SEC-2915: XML spaces->tabs
This commit is contained in:
@@ -1,124 +1,124 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xmlns:p="http://www.springframework.org/schema/p"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
|
||||
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xmlns:p="http://www.springframework.org/schema/p"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
|
||||
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
|
||||
|
||||
<http entry-point-ref="casEntryPoint">
|
||||
<intercept-url pattern="/" access="permitAll"/>
|
||||
<intercept-url pattern="/index.jsp" access="permitAll"/>
|
||||
<intercept-url pattern="/cas-logout.jsp" access="permitAll"/>
|
||||
<intercept-url pattern="/casfailed.jsp" access="permitAll"/>
|
||||
<http entry-point-ref="casEntryPoint">
|
||||
<intercept-url pattern="/" access="permitAll"/>
|
||||
<intercept-url pattern="/index.jsp" access="permitAll"/>
|
||||
<intercept-url pattern="/cas-logout.jsp" access="permitAll"/>
|
||||
<intercept-url pattern="/casfailed.jsp" access="permitAll"/>
|
||||
|
||||
<intercept-url pattern="/secure/extreme/**"
|
||||
access="hasRole('ROLE_SUPERVISOR')" />
|
||||
<intercept-url pattern="/secure/**" access="hasRole('ROLE_USER')" />
|
||||
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
|
||||
<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
|
||||
<custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
|
||||
<custom-filter ref="casFilter" position="CAS_FILTER" />
|
||||
<logout logout-success-url="/cas-logout.jsp"/>
|
||||
<csrf disabled="true"/>
|
||||
</http>
|
||||
<intercept-url pattern="/secure/extreme/**"
|
||||
access="hasRole('ROLE_SUPERVISOR')" />
|
||||
<intercept-url pattern="/secure/**" access="hasRole('ROLE_USER')" />
|
||||
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
|
||||
<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
|
||||
<custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
|
||||
<custom-filter ref="casFilter" position="CAS_FILTER" />
|
||||
<logout logout-success-url="/cas-logout.jsp"/>
|
||||
<csrf disabled="true"/>
|
||||
</http>
|
||||
|
||||
<authentication-manager alias="authManager">
|
||||
<authentication-provider ref="casAuthProvider" />
|
||||
</authentication-manager>
|
||||
<authentication-manager alias="authManager">
|
||||
<authentication-provider ref="casAuthProvider" />
|
||||
</authentication-manager>
|
||||
|
||||
<user-service id="userService">
|
||||
<user name="rod" password="rod" authorities="ROLE_SUPERVISOR,ROLE_USER" />
|
||||
<user name="dianne" password="dianne" authorities="ROLE_USER" />
|
||||
<user name="scott" password="scott" authorities="ROLE_USER" />
|
||||
</user-service>
|
||||
<user-service id="userService">
|
||||
<user name="rod" password="rod" authorities="ROLE_SUPERVISOR,ROLE_USER" />
|
||||
<user name="dianne" password="dianne" authorities="ROLE_USER" />
|
||||
<user name="scott" password="scott" authorities="ROLE_USER" />
|
||||
</user-service>
|
||||
|
||||
<!-- This filter handles a Single Logout Request from the CAS Server -->
|
||||
<b:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
|
||||
<!-- This filter redirects to the CAS Server to signal Single Logout should be performed -->
|
||||
<b:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"
|
||||
p:filterProcessesUrl="/logout/cas">
|
||||
<b:constructor-arg value="https://${cas.server.host}/cas/logout"/>
|
||||
<b:constructor-arg>
|
||||
<b:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
|
||||
</b:constructor-arg>
|
||||
</b:bean>
|
||||
<!-- This filter handles a Single Logout Request from the CAS Server -->
|
||||
<b:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
|
||||
<!-- This filter redirects to the CAS Server to signal Single Logout should be performed -->
|
||||
<b:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"
|
||||
p:filterProcessesUrl="/logout/cas">
|
||||
<b:constructor-arg value="https://${cas.server.host}/cas/logout"/>
|
||||
<b:constructor-arg>
|
||||
<b:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
|
||||
</b:constructor-arg>
|
||||
</b:bean>
|
||||
|
||||
<b:bean id="serviceProperties"
|
||||
class="org.springframework.security.cas.ServiceProperties"
|
||||
p:service="https://${cas.service.host}/cas-sample/login/cas"
|
||||
p:authenticateAllArtifacts="true"/>
|
||||
<b:bean id="casEntryPoint"
|
||||
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
|
||||
p:serviceProperties-ref="serviceProperties" p:loginUrl="https://${cas.server.host}/cas/login" />
|
||||
<b:bean id="casFilter"
|
||||
class="org.springframework.security.cas.web.CasAuthenticationFilter"
|
||||
p:authenticationManager-ref="authManager"
|
||||
p:serviceProperties-ref="serviceProperties"
|
||||
p:proxyGrantingTicketStorage-ref="pgtStorage"
|
||||
p:proxyReceptorUrl="/login/cas/proxyreceptor">
|
||||
<b:property name="authenticationDetailsSource">
|
||||
<b:bean class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource">
|
||||
<b:constructor-arg ref="serviceProperties"/>
|
||||
</b:bean>
|
||||
</b:property>
|
||||
<b:property name="authenticationFailureHandler">
|
||||
<b:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
|
||||
p:defaultFailureUrl="/casfailed.jsp"/>
|
||||
</b:property>
|
||||
</b:bean>
|
||||
<!--
|
||||
NOTE: In a real application you should not use an in memory implementation. You will also want
|
||||
to ensure to clean up expired tickets by calling ProxyGrantingTicketStorage.cleanup()
|
||||
-->
|
||||
<b:bean id="pgtStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/>
|
||||
<b:bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
|
||||
p:serviceProperties-ref="serviceProperties"
|
||||
p:key="casAuthProviderKey">
|
||||
<b:property name="authenticationUserDetailsService">
|
||||
<b:bean
|
||||
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
|
||||
<b:constructor-arg ref="userService" />
|
||||
</b:bean>
|
||||
</b:property>
|
||||
<b:property name="ticketValidator">
|
||||
<b:bean
|
||||
class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"
|
||||
p:acceptAnyProxy="true"
|
||||
p:proxyCallbackUrl="https://${cas.service.host}/cas-sample/login/cas/proxyreceptor"
|
||||
p:proxyGrantingTicketStorage-ref="pgtStorage">
|
||||
<b:constructor-arg value="https://${cas.server.host}/cas" />
|
||||
</b:bean>
|
||||
</b:property>
|
||||
<b:property name="statelessTicketCache">
|
||||
<b:bean class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
|
||||
<b:property name="cache">
|
||||
<b:bean id="ehcache" class="net.sf.ehcache.Cache"
|
||||
init-method="initialise"
|
||||
destroy-method="dispose">
|
||||
<b:constructor-arg value="casTickets"/>
|
||||
<b:constructor-arg value="50"/>
|
||||
<b:constructor-arg value="true"/>
|
||||
<b:constructor-arg value="false"/>
|
||||
<b:constructor-arg value="3600"/>
|
||||
<b:constructor-arg value="900"/>
|
||||
<b:property name="cacheManager">
|
||||
<b:bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
|
||||
</b:property>
|
||||
</b:bean>
|
||||
</b:property>
|
||||
</b:bean>
|
||||
</b:property>
|
||||
</b:bean>
|
||||
<b:bean id="serviceProperties"
|
||||
class="org.springframework.security.cas.ServiceProperties"
|
||||
p:service="https://${cas.service.host}/cas-sample/login/cas"
|
||||
p:authenticateAllArtifacts="true"/>
|
||||
<b:bean id="casEntryPoint"
|
||||
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
|
||||
p:serviceProperties-ref="serviceProperties" p:loginUrl="https://${cas.server.host}/cas/login" />
|
||||
<b:bean id="casFilter"
|
||||
class="org.springframework.security.cas.web.CasAuthenticationFilter"
|
||||
p:authenticationManager-ref="authManager"
|
||||
p:serviceProperties-ref="serviceProperties"
|
||||
p:proxyGrantingTicketStorage-ref="pgtStorage"
|
||||
p:proxyReceptorUrl="/login/cas/proxyreceptor">
|
||||
<b:property name="authenticationDetailsSource">
|
||||
<b:bean class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource">
|
||||
<b:constructor-arg ref="serviceProperties"/>
|
||||
</b:bean>
|
||||
</b:property>
|
||||
<b:property name="authenticationFailureHandler">
|
||||
<b:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
|
||||
p:defaultFailureUrl="/casfailed.jsp"/>
|
||||
</b:property>
|
||||
</b:bean>
|
||||
<!--
|
||||
NOTE: In a real application you should not use an in memory implementation. You will also want
|
||||
to ensure to clean up expired tickets by calling ProxyGrantingTicketStorage.cleanup()
|
||||
-->
|
||||
<b:bean id="pgtStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/>
|
||||
<b:bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
|
||||
p:serviceProperties-ref="serviceProperties"
|
||||
p:key="casAuthProviderKey">
|
||||
<b:property name="authenticationUserDetailsService">
|
||||
<b:bean
|
||||
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
|
||||
<b:constructor-arg ref="userService" />
|
||||
</b:bean>
|
||||
</b:property>
|
||||
<b:property name="ticketValidator">
|
||||
<b:bean
|
||||
class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"
|
||||
p:acceptAnyProxy="true"
|
||||
p:proxyCallbackUrl="https://${cas.service.host}/cas-sample/login/cas/proxyreceptor"
|
||||
p:proxyGrantingTicketStorage-ref="pgtStorage">
|
||||
<b:constructor-arg value="https://${cas.server.host}/cas" />
|
||||
</b:bean>
|
||||
</b:property>
|
||||
<b:property name="statelessTicketCache">
|
||||
<b:bean class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
|
||||
<b:property name="cache">
|
||||
<b:bean id="ehcache" class="net.sf.ehcache.Cache"
|
||||
init-method="initialise"
|
||||
destroy-method="dispose">
|
||||
<b:constructor-arg value="casTickets"/>
|
||||
<b:constructor-arg value="50"/>
|
||||
<b:constructor-arg value="true"/>
|
||||
<b:constructor-arg value="false"/>
|
||||
<b:constructor-arg value="3600"/>
|
||||
<b:constructor-arg value="900"/>
|
||||
<b:property name="cacheManager">
|
||||
<b:bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
|
||||
</b:property>
|
||||
</b:bean>
|
||||
</b:property>
|
||||
</b:bean>
|
||||
</b:property>
|
||||
</b:bean>
|
||||
|
||||
<!-- Configuration for the environment can be overriden by system properties -->
|
||||
<context:property-placeholder system-properties-mode="OVERRIDE" properties-ref="environment"/>
|
||||
<util:properties id="environment">
|
||||
<b:prop key="cas.service.host">localhost:8443</b:prop>
|
||||
<b:prop key="cas.server.host">localhost:9443</b:prop>
|
||||
</util:properties>
|
||||
<!-- Configuration for the environment can be overriden by system properties -->
|
||||
<context:property-placeholder system-properties-mode="OVERRIDE" properties-ref="environment"/>
|
||||
<util:properties id="environment">
|
||||
<b:prop key="cas.service.host">localhost:8443</b:prop>
|
||||
<b:prop key="cas.server.host">localhost:9443</b:prop>
|
||||
</util:properties>
|
||||
</b:beans>
|
||||
|
||||
@@ -5,81 +5,81 @@
|
||||
-->
|
||||
|
||||
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
|
||||
<display-name>Spring Security CAS Demo Application</display-name>
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
|
||||
<display-name>Spring Security CAS Demo Application</display-name>
|
||||
|
||||
<!--
|
||||
- Location of the XML file that defines the root application context
|
||||
- Applied by ContextLoaderListener.
|
||||
-->
|
||||
<context-param>
|
||||
<param-name>contextConfigLocation</param-name>
|
||||
<param-value>
|
||||
/WEB-INF/applicationContext-security.xml
|
||||
</param-value>
|
||||
</context-param>
|
||||
<!--
|
||||
- Location of the XML file that defines the root application context
|
||||
- Applied by ContextLoaderListener.
|
||||
-->
|
||||
<context-param>
|
||||
<param-name>contextConfigLocation</param-name>
|
||||
<param-value>
|
||||
/WEB-INF/applicationContext-security.xml
|
||||
</param-value>
|
||||
</context-param>
|
||||
|
||||
<context-param>
|
||||
<param-name>webAppRootKey</param-name>
|
||||
<param-value>cas.root</param-value>
|
||||
</context-param>
|
||||
<context-param>
|
||||
<param-name>webAppRootKey</param-name>
|
||||
<param-value>cas.root</param-value>
|
||||
</context-param>
|
||||
|
||||
<!--
|
||||
Include the character encoding Filter as per JASIG recommenation when doing Single Sign Out
|
||||
https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out
|
||||
-->
|
||||
<filter>
|
||||
<filter-name>characterEncodingFilter</filter-name>
|
||||
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
|
||||
<init-param>
|
||||
<param-name>encoding</param-name>
|
||||
<param-value>UTF-8</param-value>
|
||||
</init-param>
|
||||
</filter>
|
||||
<filter>
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
|
||||
</filter>
|
||||
<!--
|
||||
Include the character encoding Filter as per JASIG recommenation when doing Single Sign Out
|
||||
https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out
|
||||
-->
|
||||
<filter>
|
||||
<filter-name>characterEncodingFilter</filter-name>
|
||||
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
|
||||
<init-param>
|
||||
<param-name>encoding</param-name>
|
||||
<param-value>UTF-8</param-value>
|
||||
</init-param>
|
||||
</filter>
|
||||
<filter>
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
|
||||
</filter>
|
||||
|
||||
<filter-mapping>
|
||||
<filter-name>characterEncodingFilter</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
<filter-mapping>
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
<filter-mapping>
|
||||
<filter-name>characterEncodingFilter</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
<filter-mapping>
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
<!--
|
||||
Included to support Single Logout. Note that the SingleSignOutFilter is included in the
|
||||
springSecurityFilterChain. However, it could also be placed as the first filter-mapping
|
||||
in the web.xml
|
||||
-->
|
||||
<listener>
|
||||
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
|
||||
</listener>
|
||||
<!--
|
||||
Included to support Single Logout. Note that the SingleSignOutFilter is included in the
|
||||
springSecurityFilterChain. However, it could also be placed as the first filter-mapping
|
||||
in the web.xml
|
||||
-->
|
||||
<listener>
|
||||
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
|
||||
</listener>
|
||||
|
||||
<!--
|
||||
- Loads the root application context of this web app at startup.
|
||||
- The application context is then available via
|
||||
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
|
||||
-->
|
||||
<listener>
|
||||
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
|
||||
</listener>
|
||||
<!--
|
||||
- Loads the root application context of this web app at startup.
|
||||
- The application context is then available via
|
||||
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
|
||||
-->
|
||||
<listener>
|
||||
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
|
||||
</listener>
|
||||
|
||||
<servlet>
|
||||
<servlet-name>ptSampleServlet</servlet-name>
|
||||
<servlet-class>org.springframework.security.samples.cas.web.ProxyTicketSampleServlet</servlet-class>
|
||||
</servlet>
|
||||
<servlet>
|
||||
<servlet-name>ptSampleServlet</servlet-name>
|
||||
<servlet-class>org.springframework.security.samples.cas.web.ProxyTicketSampleServlet</servlet-class>
|
||||
</servlet>
|
||||
|
||||
<servlet-mapping>
|
||||
<servlet-name>ptSampleServlet</servlet-name>
|
||||
<url-pattern>/secure/ptSample</url-pattern>
|
||||
</servlet-mapping>
|
||||
<error-page>
|
||||
<error-code>403</error-code>
|
||||
<location>/403.jsp</location>
|
||||
</error-page>
|
||||
<servlet-mapping>
|
||||
<servlet-name>ptSampleServlet</servlet-name>
|
||||
<url-pattern>/secure/ptSample</url-pattern>
|
||||
</servlet-mapping>
|
||||
<error-page>
|
||||
<error-code>403</error-code>
|
||||
<location>/403.jsp</location>
|
||||
</error-page>
|
||||
</web-app>
|
||||
|
||||
Reference in New Issue
Block a user