|
1
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
<!--<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
3
|
xmlns:context="http://www.springframework.org/schema/context"
|
|
4
|
xmlns="http://www.springframework.org/schema/beans"
|
|
5
|
xmlns:security="http://www.springframework.org/schema/security"
|
|
6
|
xmlns:util="http://www.springframework.org/schema/util"
|
|
7
|
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
|
|
8
|
http://www.springframework.org/schema/context
|
|
9
|
http://www.springframework.org/schema/context/spring-context-4.0.xsd
|
|
10
|
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
|
11
|
http://www.springframework.org/schema/util
|
|
12
|
http://www.springframework.org/schema/util/spring-util.xsd"
|
|
13
|
default-autowire="byName"> -->
|
|
14
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
|
15
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
16
|
xmlns:context="http://www.springframework.org/schema/context"
|
|
17
|
xmlns:security="http://www.springframework.org/schema/security"
|
|
18
|
xmlns:util="http://www.springframework.org/schema/util"
|
|
19
|
xsi:schemaLocation="
|
|
20
|
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
|
|
21
|
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
|
|
22
|
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
|
|
23
|
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd"
|
|
24
|
default-autowire="byType">
|
|
25
|
|
|
26
|
|
|
27
|
<!--<bean id="dataSourceConnector" class="eu.dnetlib.openaire.user.store.DataSourceConnector" init-method="init" autowire="byName">-->
|
|
28
|
<!--<property name="username" value="${openaire.users.db.username}"/>-->
|
|
29
|
<!--<property name="password" value="${openaire.users.db.password}"/>-->
|
|
30
|
<!--<property name="dbUrl" value="${openaire.users.db.url}" />-->
|
|
31
|
<!--<property name="driver" value="${openaire.users.db.driverClassName}" />-->
|
|
32
|
<!--</bean>-->
|
|
33
|
|
|
34
|
<!--<bean id="sqlMigrationUserDAO" class="eu.dnetlib.openaire.user.dao.SQLMigrationUserDAO" autowire="byName"/>-->
|
|
35
|
|
|
36
|
<!--<bean id="userVerificationDAO" class="eu.dnetlib.openaire.user.dao.UserVerificationDAO">-->
|
|
37
|
<!--<property name="dataSourceConnector" ref="dataSourceConnector"/>-->
|
|
38
|
<!--</bean>-->
|
|
39
|
|
|
40
|
|
|
41
|
|
|
42
|
<!--<bean id="verificationActions" class="eu.dnetlib.openaire.user.utils.VerificationActions">-->
|
|
43
|
<!--<property name="dataSourceConnector" ref="dataSourceConnector"/>-->
|
|
44
|
<!--</bean>-->
|
|
45
|
|
|
46
|
|
|
47
|
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/>
|
|
48
|
|
|
49
|
<security:http auto-config="false" use-expressions="true"
|
|
50
|
disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
|
|
51
|
pattern="/**">
|
|
52
|
|
|
53
|
<security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
|
|
54
|
|
|
55
|
<security:logout logout-url="/openid_logout" invalidate-session="true"/>
|
|
56
|
|
|
57
|
</security:http>
|
|
58
|
|
|
59
|
<bean id="requestContextFilter" class="org.springframework.web.filter.RequestContextFilter"/>
|
|
60
|
|
|
61
|
<bean id="webexpressionHandler"
|
|
62
|
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
|
|
63
|
|
|
64
|
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
|
|
65
|
<constructor-arg type="java.lang.String" value="/openid_connect_login"/>
|
|
66
|
</bean>
|
|
67
|
|
|
68
|
<security:authentication-manager alias="authenticationManager">
|
|
69
|
<security:authentication-provider ref="openIdConnectAuthenticationProvider" />
|
|
70
|
</security:authentication-manager>
|
|
71
|
|
|
72
|
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
|
|
73
|
<property name="authoritiesMapper">
|
|
74
|
<bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper">
|
|
75
|
<property name="admins" ref="namedAdmins" />
|
|
76
|
</bean>
|
|
77
|
</property>
|
|
78
|
</bean>
|
|
79
|
|
|
80
|
<util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
|
|
81
|
<!--
|
|
82
|
This is an example of how to set up a user as an administrator: they'll be given ROLE_ADMIN in addition to ROLE_USER.
|
|
83
|
Note that having an administrator role on the IdP doesn't grant administrator access on this client.
|
|
84
|
|
|
85
|
These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.
|
|
86
|
-->
|
|
87
|
<bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
|
|
88
|
<constructor-arg name="subject" value="subject_value" />
|
|
89
|
<constructor-arg name="issuer" value="${oidc.issuer}" />
|
|
90
|
</bean>
|
|
91
|
</util:set>
|
|
92
|
|
|
93
|
|
|
94
|
<bean class="eu.dnetlib.openaire.usermanagement.security.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">
|
|
95
|
<property name="frontEndURI" value="${webbapp.front}"/>
|
|
96
|
<property name="frontPath" value="${webbapp.front.path}"/>
|
|
97
|
<property name="frontDomain" value="${webbapp.front.domain:#{null}}"/>
|
|
98
|
</bean>
|
|
99
|
|
|
100
|
<!--<bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>-->
|
|
101
|
<!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">-->
|
|
102
|
<!--<property name="filterProcessesUrl" value="/logout"/>-->
|
|
103
|
<!--<constructor-arg index="0" value="/"/>-->
|
|
104
|
<!--<constructor-arg index="1">-->
|
|
105
|
<!--<list>-->
|
|
106
|
<!--<ref bean="securityContextLogoutHandler"/>-->
|
|
107
|
<!--<!–ref bean="myLogoutHandler"/–>-->
|
|
108
|
<!--</list>-->
|
|
109
|
<!--</constructor-arg>-->
|
|
110
|
<!--</bean>-->
|
|
111
|
|
|
112
|
<!--<bean class="eu.dnetlib.openaire.user.security.FrontEndLinkURILogoutSuccessHandler" id="frontEndRedirectLogout"/>-->
|
|
113
|
|
|
114
|
<!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">-->
|
|
115
|
<!--<property name="filterProcessesUrl" value="/logout"/>-->
|
|
116
|
<!--<constructor-arg index="0" value="/"/>-->
|
|
117
|
<!--<constructor-arg index="1">-->
|
|
118
|
<!--<list>-->
|
|
119
|
<!--<ref bean="securityContextLogoutHandler"/>-->
|
|
120
|
<!--<!–ref bean="myLogoutHandler"/–>-->
|
|
121
|
<!--</list>-->
|
|
122
|
<!--</constructor-arg>-->
|
|
123
|
<!--</bean>-->
|
|
124
|
<!--
|
|
125
|
-
|
|
126
|
- The authentication filter
|
|
127
|
-
|
|
128
|
-->
|
|
129
|
<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
|
|
130
|
<property name="authenticationManager" ref="authenticationManager" />
|
|
131
|
<property name="issuerService" ref="staticIssuerService" />
|
|
132
|
<property name="serverConfigurationService" ref="staticServerConfigurationService" />
|
|
133
|
<property name="clientConfigurationService" ref="staticClientConfigurationService" />
|
|
134
|
<property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
|
|
135
|
<property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
|
|
136
|
<property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
|
|
137
|
|
|
138
|
</bean>
|
|
139
|
|
|
140
|
<!--
|
|
141
|
Static issuer service, returns the same issuer for every request.
|
|
142
|
-->
|
|
143
|
<bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
|
|
144
|
<property name="issuer" value="${oidc.issuer}" />
|
|
145
|
</bean>
|
|
146
|
|
|
147
|
<!--
|
|
148
|
Dynamic server configuration, fetches the server's information using OIDC Discovery.
|
|
149
|
-->
|
|
150
|
<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
|
|
151
|
<property name="servers">
|
|
152
|
<map>
|
|
153
|
<entry key="${oidc.issuer}">
|
|
154
|
<bean class="org.mitre.openid.connect.config.ServerConfiguration">
|
|
155
|
<property name="issuer" value="${oidc.issuer}" />
|
|
156
|
<property name="authorizationEndpointUri" value="${oidc.issuer}authorize" />
|
|
157
|
<property name="tokenEndpointUri" value="${oidc.issuer}token" />
|
|
158
|
<property name="userInfoUri" value="${oidc.issuer}userinfo" />
|
|
159
|
<property name="jwksUri" value="${oidc.issuer}jwk" />
|
|
160
|
<property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
|
|
161
|
</bean>
|
|
162
|
</entry>
|
|
163
|
</map>
|
|
164
|
</property>
|
|
165
|
</bean>
|
|
166
|
|
|
167
|
|
|
168
|
<!--
|
|
169
|
Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
|
|
170
|
|
|
171
|
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
|
|
172
|
<property name="clients">
|
|
173
|
<map>
|
|
174
|
<entry key="${oidc.issuer}">
|
|
175
|
<bean class="org.mitre.oauth2.model.RegisteredClient">
|
|
176
|
<property name="clientId" value="${oidc.id}" />
|
|
177
|
<property name="clientSecret" value="${oidc.secret}" />
|
|
178
|
<property name="scope">
|
|
179
|
<set value-type="java.lang.String">
|
|
180
|
<value>openid</value>
|
|
181
|
</set>
|
|
182
|
</property> xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
|
|
183
|
|
|
184
|
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
|
|
185
|
<property name="redirectUris">
|
|
186
|
<set>
|
|
187
|
<value>${oidc.home}</value>
|
|
188
|
</set>
|
|
189
|
</property>
|
|
190
|
</bean>
|
|
191
|
</entry>
|
|
192
|
</map>
|
|
193
|
</property>
|
|
194
|
</bean>
|
|
195
|
-->
|
|
196
|
|
|
197
|
|
|
198
|
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
|
|
199
|
<property name="clients">
|
|
200
|
<map>
|
|
201
|
<entry key="${oidc.issuer}">
|
|
202
|
<bean class="org.mitre.oauth2.model.RegisteredClient">
|
|
203
|
<property name="clientId" value="${oidc.id}" />
|
|
204
|
<property name="clientSecret" value="${oidc.secret}" />
|
|
205
|
<property name="scope">
|
|
206
|
<set value-type="java.lang.String">
|
|
207
|
<value>openid</value>
|
|
208
|
</set>
|
|
209
|
</property>
|
|
210
|
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
|
|
211
|
<property name="redirectUris">
|
|
212
|
<set>
|
|
213
|
<value>${oidc.home}</value>
|
|
214
|
</set>
|
|
215
|
</property>
|
|
216
|
</bean>
|
|
217
|
</entry>
|
|
218
|
</map>
|
|
219
|
</property>
|
|
220
|
</bean>
|
|
221
|
|
|
222
|
<!--
|
|
223
|
-
|
|
224
|
- Auth request options service: returns the optional components of the request
|
|
225
|
-
|
|
226
|
-->
|
|
227
|
<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
|
|
228
|
<property name="options">
|
|
229
|
<map>
|
|
230
|
<!-- Entries in this map are sent as key-value parameters to the auth request -->
|
|
231
|
<!--
|
|
232
|
<entry key="display" value="page" />
|
|
233
|
<entry key="max_age" value="30" />
|
|
234
|
<entry key="prompt" value="none" />
|
|
235
|
-->
|
|
236
|
</map>
|
|
237
|
</property>
|
|
238
|
</bean>
|
|
239
|
|
|
240
|
<!--
|
|
241
|
Plain authorization request builder, puts all options as query parameters on the GET request
|
|
242
|
-->
|
|
243
|
<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
|
|
244
|
|
|
245
|
|
|
246
|
<context:component-scan base-package="eu.dnetlib.openaire.user.api.services" />
|
|
247
|
<context:component-scan base-package="eu.dnetlib.openaire.usermanagement.registry.beans" />
|
|
248
|
<context:annotation-config></context:annotation-config>
|
|
249
|
|
|
250
|
</beans>
|