor-arg index="1">-->
138
            <!--<list>-->
139
                <!--<ref bean="securityContextLogoutHandler"/>-->
140
                <!--&lt;!&ndash;ref bean="myLogoutHandler"/&ndash;&gt;-->
141
            <!--</list>-->
142
        <!--</constructor-arg>-->
143
    <!--</bean>-->
144
    <!--
145
      -
146
      - The authentication filter
147
      -
148
      -->
149
    <bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
150
        <property name="authenticationManager" ref="authenticationManager" />
151
        <property name="issuerService" ref="staticIssuerService" />
152
        <property name="serverConfigurationService" ref="staticServerConfigurationService" />
153
        <property name="clientConfigurationService" ref="staticClientConfigurationService" />
154
        <property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
155
        <property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
156
        <property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
157

    
158
    </bean>
159

    
160
    <!--
161
        Static issuer service, returns the same issuer for every request.
162
    -->
163
    <bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
164
        <property name="issuer" value="${oidc.issuer}" />
165
    </bean>
166

    
167
    <!--
168
        Dynamic server configuration, fetches the server's information using OIDC Discovery.
169
    -->
170
    <bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
171
        <property name="servers">
172
            <map>
173
                <entry key="${oidc.issuer}">
174
                    <bean class="org.mitre.openid.connect.config.ServerConfiguration">
175
                        <property name="issuer" value="${oidc.issuer}" />
176
                        <property name="authorizationEndpointUri"	value="${oidc.issuer}authorize" />
177
                        <property name="tokenEndpointUri"	value="${oidc.issuer}token" />
178
                        <property name="userInfoUri" value="${oidc.issuer}userinfo" />
179
                        <property name="jwksUri" value="${oidc.issuer}jwk" />
180
                        <property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
181
                    </bean>
182
                </entry>
183
            </map>
184
        </property>
185
    </bean>
186

    
187

    
188
    <!--
189
       Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
190

    
191
    <bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
192
        <property name="clients">
193
            <map>
194
                <entry key="${oidc.issuer}">
195
                    <bean class="org.mitre.oauth2.model.RegisteredClient">
196
                        <property name="clientId" value="${oidc.id}" />
197
                        <property name="clientSecret" value="${oidc.secret}" />
198
                        <property name="scope">
199
                            <set value-type="java.lang.String">
200
                                <value>openid</value>
201
                            </set>
202
                        </property>       xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
203

    
204
                        <property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
205
                        <property name="redirectUris">
206
                            <set>
207
                                <value>${oidc.home}</value>
208
                            </set>
209
                        </property>
210
                    </bean>
211
                </entry>
212
            </map>
213
        </property>
214
    </bean>
215
-->
216

    
217

    
218
    <bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
219
        <property name="clients">
220
            <map>
221
                <entry key="${oidc.issuer}">
222
                    <bean class="org.mitre.oauth2.model.RegisteredClient">
223
                        <property name="clientId" value="${oidc.id}" />
224
                        <property name="clientSecret" value="${oidc.secret}" />
225
                        <property name="scope">
226
                            <set value-type="java.lang.String">
227
                                <value>openid</value>
228
                            </set>
229
                        </property>
230
                        <property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
231
                        <property name="redirectUris">
232
                            <set>
233
                                <value>${oidc.home}</value>
234
                            </set>
235
                        </property>
236
                    </bean>
237
                </entry>
238
            </map>
239
        </property>
240
    </bean>
241

    
242
    <!--
243
      -
244
      -	Auth request options service: returns the optional components of the request
245
      -
246
      -->
247
    <bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
248
        <property name="options">
249
            <map>
250
                <!-- Entries in this map are sent as key-value parameters to the auth request -->
251
                <!--
252
                <entry key="display" value="page" />
253
                <entry key="max_age" value="30" />
254
                <entry key="prompt" value="none" />
255
                -->
256
            </map>
257
        </property>
258
    </bean>
259

    
260
    <!--
261
        Plain authorization request builder, puts all options as query parameters on the GET request
262
    -->
263
    <bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
264

    
265

    
266
    <context:component-scan base-package="eu.dnetlib.openaire.user.api.services" />
267
    <context:component-scan base-package="eu.dnetlib.openaire.user.*"/>
268
    <context:annotation-config></context:annotation-config>
269

    
270
</beans>
(2-2/2)