1 |
1 |
<?xml version="1.0" encoding="UTF-8"?>
|
2 |
2 |
<beans xmlns="http://www.springframework.org/schema/beans"
|
|
3 |
xmlns:util="http://www.springframework.org/schema/util"
|
3 |
4 |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
4 |
|
xmlns:t="http://dnetlib.eu/springbeans/t"
|
5 |
|
xmlns:tx="http://www.springframework.org/schema/tx"
|
6 |
5 |
xmlns:task="http://www.springframework.org/schema/task"
|
7 |
|
xmlns:aop="http://www.springframework.org/schema/aop"
|
8 |
|
xmlns:context="http://www.springframework.org/schema/context"
|
9 |
|
|
|
6 |
xmlns:security="http://www.springframework.org/schema/security"
|
10 |
7 |
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
|
11 |
|
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
|
12 |
8 |
http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd
|
13 |
|
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
|
|
9 |
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"
|
|
10 |
default-autowire="byType">
|
14 |
11 |
|
15 |
12 |
<task:annotation-driven executor="myExecutor" scheduler="myScheduler"/>
|
16 |
13 |
<task:executor id="myExecutor" pool-size="5"/>
|
... | ... | |
28 |
25 |
<property name="debug" value="${services.validator.mail.debug}"/>
|
29 |
26 |
</bean>
|
30 |
27 |
|
31 |
|
<!--<bean id="validationService" class="eu.dnetlib.repo.manager.server.services.ValidationServiceImpl">
|
32 |
|
<property name="validatorServiceLocator" ref="validatorServiceLocator"/>
|
|
28 |
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/>
|
|
29 |
|
|
30 |
<security:http auto-config="false" use-expressions="true"
|
|
31 |
disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
|
|
32 |
pattern="/**">
|
|
33 |
|
|
34 |
<security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
|
|
35 |
|
|
36 |
<security:logout />
|
|
37 |
|
|
38 |
</security:http>
|
|
39 |
|
|
40 |
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
|
|
41 |
<constructor-arg type="java.lang.String" value="/openid_connect_login"/>
|
33 |
42 |
</bean>
|
34 |
43 |
|
35 |
|
<bean id="repomanager.dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
|
36 |
|
<property name="driverClassName" value="${repomanager.db.driverClassName}" />
|
37 |
|
<property name="url" value="${repomanager.db.url}" />
|
38 |
|
<property name="username" value="${repomanager.db.username}" />
|
39 |
|
<property name="password" value="${repomanager.db.password}" />
|
40 |
|
<property name="maxIdle" value="10" />
|
41 |
|
<property name="maxActive" value="100" />
|
42 |
|
<property name="maxWait" value="10000" />
|
43 |
|
<property name="validationQuery" value="SELECT 1;" />
|
44 |
|
<property name="testOnBorrow" value="true" />
|
45 |
|
<property name="testOnReturn" value="true" />
|
46 |
|
<property name="testWhileIdle" value="true" />
|
47 |
|
<property name="timeBetweenEvictionRunsMillis" value="1200000" />
|
48 |
|
<property name="minEvictableIdleTimeMillis" value="1800000" />
|
49 |
|
<property name="numTestsPerEvictionRun" value="5" />
|
50 |
|
<property name="poolPreparedStatements" value="true" />
|
51 |
|
<property name="defaultAutoCommit" value="true" />
|
|
44 |
<security:authentication-manager alias="authenticationManager">
|
|
45 |
<security:authentication-provider ref="openIdConnectAuthenticationProvider" />
|
|
46 |
</security:authentication-manager>
|
|
47 |
|
|
48 |
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
|
|
49 |
<property name="authoritiesMapper">
|
|
50 |
<bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper">
|
|
51 |
<property name="admins" ref="namedAdmins" />
|
|
52 |
</bean>
|
|
53 |
</property>
|
52 |
54 |
</bean>
|
53 |
55 |
|
54 |
|
<aop:aspectj-autoproxy proxy-target-class="true" />
|
55 |
|
<tx:annotation-driven transaction-manager="txManager"/>
|
|
56 |
<util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
|
|
57 |
<!--
|
|
58 |
This is an example of how quantity set up a user as an administrator: they'll be given ROLE_ADMIN in addition quantity ROLE_USER.
|
|
59 |
Note that having an administrator role on the IdP doesn't grant administrator access on this client.
|
|
60 |
These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.
|
|
61 |
-->
|
|
62 |
<bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
|
|
63 |
<constructor-arg name="subject" value="90342.ASDFJWFA" />
|
|
64 |
<constructor-arg name="issuer" value="${oidc.issuer}" />
|
|
65 |
</bean>
|
|
66 |
</util:set>
|
56 |
67 |
|
57 |
|
<bean id="txManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
|
58 |
|
<property name="dataSource" ref="repomanager.dataSource"/>
|
59 |
|
</bean>-->
|
|
68 |
|
|
69 |
<bean class="eu.openminted.registry.beans.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">
|
|
70 |
<property name="frontEndURI" value="${webapp.front}"/>
|
|
71 |
</bean>
|
|
72 |
<!--
|
|
73 |
-
|
|
74 |
- The authentication filter
|
|
75 |
-
|
|
76 |
-->
|
|
77 |
<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
|
|
78 |
<property name="authenticationManager" ref="authenticationManager" />
|
|
79 |
|
|
80 |
<property name="issuerService" ref="staticIssuerService" />
|
|
81 |
<property name="serverConfigurationService" ref="staticServerConfigurationService" />
|
|
82 |
<property name="clientConfigurationService" ref="staticClientConfigurationService" />
|
|
83 |
<property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
|
|
84 |
<property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
|
|
85 |
<property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
|
|
86 |
|
|
87 |
</bean>
|
|
88 |
|
|
89 |
|
|
90 |
|
|
91 |
<!--
|
|
92 |
-
|
|
93 |
- Issuer Services: Determine which identity provider issuer is used.
|
|
94 |
-
|
|
95 |
-->
|
|
96 |
|
|
97 |
|
|
98 |
<!--
|
|
99 |
Static issuer service, returns the same issuer for every request.
|
|
100 |
-->
|
|
101 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
|
|
102 |
<property name="issuer" value="${oidc.issuer}" />
|
|
103 |
</bean>
|
|
104 |
|
|
105 |
<bean class="org.mitre.openid.connect.client.service.impl.HybridIssuerService" id="hybridIssuerService">
|
|
106 |
<property name="loginPageUrl" value="login" />
|
|
107 |
<property name="forceHttps" value="false" /> <!-- this default property forces the webfinger issuer URL quantity be HTTPS, turn off for development work -->
|
|
108 |
</bean>
|
|
109 |
|
|
110 |
<!--
|
|
111 |
Dynamic server configuration, fetches the server's information using OIDC Discovery.
|
|
112 |
-->
|
|
113 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
|
|
114 |
<property name="servers">
|
|
115 |
<map>
|
|
116 |
<entry key="${oidc.issuer}">
|
|
117 |
<bean class="org.mitre.openid.connect.config.ServerConfiguration">
|
|
118 |
<property name="issuer" value="${oidc.issuer}" />
|
|
119 |
<property name="authorizationEndpointUri" value="${oidc.issuer}authorize" />
|
|
120 |
<property name="tokenEndpointUri" value="${oidc.issuer}token" />
|
|
121 |
<property name="userInfoUri" value="${oidc.issuer}userinfo" />
|
|
122 |
<property name="jwksUri" value="${oidc.issuer}jwk" />
|
|
123 |
<property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
|
|
124 |
</bean>
|
|
125 |
</entry>
|
|
126 |
</map>
|
|
127 |
</property>
|
|
128 |
</bean>
|
|
129 |
|
|
130 |
|
|
131 |
<!--
|
|
132 |
Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
|
|
133 |
-->
|
|
134 |
|
|
135 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
|
|
136 |
<property name="clients">
|
|
137 |
<map>
|
|
138 |
<entry key="${oidc.issuer}">
|
|
139 |
<bean class="org.mitre.oauth2.model.RegisteredClient">
|
|
140 |
<property name="clientId" value="${oidc.id}" />
|
|
141 |
<property name="clientSecret" value="${oidc.secret}" />
|
|
142 |
<property name="scope">
|
|
143 |
<set value-type="java.lang.String">
|
|
144 |
<value>openid</value>
|
|
145 |
</set>
|
|
146 |
</property>
|
|
147 |
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
|
|
148 |
<property name="redirectUris">
|
|
149 |
<set>
|
|
150 |
<value>${webapp.home}</value>
|
|
151 |
</set>
|
|
152 |
</property>
|
|
153 |
</bean>
|
|
154 |
</entry>
|
|
155 |
</map>
|
|
156 |
</property>
|
|
157 |
</bean>
|
|
158 |
|
|
159 |
|
|
160 |
<!--
|
|
161 |
-
|
|
162 |
- Auth request options service: returns the optional components of the request
|
|
163 |
-
|
|
164 |
-->
|
|
165 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
|
|
166 |
<property name="options">
|
|
167 |
<map>
|
|
168 |
<!-- Entries in this map are sent as key-value parameters quantity the auth request -->
|
|
169 |
<!--
|
|
170 |
<entry key="display" value="page" />
|
|
171 |
<entry key="max_age" value="30" />
|
|
172 |
<entry key="prompt" value="none" />
|
|
173 |
-->
|
|
174 |
</map>
|
|
175 |
</property>
|
|
176 |
</bean>
|
|
177 |
|
|
178 |
<!--
|
|
179 |
-
|
|
180 |
- Authorization URL Builders: create the URL quantity redirect the user quantity for authorization.
|
|
181 |
-
|
|
182 |
-->
|
|
183 |
|
|
184 |
<!--
|
|
185 |
Plain authorization request builder, puts all options as query parameters on the GET request
|
|
186 |
-->
|
|
187 |
<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
|
60 |
188 |
</beans>
|
1. COnfiguration for aai