cas-common-config

@@ -0,0 +1,175 @@

+<?xml version="1.0" encoding="UTF-8"?>

+<!--

+	| deployerConfigContext.xml centralizes into one file some of the declarative configuration that

+	| all CAS deployers will need to modify.

+	|

+	| This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.  

+	| The beans declared in this file are instantiated at context initialization time by the Spring 

+	| ContextLoaderListener declared in web.xml.  It finds this file because this

+	| file is among those declared in the context parameter "contextConfigLocation".

+	|

+	| By far the most common change you will need to make in this file is to change the last bean

+	| declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with

+	| one implementing your approach for authenticating usernames and passwords.

+	+-->

+<beans xmlns="http://www.springframework.org/schema/beans"

+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

+       xmlns:p="http://www.springframework.org/schema/p"

+       xmlns:sec="http://www.springframework.org/schema/security"

+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd

+       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

+	<!--

+		| This bean declares our AuthenticationManager.  The CentralAuthenticationService service bean

+		| declared in applicationContext.xml picks up this AuthenticationManager by reference to its id, 

+		| "authenticationManager".  Most deployers will be able to use the default AuthenticationManager

+		| implementation and so do not need to change the class of this bean.  We include the whole

+		| AuthenticationManager here in the userConfigContext.xml so that you can see the things you will

+		| need to change in context.

+		+-->

+	<bean id="authenticationManager"

+		class="org.jasig.cas.authentication.AuthenticationManagerImpl">

+		<!--

+			| This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate.

+			| The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which 

+			| supports the presented credentials.

+			|

+			| AuthenticationManagerImpl uses these resolvers for two purposes.  First, it uses them to identify the Principal

+			| attempting to authenticate to CAS /login .  In the default configuration, it is the DefaultCredentialsToPrincipalResolver

+			| that fills this role.  If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace

+			| DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are

+			| using.

+			|

+			| Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket. 

+			| In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. 

+			| You will need to change this list if you are identifying services by something more or other than their callback URL.

+			+-->

+		<property name="credentialsToPrincipalResolvers">

+			<list>

+				<!--

+					| UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login 

+					| by default and produces SimplePrincipal instances conveying the username from the credentials.

+					| 

+					| If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also

+					| need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the

+					| Credentials you are using.

+					+-->

+				<!-- 

+				<bean

+					class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />

+				-->

+				<bean

+					class="org.esupportail.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />

+				

+				<!--

+					| HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials.  It supports the CAS 2.0 approach of

+					| authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a

+					| SimpleService identified by that callback URL.

+					|

+					| If you are representing services by something more or other than an HTTPS URL whereat they are able to

+					| receive a proxy callback, you will need to change this bean declaration (or add additional declarations).

+					+-->

+				<bean

+					class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />

+			</list>

+		</property>

+

+		<!--

+			| Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate, 

+			| AuthenticationHandlers actually authenticate credentials.  Here we declare the AuthenticationHandlers that

+			| authenticate the Principals that the CredentialsToPrincipalResolvers identified.  CAS will try these handlers in turn

+			| until it finds one that both supports the Credentials presented and succeeds in authenticating.

+			+-->

+		<property name="authenticationHandlers" >	

+			<ref bean="handlerList"/>

+		</property>

+	</bean>

+

+	<bean id="handlerList" class="org.springframework.beans.factory.config.ListFactoryBean">

+		<property name="sourceList">

+	      <list>

+	      		<!--

+					| This is the authentication handler that authenticates services by means of callback via SSL, thereby validating

+					| a server side SSL certificate.

+					+-->

+				<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"

+					p:httpClient-ref="httpClient" />				

+	      </list>

+		</property>

+	</bean>

+			

+	<bean id="handlerDiscover" class="org.esupportail.cas.HandlersDiscover">

+		<property name="handlersId" value="${cas.authHandlers}"/>

+		<property name="listToAdd" ref="handlerList"/>

+	</bean>	

+	

+	<!--

+	This bean defines the security roles for the Services Management application.  Simple deployments can use the in-memory version.

+	More robust deployments will want to use another option, such as the Jdbc version.

+	

+	The name of this should remain "userDetailsService" in order for Spring Security to find it.

+	 -->

+    <!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />-->

+

+    <sec:user-service id="userDetailsService">

+        <sec:user name="${security.useradmin}" password="notused" authorities="ROLE_ADMIN" />        

+    </sec:user-service>

+	

+	<!-- 

+	Bean that defines the attributes that a service may return.  This example uses the Stub/Mock version.  A real implementation

+	may go against a database or LDAP server.  The id should remain "attributeRepository" though.

+	 -->

+	<bean id="attributeRepository"

+		class="org.jasig.services.persondir.support.StubPersonAttributeDao">

+		<property name="backingMap">

+			<map>

+				<entry key="uid" value="uid" />

+				<entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> 

+				<entry key="groupMembership" value="groupMembership" />

+			</map>

+		</property>

+	</bean>

+	

+	<!-- 

+	Sample, in-memory data store for the ServiceRegistry. A real implementation

+	would probably want to replace this with the JPA-backed ServiceRegistry DAO

+	The name of this bean should remain "serviceRegistryDao".

+	 -->

+	<bean

+		id="serviceRegistryDao"

+        class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">

+            <property name="registeredServices">

+                <list>

+                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">

+                        <property name="id" value="0" />

+                        <property name="name" value="HTTP" />

+                        <property name="description" value="Only Allows HTTP Urls" />

+                        <property name="serviceId" value="http://**" />

+                    </bean>

+

+                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">

+                        <property name="id" value="1" />

+                        <property name="name" value="HTTPS" />

+                        <property name="description" value="Only Allows HTTPS Urls" />

+                        <property name="serviceId" value="https://**" />

+                    </bean>

+

+                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">

+                        <property name="id" value="2" />

+                        <property name="name" value="IMAPS" />

+                        <property name="description" value="Only Allows HTTPS Urls" />

+                        <property name="serviceId" value="imaps://**" />

+                    </bean>

+

+                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">

+                        <property name="id" value="3" />

+                        <property name="name" value="IMAP" />

+                        <property name="description" value="Only Allows IMAP Urls" />

+                        <property name="serviceId" value="imap://**" />

+                    </bean>

+                </list>

+            </property>

+        </bean>

+

+    <!-- <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> -->

+    <bean id="auditTrailManager" class="org.esupportail.cas.audit.support.AuthAuditTrailManager" />

+</beans>