uoa-repository-manager-service/src/main/webapp/WEB-INF/aai-security.xml

157 lines
7.1 KiB
XML
Raw Normal View History

2018-03-14 15:47:14 +01:00
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
2018-05-03 12:42:47 +02:00
xsi:schemaLocation="http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-4.1.xsd"
2018-03-14 15:47:14 +01:00
default-autowire="byType">
2018-03-14 15:47:14 +01:00
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="268435456"/>
</bean>
<!--<bean id="webexpressionHandler"
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>-->
2018-03-14 15:47:14 +01:00
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/>
2018-03-14 15:47:14 +01:00
<security:http auto-config="false" use-expressions="true"
disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
pattern="/**">
<security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
<security:logout logout-url="/openid_logout" invalidate-session="true"
delete-cookies="openAIRESession" logout-success-url="${webapp.dev.front}"/>
2018-03-14 15:47:14 +01:00
</security:http>
2018-03-14 15:47:14 +01:00
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
<constructor-arg type="java.lang.String" value="/openid_connect_login"/>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="openIdConnectAuthenticationProvider" />
</security:authentication-manager>
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
<property name="authoritiesMapper">
2019-01-03 13:19:45 +01:00
<bean class="eu.dnetlib.repo.manager.config.OpenAireProviderAuthoritiesMapper">
<constructor-arg name="userRoles" ref="userRoles"/>
2018-03-14 15:47:14 +01:00
</bean>
</property>
</bean>
<util:map id="userRoles">
<entry key="urn:geant:openaire.eu:group:Super+Administrator#aai.openaire.eu" value="ROLE_ADMIN"/>
<entry key="urn:geant:openaire.eu:group:Content+Provider+Dashboard+Administrator#aai.openaire.eu" value="ROLE_PROVIDE_ADMIN"/>
</util:map>
2018-03-14 15:47:14 +01:00
2019-01-03 13:19:45 +01:00
<bean class="eu.dnetlib.repo.manager.config.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect"
2018-04-17 12:12:47 +02:00
init-method="init">
2018-03-14 15:47:14 +01:00
<property name="frontEndURI" value="${webapp.dev.front}"/>
</bean>
<!--
-
- The authentication filter
-
-->
<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="issuerService" ref="staticIssuerService" />
<property name="serverConfigurationService" ref="staticServerConfigurationService" />
<property name="clientConfigurationService" ref="staticClientConfigurationService" />
<property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
<property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
<property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
</bean>
<!--
Static issuer service, returns the same issuer for every request.
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
<property name="issuer" value="${oidc.issuer}" />
</bean>
<!--
Dynamic server configuration, fetches the server's information using OIDC Discovery.
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
<property name="servers">
<map>
<entry key="${oidc.issuer}">
<bean class="org.mitre.openid.connect.config.ServerConfiguration">
<property name="issuer" value="${oidc.issuer}" />
<property name="authorizationEndpointUri" value="${oidc.issuer}authorize" />
<property name="tokenEndpointUri" value="${oidc.issuer}token" />
<property name="userInfoUri" value="${oidc.issuer}userinfo" />
<property name="jwksUri" value="${oidc.issuer}jwk" />
<property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
</bean>
</entry>
</map>
</property>
</bean>
<!--
Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
<property name="clients">
<map>
<entry key="${oidc.issuer}">
<bean class="org.mitre.oauth2.model.RegisteredClient">
<property name="clientId" value="${oidc.id}" />
<property name="clientSecret" value="${oidc.secret}" />
<property name="scope">
<set value-type="java.lang.String">
<value>openid</value>
</set>
</property>
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
<property name="redirectUris">
<set>
<value>${oidc.dev.home}</value>
2018-03-14 15:47:14 +01:00
</set>
</property>
</bean>
</entry>
</map>
</property>
</bean>
<!--
-
- Auth request options service: returns the optional components of the request
-
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
<property name="options">
<map>
<!-- Entries in this map are sent as key-value parameters to the auth request -->
<!--
<entry key="display" value="page" />
<entry key="max_age" value="30" />
<entry key="prompt" value="none" />
-->
</map>
</property>
</bean>
<!--
Plain authorization request builder, puts all options as query parameters on the GET request
-->
<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
</beans>