Merge branch 'Single_Spring_Context_file'
commit
a9088b4999
|
@ -1,54 +1,71 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:mvc="http://www.springframework.org/schema/mvc"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:tx="http://www.springframework.org/schema/tx"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:task="http://www.springframework.org/schema/task"
|
||||
xmlns:jwt-signer="http://www.mitre.org/schema/openid-connect/jwt-signer"
|
||||
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
|
||||
http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
|
||||
http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.1.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
|
||||
http://www.mitre.org/schema/openid-connect/jwt-signer http://www.mitre.org/schema/openid-connect/jwt-signer/jwt-signer-1.0.xsd
|
||||
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
|
||||
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
|
||||
|
||||
<!-- Root Context: defines shared resources visible to all other web components -->
|
||||
<!-- Scan for components -->
|
||||
<context:component-scan annotation-config="true" base-package="org.mitre"/>
|
||||
|
||||
<!-- Enables the Spring MVC @Controller programming model -->
|
||||
<tx:annotation-driven transaction-manager="transactionManager" />
|
||||
<mvc:annotation-driven />
|
||||
<mvc:default-servlet-handler />
|
||||
|
||||
<!-- Bean to hold configuration propreties -->
|
||||
<bean id="configBean" class="org.mitre.openid.connect.config.ConfigurationPropertiesBean">
|
||||
<property name="issuer" value="http://localhost/" />
|
||||
<property name="defaultJwtSigner" value="rsa1"/>
|
||||
</bean>
|
||||
|
||||
<!-- Import the data context -->
|
||||
<import resource="data-context.xml" />
|
||||
|
||||
<!-- Begin Spring Security configuration -->
|
||||
|
||||
<!-- Spring Security configuration -->
|
||||
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="springSecurityAuthenticationManager"/>
|
||||
|
||||
<security:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
|
||||
xmlns="http://www.springframework.org/schema/security">
|
||||
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
|
||||
<anonymous enabled="false" />
|
||||
<http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
|
||||
entry-point-ref="oauthAuthenticationEntryPoint">
|
||||
<security:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
|
||||
<security:anonymous enabled="false" />
|
||||
<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
|
||||
<!-- include this only if you need to authenticate clients via request parameters -->
|
||||
<custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
|
||||
<access-denied-handler ref="oauthAccessDeniedHandler" />
|
||||
<security:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
|
||||
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
|
||||
</security:http>
|
||||
|
||||
<security:http use-expressions="true" auto-config="true" pattern="/oauth/authorize" authentication-manager-ref="springSecurityAuthenticationManager">
|
||||
<security:intercept-url pattern="/oauth/authorize" access="hasRole('ROLE_USER')"/>
|
||||
<!-- intercept-url with access=permitall means a permissive (lets everything through) filter will be applied -->
|
||||
<security:http auto-config="true" disable-url-rewriting="true"> <!-- authentication-manager-ref="springSecurityAuthenticationManager" -->
|
||||
<security:intercept-url pattern="/oauth/**" access="ROLE_USER" />
|
||||
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
|
||||
<security:anonymous />
|
||||
</security:http>
|
||||
|
||||
<!-- means no filter will be applied -->
|
||||
<security:http auto-config="true" pattern="/openidconnect/token" authentication-manager-ref="springSecurityAuthenticationManager" security="none"/>
|
||||
|
||||
<security:http auto-config="true" use-expressions="true" authentication-manager-ref="springSecurityAuthenticationManager">
|
||||
<security:intercept-url pattern="/**" access="permitAll"/>
|
||||
</security:http>
|
||||
<bean class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler" id="userApprovalHandler">
|
||||
<property name="tokenServices" ref="defaultOAuth2ProviderTokenService"/>
|
||||
</bean>
|
||||
|
||||
<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
|
||||
<property name="realmName" value="openidconnect" />
|
||||
</bean>
|
||||
|
||||
<!-- SECOAUTH Authorization Server, with our custom token granter plugged in -->
|
||||
<oauth:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService"
|
||||
token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="connectAuthCodeTokenGranter"
|
||||
user-approval-handler-ref="userApprovalHandler">
|
||||
<oauth:authorization-code authorization-code-services-ref="authCodeServices" />
|
||||
</oauth:authorization-server>
|
||||
|
||||
<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
|
||||
|
||||
<bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
|
||||
|
@ -67,7 +84,7 @@
|
|||
|
||||
<bean id="authCodeServices" class="org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices"/>
|
||||
|
||||
<security:authentication-manager alias="springSecurityAuthenticationManager">
|
||||
<security:authentication-manager alias="authenticationManager">
|
||||
<security:authentication-provider>
|
||||
<security:user-service id="userDetailsService">
|
||||
<security:user name="jricher" password="password" authorities="ROLE_USER, ROLE_ADMIN" />
|
||||
|
@ -81,28 +98,15 @@
|
|||
</security:authentication-provider>
|
||||
</security:authentication-manager>
|
||||
|
||||
<!-- End Spring Security configuration -->
|
||||
<!-- End Spring Security configuration -->
|
||||
|
||||
<tx:annotation-driven transaction-manager="transactionManager" />
|
||||
<!-- JPA -->
|
||||
|
||||
<bean id="jpaAdapter" class="org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter">
|
||||
<property name="databasePlatform" value="org.eclipse.persistence.platform.database.MySQLPlatform" />
|
||||
<property name="showSql" value="true" />
|
||||
</bean>
|
||||
|
||||
<bean id="configBean" class="org.mitre.openid.connect.config.ConfigurationPropertiesBean">
|
||||
<property name="issuer" value="http://localhost/" />
|
||||
<property name="defaultJwtSigner" value="rsa1"/>
|
||||
</bean>
|
||||
|
||||
<!-- Map our custom exception classes to named views -->
|
||||
<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
|
||||
<property name="exceptionMappings">
|
||||
<props>
|
||||
</props>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
|
||||
<property name="entityManagerFactory" ref="entityManagerFactory" />
|
||||
</bean>
|
||||
|
@ -121,6 +125,10 @@
|
|||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- End JPA -->
|
||||
|
||||
<!-- Crypto -->
|
||||
|
||||
<bean id="defaultKeystore" class="org.mitre.jwt.signer.service.impl.KeyStore">
|
||||
<constructor-arg name="location" value="classpath:keystore.jks" />
|
||||
<constructor-arg name="password" value="changeit" />
|
||||
|
@ -147,14 +155,45 @@
|
|||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- End Crypto -->
|
||||
|
||||
<!-- View configuration -->
|
||||
|
||||
<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
|
||||
<mvc:resources mapping="/resources/**" location="/resources/" />
|
||||
|
||||
<!-- Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory -->
|
||||
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
|
||||
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
|
||||
<property name="prefix" value="/WEB-INF/views/" />
|
||||
<property name="suffix" value=".jsp" />
|
||||
<property name="order" value="2"/>
|
||||
</bean>
|
||||
|
||||
<!-- Resolve views based on string names -->
|
||||
<bean class="org.springframework.web.servlet.view.BeanNameViewResolver" >
|
||||
<property name="order" value="1"/>
|
||||
</bean>
|
||||
|
||||
<!-- Map our custom exception classes to named views -->
|
||||
<!-- <bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"> -->
|
||||
<!-- <property name="exceptionMappings"> -->
|
||||
<!-- </property> -->
|
||||
<!-- </bean> -->
|
||||
|
||||
<!-- JSON views for each type of model object -->
|
||||
<bean id="jsonOpenIdConfigurationView" class="org.mitre.swd.view.JsonOpenIdConfigurationView" />
|
||||
<bean id="jsonSwdResponseView" class="org.mitre.swd.view.SwdResponse" />
|
||||
<bean id="jwkKeyList" class="org.mitre.openid.connect.view.JwkKeyListView" />
|
||||
|
||||
<bean id="jsonUserInfoView" class="org.mitre.openid.connect.view.JSONUserInfoView"/>
|
||||
<bean id="jsonIdTokenView" class="org.mitre.openid.connect.view.JSONIdTokenView"/>
|
||||
|
||||
<!-- End view configuration -->
|
||||
|
||||
<!-- scheduled tasks -->
|
||||
<!-- <task:scheduler id="taskScheduler" pool-size="10" /> -->
|
||||
<!-- <task:executor id="taskExecutor" pool-size="5" /> -->
|
||||
<!-- <task:annotation-driven scheduler="taskScheduler" executor="taskExecutor" /> -->
|
||||
|
||||
<!-- load everything except controllers (those get handled elsewhere) -->
|
||||
<context:component-scan annotation-config="true" base-package="org.mitre">
|
||||
<context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller" />
|
||||
</context:component-scan>
|
||||
|
||||
</beans>
|
|
@ -1,22 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:mvc="http://www.springframework.org/schema/mvc"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.4.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
|
||||
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
|
||||
|
||||
<!-- Scans within the base package of the application for @Components to configure as beans -->
|
||||
|
||||
<context:component-scan base-package="org.mitre">
|
||||
<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller" />
|
||||
</context:component-scan>
|
||||
|
||||
<context:component-scan base-package="org.mitre">
|
||||
<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller" />
|
||||
</context:component-scan>
|
||||
|
||||
</beans>
|
|
@ -1,62 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:beans="http://www.springframework.org/schema/beans"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
|
||||
xmlns:tx="http://www.springframework.org/schema/tx"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd
|
||||
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
|
||||
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
|
||||
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
|
||||
|
||||
<!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure -->
|
||||
|
||||
<!-- Enables the Spring MVC @Controller programming model -->
|
||||
<annotation-driven />
|
||||
|
||||
<tx:annotation-driven transaction-manager="transactionManager" />
|
||||
|
||||
<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
|
||||
<resources mapping="/resources/**" location="/resources/" />
|
||||
|
||||
<!-- Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory -->
|
||||
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
|
||||
<beans:property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
|
||||
<beans:property name="prefix" value="/WEB-INF/views/" />
|
||||
<beans:property name="suffix" value=".jsp" />
|
||||
<beans:property name="order" value="2"/>
|
||||
</beans:bean>
|
||||
|
||||
<!-- Resolve views based on string names -->
|
||||
<beans:bean class="org.springframework.web.servlet.view.BeanNameViewResolver" >
|
||||
<beans:property name="order" value="1"/>
|
||||
</beans:bean>
|
||||
|
||||
<!-- JSON views for each type of model object -->
|
||||
<beans:bean id="jsonOpenIdConfigurationView" class="org.mitre.swd.view.JsonOpenIdConfigurationView" />
|
||||
<beans:bean id="jsonSwdResponseView" class="org.mitre.swd.view.SwdResponse" />
|
||||
<beans:bean id="jwkKeyList" class="org.mitre.openid.connect.view.JwkKeyListView" />
|
||||
|
||||
<beans:bean id="jsonUserInfoView" class="org.mitre.openid.connect.view.JSONUserInfoView"/>
|
||||
<beans:bean id="jsonIdTokenView" class="org.mitre.openid.connect.view.JSONIdTokenView"/>
|
||||
|
||||
<beans:import resource="controllers.xml" />
|
||||
|
||||
<beans:bean class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler" id="userApprovalHandler">
|
||||
<beans:property name="tokenServices" ref="defaultOAuth2ProviderTokenService"/>
|
||||
</beans:bean>
|
||||
|
||||
<!-- SECOAUTH Authorization Server, with our custom token granter plugged in -->
|
||||
<oauth:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService"
|
||||
token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="connectAuthCodeTokenGranter"
|
||||
user-approval-handler-ref="userApprovalHandler"
|
||||
authorization-endpoint-url="/openidconnect/auth" token-endpoint-url="/openidconnect/token"
|
||||
>
|
||||
<oauth:authorization-code authorization-code-services-ref="authCodeServices" />
|
||||
</oauth:authorization-server>
|
||||
|
||||
</beans:beans>
|
|
@ -3,44 +3,32 @@
|
|||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
|
||||
|
||||
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
|
||||
<context-param>
|
||||
<param-name>contextConfigLocation</param-name>
|
||||
<param-value>
|
||||
/WEB-INF/spring/application-context.xml
|
||||
</param-value>
|
||||
</context-param>
|
||||
|
||||
<!-- Creates the Spring Container shared by all Servlets and Filters -->
|
||||
<listener>
|
||||
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
|
||||
</listener>
|
||||
|
||||
<!-- Since we defined a custom authorization-endpoint-url, we need an additional filter: -->
|
||||
<!-- filter through Spring Security -->
|
||||
<filter>
|
||||
<filter-name>oauth2EndpointUrlFilter</filter-name>
|
||||
<filter-name>clientCredentialsTokenEndpointFilter</filter-name>
|
||||
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
|
||||
<init-param>
|
||||
<param-name>contextAttribute</param-name>
|
||||
<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.appServlet</param-value>
|
||||
<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
|
||||
</init-param>
|
||||
</filter>
|
||||
|
||||
<filter-mapping>
|
||||
<filter-name>oauth2EndpointUrlFilter</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
<!-- filter through Spring Security -->
|
||||
<filter>
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
|
||||
<init-param>
|
||||
<param-name>contextAttribute</param-name>
|
||||
<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.appServlet</param-value>
|
||||
<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
|
||||
</init-param>
|
||||
</filter>
|
||||
|
||||
<filter-mapping>
|
||||
<filter-name>clientCredentialsTokenEndpointFilter</filter-name>
|
||||
<url-pattern>/oauth/token</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
<filter-mapping>
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
|
@ -48,17 +36,13 @@
|
|||
|
||||
<!-- Processes application requests -->
|
||||
<servlet>
|
||||
<servlet-name>appServlet</servlet-name>
|
||||
<servlet-name>spring</servlet-name>
|
||||
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
|
||||
<init-param>
|
||||
<param-name>contextConfigLocation</param-name>
|
||||
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
|
||||
</init-param>
|
||||
<load-on-startup>1</load-on-startup>
|
||||
</servlet>
|
||||
|
||||
<servlet-mapping>
|
||||
<servlet-name>appServlet</servlet-name>
|
||||
<servlet-name>spring</servlet-name>
|
||||
<url-pattern>/</url-pattern>
|
||||
</servlet-mapping>
|
||||
|
||||
|
|
Loading…
Reference in New Issue