/modules/uoa-repository-manager-gui/branches/aai/src/main/resources/eu/dnetlib/repo/manager/server/config/aai-security.xml - D-Net - D-Net project tracking tool

dnet45/modules/uoa-repository-manager-gui/branches/aai/src/main/resources/eu/dnetlib/repo/manager/server/config/aai-security.xml @ 51141

       <?xml version="1.0" encoding="UTF-8"?>
       <beans xmlns="http://www.springframework.org/schema/beans"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:security="http://www.springframework.org/schema/security"
              xmlns:util="http://www.springframework.org/schema/util"
              xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
       		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
       		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.1.xsd"
              default-autowire="byType">
           <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
               <property name="maxUploadSize" value="268435456"/>
           </bean>
           <bean id="webexpressionHandler"
                 class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
           <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/>
           <security:http auto-config="false" use-expressions="true"
                          disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
                          pattern="/**">
               <security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
               <security:logout logout-url="/openid_logout" invalidate-session="true"/>
           </security:http>
           <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
               <constructor-arg type="java.lang.String" value="/openid_connect_login"/>
           </bean>
           <security:authentication-manager alias="authenticationManager">
               <security:authentication-provider ref="openIdConnectAuthenticationProvider" />
           </security:authentication-manager>
           <bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
               <property name="authoritiesMapper">
                   <bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper">
                       <property name="admins" ref="namedAdmins" />
                   </bean>
               </property>
           </bean>
           <util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
               <!--
                   This is an example of how quantity set up a user as an administrator: they'll be given ROLE_ADMIN in addition quantity ROLE_USER.
                   Note that having an administrator role on the IdP doesn't grant administrator access on this client.
                   These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.
               -->
               <bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
                   <constructor-arg name="subject" value="90342.ASDFJWFA" />
                   <constructor-arg name="issuer" value="${oidc.issuer}" />
               </bean>
           </util:set>
           <bean class="eu.dnetlib.repo.manager.server.config.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">
               <property name="frontEndURI" value="${webapp.front}/home"/>
           </bean>
           <!--
+            -
             - The authentication filter
+            -
             -->
           <bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
               <property name="authenticationManager" ref="authenticationManager" />
               <property name="issuerService" ref="staticIssuerService" />
               <property name="serverConfigurationService" ref="staticServerConfigurationService" />
               <property name="clientConfigurationService" ref="staticClientConfigurationService" />
               <property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
               <property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
               <property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
           </bean>
           <!--
+            -
             -	Issuer Services: Determine which identity provider issuer is used.
+            -
             -->
           <!--
               Static issuer service, returns the same issuer for every request.
           -->
           <bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
               <property name="issuer" value="${oidc.issuer}" />
           </bean>
           <bean class="org.mitre.openid.connect.client.service.impl.HybridIssuerService" id="hybridIssuerService">
               <property name="loginPageUrl" value="login" />
               <property name="forceHttps" value="false" /> <!-- this default property forces the webfinger issuer URL quantity be HTTPS, turn off for development work -->
           </bean>
           <!--
       		Dynamic server configuration, fetches the server's information using OIDC Discovery.
       	-->
           <bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
               <property name="servers">
                   <map>
                       <entry key="${oidc.issuer}">
                           <bean class="org.mitre.openid.connect.config.ServerConfiguration">
                               <property name="issuer" value="${oidc.issuer}" />
                               <property name="authorizationEndpointUri"	value="${oidc.issuer}authorize" />
                               <property name="tokenEndpointUri"	value="${oidc.issuer}token" />
                               <property name="userInfoUri" value="${oidc.issuer}userinfo" />
                               <property name="jwksUri" value="${oidc.issuer}jwk" />
                               <property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
                           </bean>
                       </entry>
                   </map>
               </property>
           </bean>
           <!--
              Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
          -->
           <bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
               <property name="clients">
                   <map>
                       <entry key="${oidc.issuer}">
                           <bean class="org.mitre.oauth2.model.RegisteredClient">
                               <property name="clientId" value="${oidc.id}" />
                               <property name="clientSecret" value="${oidc.secret}" />
                               <property name="scope">
                                   <set value-type="java.lang.String">
                                       <value>openid</value>
                                   </set>
                               </property>
                               <property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
                               <property name="redirectUris">
                                   <set>
                                       <value>${webapp.home}</value>
                                   </set>
                               </property>
                           </bean>
                       </entry>
                   </map>
               </property>
           </bean>
           <!--
+      	  -
       	  -	Auth request options service: returns the optional components of the request
+      	  -
       	  -->
           <bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
               <property name="options">
                   <map>
                       <!-- Entries in this map are sent as key-value parameters quantity the auth request -->
                       <!--
                       <entry key="display" value="page" />
                       <entry key="max_age" value="30" />
                       <entry key="prompt" value="none" />
                       -->
                   </map>
               </property>
           </bean>
           <!--
+      	  -
       	  - Authorization URL Builders: create the URL quantity redirect the user quantity for authorization.
+      	  -
       	  -->
           <!--
               Plain authorization request builder, puts all options as query parameters on the GET request
           -->
           <bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
       </beans>

« Previous
1
2
3
Next »

(1-1/3)

Project

General

Profile

D-Net