Project

General

Profile

1
<beans xmlns="http://www.springframework.org/schema/beans"
2
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
3
       xmlns:security="http://www.springframework.org/schema/security"
4
       xmlns:util="http://www.springframework.org/schema/util"
5
       xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
6
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
7
		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.1.xsd"
8
       default-autowire="byType">
9

    
10

    
11
    <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
12
        <property name="maxUploadSize" value="268435456"/>
13
    </bean>
14

    
15
    <!--<bean id="webexpressionHandler"
16
          class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>-->
17

    
18
   <!-- <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/>-->
19

    
20
    <security:http auto-config="false" use-expressions="true"
21
                   disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
22
                   pattern="/**">
23

    
24
        <security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
25

    
26
        <security:logout />
27

    
28
    </security:http>
29

    
30
    <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
31
        <constructor-arg type="java.lang.String" value="/openid_connect_login"/>
32
    </bean>
33

    
34
    <security:authentication-manager alias="authenticationManager">
35
        <security:authentication-provider ref="openIdConnectAuthenticationProvider" />
36
    </security:authentication-manager>
37

    
38
    <bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
39
        <property name="authoritiesMapper">
40
            <bean class="eu.dnetlib.repo.manager.service.config.OpenAireProviderAuthoritiesMapper">
41
                <constructor-arg name="userRoles" ref="userRoles"/>
42
            </bean>
43
        </property>
44
    </bean>
45

    
46
    <util:map id="userRoles">
47
        <entry key="urn:geant:openaire.eu:group:Super+Administrator#aai.openaire.eu" value="ROLE_ADMIN"/>
48
    </util:map>
49

    
50

    
51
    <bean class="eu.dnetlib.repo.manager.service.config.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">
52
        <property name="frontEndURI" value="${webapp.dev.front}"/>
53
    </bean>
54

    
55
    <!--
56
      -
57
      - The authentication filter
58
      -
59
      -->
60
    <bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
61
        <property name="authenticationManager" ref="authenticationManager" />
62

    
63
        <property name="issuerService" ref="staticIssuerService" />
64
        <property name="serverConfigurationService" ref="staticServerConfigurationService" />
65
        <property name="clientConfigurationService" ref="staticClientConfigurationService" />
66
        <property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
67
        <property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
68
        <property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
69

    
70
    </bean>
71

    
72
    <!--
73
        Static issuer service, returns the same issuer for every request.
74
    -->
75
    <bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
76
        <property name="issuer" value="${oidc.issuer}" />
77
    </bean>
78

    
79
    <!--
80
        Dynamic server configuration, fetches the server's information using OIDC Discovery.
81
    -->
82
    <bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
83
        <property name="servers">
84
            <map>
85
                <entry key="${oidc.issuer}">
86
                    <bean class="org.mitre.openid.connect.config.ServerConfiguration">
87
                        <property name="issuer" value="${oidc.issuer}" />
88
                        <property name="authorizationEndpointUri"	value="${oidc.issuer}authorize" />
89
                        <property name="tokenEndpointUri"	value="${oidc.issuer}token" />
90
                        <property name="userInfoUri" value="${oidc.issuer}userinfo" />
91
                        <property name="jwksUri" value="${oidc.issuer}jwk" />
92
                        <property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
93
                    </bean>
94
                </entry>
95
            </map>
96
        </property>
97
    </bean>
98

    
99

    
100
    <!--
101
       Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
102
    -->
103
    <bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
104
        <property name="clients">
105
            <map>
106
                <entry key="${oidc.issuer}">
107
                    <bean class="org.mitre.oauth2.model.RegisteredClient">
108
                        <property name="clientId" value="${oidc.id}" />
109
                        <property name="clientSecret" value="${oidc.secret}" />
110
                        <property name="scope">
111
                            <set value-type="java.lang.String">
112
                                <value>openid</value>
113
                            </set>
114
                        </property>
115
                        <property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
116
                        <property name="redirectUris">
117
                            <set>
118
                                <value>${oidc.dev.home}</value>
119
                            </set>
120
                        </property>
121
                    </bean>
122
                </entry>
123
            </map>
124
        </property>
125
    </bean>
126

    
127

    
128
    <!--
129
      -
130
      -	Auth request options service: returns the optional components of the request
131
      -
132
      -->
133
    <bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
134
        <property name="options">
135
            <map>
136
                <!-- Entries in this map are sent as key-value parameters to the auth request -->
137
                <!--
138
                <entry key="display" value="page" />
139
                <entry key="max_age" value="30" />
140
                <entry key="prompt" value="none" />
141
                -->
142
            </map>
143
        </property>
144
    </bean>
145

    
146
    <!--
147
        Plain authorization request builder, puts all options as query parameters on the GET request
148
    -->
149
    <bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
150
</beans>
(1-1/5)