Revision 57598
Added by Katerina Iatropoulou over 4 years ago
springContext-dnetOpenaireUsersService.xml | ||
---|---|---|
1 | 1 |
<?xml version="1.0" encoding="UTF-8"?> |
2 |
<!--<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
|
3 |
xmlns:context="http://www.springframework.org/schema/context" |
|
4 |
xmlns="http://www.springframework.org/schema/beans" |
|
5 |
xmlns:security="http://www.springframework.org/schema/security" |
|
6 |
xmlns:util="http://www.springframework.org/schema/util" |
|
7 |
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd |
|
8 |
http://www.springframework.org/schema/context |
|
9 |
http://www.springframework.org/schema/context/spring-context-4.0.xsd |
|
10 |
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd |
|
11 |
http://www.springframework.org/schema/util |
|
12 |
http://www.springframework.org/schema/util/spring-util.xsd" |
|
13 |
default-autowire="byName"> --> |
|
14 | 2 |
<beans xmlns="http://www.springframework.org/schema/beans" |
15 | 3 |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
16 | 4 |
xmlns:context="http://www.springframework.org/schema/context" |
17 | 5 |
xmlns:security="http://www.springframework.org/schema/security" |
18 | 6 |
xmlns:util="http://www.springframework.org/schema/util" |
19 | 7 |
xsi:schemaLocation=" |
20 |
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
|
|
8 |
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
|
|
21 | 9 |
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd |
22 | 10 |
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd |
23 | 11 |
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd" |
24 | 12 |
default-autowire="byType"> |
25 | 13 |
|
26 |
|
|
27 |
<!--<bean id="dataSourceConnector" class="eu.dnetlib.openaire.user.store.DataSourceConnector" init-method="init" autowire="byName">--> |
|
28 |
<!--<property name="username" value="${openaire.users.db.username}"/>--> |
|
29 |
<!--<property name="password" value="${openaire.users.db.password}"/>--> |
|
30 |
<!--<property name="dbUrl" value="${openaire.users.db.url}" />--> |
|
31 |
<!--<property name="driver" value="${openaire.users.db.driverClassName}" />--> |
|
32 |
<!--</bean>--> |
|
33 |
|
|
34 |
<!--<bean id="sqlMigrationUserDAO" class="eu.dnetlib.openaire.user.dao.SQLMigrationUserDAO" autowire="byName"/>--> |
|
35 |
|
|
36 |
<!--<bean id="userVerificationDAO" class="eu.dnetlib.openaire.user.dao.UserVerificationDAO">--> |
|
37 |
<!--<property name="dataSourceConnector" ref="dataSourceConnector"/>--> |
|
38 |
<!--</bean>--> |
|
39 |
|
|
40 |
|
|
41 |
|
|
42 |
<!--<bean id="verificationActions" class="eu.dnetlib.openaire.user.utils.VerificationActions">--> |
|
43 |
<!--<property name="dataSourceConnector" ref="dataSourceConnector"/>--> |
|
44 |
<!--</bean>--> |
|
45 |
|
|
46 |
|
|
47 |
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/> |
|
48 |
|
|
49 |
<security:http auto-config="false" use-expressions="true" |
|
50 |
disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint" |
|
51 |
pattern="/**"> |
|
52 |
|
|
53 |
<security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" /> |
|
54 |
|
|
55 |
<security:logout logout-url="/openid_logout" invalidate-session="true"/> |
|
56 |
|
|
57 |
</security:http> |
|
58 |
|
|
59 |
<bean id="requestContextFilter" class="org.springframework.web.filter.RequestContextFilter"/> |
|
60 |
|
|
61 |
<bean id="webexpressionHandler" |
|
62 |
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/> |
|
63 |
|
|
64 |
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" > |
|
65 |
<constructor-arg type="java.lang.String" value="/openid_connect_login"/> |
|
66 |
</bean> |
|
67 |
|
|
68 |
<security:authentication-manager alias="authenticationManager"> |
|
69 |
<security:authentication-provider ref="openIdConnectAuthenticationProvider" /> |
|
70 |
</security:authentication-manager> |
|
71 |
|
|
72 |
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider"> |
|
73 |
<property name="authoritiesMapper"> |
|
74 |
<bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper"> |
|
75 |
<property name="admins" ref="namedAdmins" /> |
|
76 |
</bean> |
|
77 |
</property> |
|
78 |
</bean> |
|
79 |
|
|
80 |
<util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority"> |
|
81 |
<!-- |
|
82 |
This is an example of how to set up a user as an administrator: they'll be given ROLE_ADMIN in addition to ROLE_USER. |
|
83 |
Note that having an administrator role on the IdP doesn't grant administrator access on this client. |
|
84 |
|
|
85 |
These are values from the demo "openid-connect-server-webapp" project of MITREid Connect. |
|
86 |
--> |
|
87 |
<bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority"> |
|
88 |
<constructor-arg name="subject" value="subject_value" /> |
|
89 |
<constructor-arg name="issuer" value="${oidc.issuer}" /> |
|
90 |
</bean> |
|
91 |
</util:set> |
|
92 |
|
|
93 |
|
|
94 |
<bean class="eu.dnetlib.openaire.usermanagement.security.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect"> |
|
95 |
<property name="frontEndURI" value="${webbapp.front}"/> |
|
96 |
<property name="frontPath" value="${webbapp.front.path}"/> |
|
97 |
<property name="frontDomain" value="${webbapp.front.domain:#{null}}"/> |
|
98 |
</bean> |
|
99 |
|
|
100 |
<!--<bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>--> |
|
101 |
<!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">--> |
|
102 |
<!--<property name="filterProcessesUrl" value="/logout"/>--> |
|
103 |
<!--<constructor-arg index="0" value="/"/>--> |
|
104 |
<!--<constructor-arg index="1">--> |
|
105 |
<!--<list>--> |
|
106 |
<!--<ref bean="securityContextLogoutHandler"/>--> |
|
107 |
<!--<!–ref bean="myLogoutHandler"/–>--> |
|
108 |
<!--</list>--> |
|
109 |
<!--</constructor-arg>--> |
|
110 |
<!--</bean>--> |
|
111 |
|
|
112 |
<!--<bean class="eu.dnetlib.openaire.user.security.FrontEndLinkURILogoutSuccessHandler" id="frontEndRedirectLogout"/>--> |
|
113 |
|
|
114 |
<!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">--> |
|
115 |
<!--<property name="filterProcessesUrl" value="/logout"/>--> |
|
116 |
<!--<constructor-arg index="0" value="/"/>--> |
|
117 |
<!--<constructor-arg index="1">--> |
|
118 |
<!--<list>--> |
|
119 |
<!--<ref bean="securityContextLogoutHandler"/>--> |
|
120 |
<!--<!–ref bean="myLogoutHandler"/–>--> |
|
121 |
<!--</list>--> |
|
122 |
<!--</constructor-arg>--> |
|
123 |
<!--</bean>--> |
|
124 |
<!-- |
|
125 |
- |
|
126 |
- The authentication filter |
|
127 |
- |
|
128 |
--> |
|
129 |
<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter"> |
|
130 |
<property name="authenticationManager" ref="authenticationManager" /> |
|
131 |
<property name="issuerService" ref="staticIssuerService" /> |
|
132 |
<property name="serverConfigurationService" ref="staticServerConfigurationService" /> |
|
133 |
<property name="clientConfigurationService" ref="staticClientConfigurationService" /> |
|
134 |
<property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" /> |
|
135 |
<property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" /> |
|
136 |
<property name="authenticationSuccessHandler" ref="frontEndRedirect"/> |
|
137 |
|
|
138 |
</bean> |
|
139 |
|
|
140 |
<!-- |
|
141 |
Static issuer service, returns the same issuer for every request. |
|
142 |
--> |
|
143 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService"> |
|
144 |
<property name="issuer" value="${oidc.issuer}" /> |
|
145 |
</bean> |
|
146 |
|
|
147 |
<!-- |
|
148 |
Dynamic server configuration, fetches the server's information using OIDC Discovery. |
|
149 |
--> |
|
150 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService"> |
|
151 |
<property name="servers"> |
|
152 |
<map> |
|
153 |
<entry key="${oidc.issuer}"> |
|
154 |
<bean class="org.mitre.openid.connect.config.ServerConfiguration"> |
|
155 |
<property name="issuer" value="${oidc.issuer}" /> |
|
156 |
<property name="authorizationEndpointUri" value="${oidc.issuer}authorize" /> |
|
157 |
<property name="tokenEndpointUri" value="${oidc.issuer}token" /> |
|
158 |
<property name="userInfoUri" value="${oidc.issuer}userinfo" /> |
|
159 |
<property name="jwksUri" value="${oidc.issuer}jwk" /> |
|
160 |
<property name="revocationEndpointUri" value="${oidc.issuer}revoke" /> |
|
161 |
</bean> |
|
162 |
</entry> |
|
163 |
</map> |
|
164 |
</property> |
|
165 |
</bean> |
|
166 |
|
|
167 |
|
|
168 |
<!-- |
|
169 |
Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis. |
|
170 |
|
|
171 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService"> |
|
172 |
<property name="clients"> |
|
173 |
<map> |
|
174 |
<entry key="${oidc.issuer}"> |
|
175 |
<bean class="org.mitre.oauth2.model.RegisteredClient"> |
|
176 |
<property name="clientId" value="${oidc.id}" /> |
|
177 |
<property name="clientSecret" value="${oidc.secret}" /> |
|
178 |
<property name="scope"> |
|
179 |
<set value-type="java.lang.String"> |
|
180 |
<value>openid</value> |
|
181 |
</set> |
|
182 |
</property> xmlns:oauth="http://www.springframework.org/schema/security/oauth2" |
|
183 |
|
|
184 |
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" /> |
|
185 |
<property name="redirectUris"> |
|
186 |
<set> |
|
187 |
<value>${oidc.home}</value> |
|
188 |
</set> |
|
189 |
</property> |
|
190 |
</bean> |
|
191 |
</entry> |
|
192 |
</map> |
|
193 |
</property> |
|
194 |
</bean> |
|
195 |
--> |
|
196 |
|
|
197 |
|
|
198 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService"> |
|
199 |
<property name="clients"> |
|
200 |
<map> |
|
201 |
<entry key="${oidc.issuer}"> |
|
202 |
<bean class="org.mitre.oauth2.model.RegisteredClient"> |
|
203 |
<property name="clientId" value="${oidc.id}" /> |
|
204 |
<property name="clientSecret" value="${oidc.secret}" /> |
|
205 |
<property name="scope"> |
|
206 |
<set value-type="java.lang.String"> |
|
207 |
<value>openid</value> |
|
208 |
</set> |
|
209 |
</property> |
|
210 |
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" /> |
|
211 |
<property name="redirectUris"> |
|
212 |
<set> |
|
213 |
<value>${oidc.home}</value> |
|
214 |
</set> |
|
215 |
</property> |
|
216 |
</bean> |
|
217 |
</entry> |
|
218 |
</map> |
|
219 |
</property> |
|
220 |
</bean> |
|
221 |
|
|
222 |
<!-- |
|
223 |
- |
|
224 |
- Auth request options service: returns the optional components of the request |
|
225 |
- |
|
226 |
--> |
|
227 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService"> |
|
228 |
<property name="options"> |
|
229 |
<map> |
|
230 |
<!-- Entries in this map are sent as key-value parameters to the auth request --> |
|
231 |
<!-- |
|
232 |
<entry key="display" value="page" /> |
|
233 |
<entry key="max_age" value="30" /> |
|
234 |
<entry key="prompt" value="none" /> |
|
235 |
--> |
|
236 |
</map> |
|
237 |
</property> |
|
238 |
</bean> |
|
239 |
|
|
240 |
<!-- |
|
241 |
Plain authorization request builder, puts all options as query parameters on the GET request |
|
242 |
--> |
|
243 |
<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" /> |
|
244 |
|
|
245 | 14 |
<context:component-scan base-package="eu.dnetlib.openaire.user.api.services" /> |
246 |
<context:component-scan base-package="eu.dnetlib.openaire.usermanagement.registry.beans" /> |
|
247 | 15 |
<context:annotation-config></context:annotation-config> |
248 | 16 |
|
249 | 17 |
</beans> |
Also available in: Unified diff
added uoa-login-core