Revision 50585
Added by Panagiotis Kanakakis about 6 years ago
aai-security.xml | ||
---|---|---|
1 |
<!-- |
|
1 | 2 |
<?xml version="1.0" encoding="UTF-8"?> |
2 | 3 |
<beans xmlns="http://www.springframework.org/schema/beans" |
3 | 4 |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
... | ... | |
45 | 46 |
</bean> |
46 | 47 |
|
47 | 48 |
<util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority"> |
48 |
<!--
|
|
49 |
<!–
|
|
49 | 50 |
This is an example of how quantity set up a user as an administrator: they'll be given ROLE_ADMIN in addition quantity ROLE_USER. |
50 | 51 |
Note that having an administrator role on the IdP doesn't grant administrator access on this client. |
51 | 52 |
These are values from the demo "openid-connect-server-webapp" project of MITREid Connect. |
52 |
-->
|
|
53 |
–>
|
|
53 | 54 |
<bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority"> |
54 | 55 |
<constructor-arg name="subject" value="90342.ASDFJWFA" /> |
55 | 56 |
<constructor-arg name="issuer" value="${oidc.issuer}" /> |
... | ... | |
59 | 60 |
<bean class="eu.dnetlib.repo.manager.service.utils.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect"> |
60 | 61 |
<property name="frontEndURI" value="${webapp.front}"/> |
61 | 62 |
</bean> |
62 |
<!--
|
|
63 |
<!–
|
|
63 | 64 |
- |
64 | 65 |
- The authentication filter |
65 | 66 |
- |
66 |
-->
|
|
67 |
–>
|
|
67 | 68 |
<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter"> |
68 | 69 |
<property name="authenticationManager" ref="authenticationManager" /> |
69 | 70 |
|
... | ... | |
78 | 79 |
|
79 | 80 |
|
80 | 81 |
|
81 |
<!--
|
|
82 |
<!–
|
|
82 | 83 |
- |
83 | 84 |
- Issuer Services: Determine which identity provider issuer is used. |
84 | 85 |
- |
85 |
-->
|
|
86 |
–>
|
|
86 | 87 |
|
87 | 88 |
|
88 |
<!--
|
|
89 |
<!–
|
|
89 | 90 |
Static issuer service, returns the same issuer for every request. |
90 |
-->
|
|
91 |
–>
|
|
91 | 92 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService"> |
92 | 93 |
<property name="issuer" value="${oidc.issuer}" /> |
93 | 94 |
</bean> |
94 | 95 |
|
95 | 96 |
<bean class="org.mitre.openid.connect.client.service.impl.HybridIssuerService" id="hybridIssuerService"> |
96 | 97 |
<property name="loginPageUrl" value="login" /> |
97 |
<property name="forceHttps" value="false" /> <!-- this default property forces the webfinger issuer URL quantity be HTTPS, turn off for development work -->
|
|
98 |
<property name="forceHttps" value="false" /> <!– this default property forces the webfinger issuer URL quantity be HTTPS, turn off for development work –>
|
|
98 | 99 |
</bean> |
99 | 100 |
|
100 |
<!--
|
|
101 |
<!–
|
|
101 | 102 |
Dynamic server configuration, fetches the server's information using OIDC Discovery. |
102 |
-->
|
|
103 |
–>
|
|
103 | 104 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService"> |
104 | 105 |
<property name="servers"> |
105 | 106 |
<map> |
... | ... | |
118 | 119 |
</bean> |
119 | 120 |
|
120 | 121 |
|
121 |
<!--
|
|
122 |
<!–
|
|
122 | 123 |
Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis. |
123 |
-->
|
|
124 |
–>
|
|
124 | 125 |
|
125 | 126 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService"> |
126 | 127 |
<property name="clients"> |
... | ... | |
147 | 148 |
</bean> |
148 | 149 |
|
149 | 150 |
|
150 |
<!--
|
|
151 |
<!–
|
|
151 | 152 |
- |
152 | 153 |
- Auth request options service: returns the optional components of the request |
153 | 154 |
- |
154 |
-->
|
|
155 |
–>
|
|
155 | 156 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService"> |
156 | 157 |
<property name="options"> |
157 | 158 |
<map> |
158 |
<!-- Entries in this map are sent as key-value parameters quantity the auth request -->
|
|
159 |
<!--
|
|
159 |
<!– Entries in this map are sent as key-value parameters quantity the auth request –>
|
|
160 |
<!–
|
|
160 | 161 |
<entry key="display" value="page" /> |
161 | 162 |
<entry key="max_age" value="30" /> |
162 | 163 |
<entry key="prompt" value="none" /> |
163 |
-->
|
|
164 |
–>
|
|
164 | 165 |
</map> |
165 | 166 |
</property> |
166 | 167 |
</bean> |
167 | 168 |
|
168 |
<!--
|
|
169 |
<!–
|
|
169 | 170 |
- |
170 | 171 |
- Authorization URL Builders: create the URL quantity redirect the user quantity for authorization. |
171 | 172 |
- |
172 |
-->
|
|
173 |
–>
|
|
173 | 174 |
|
174 |
<!--
|
|
175 |
<!–
|
|
175 | 176 |
Plain authorization request builder, puts all options as query parameters on the GET request |
176 |
-->
|
|
177 |
–>
|
|
177 | 178 |
<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" /> |
178 |
</beans> |
|
179 |
</beans>--> |
Also available in: Unified diff
1. Remove aai / redis changes. New branch will be created.