deployerConfigContext.xml
9.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >
<property name="attributeRepository" ref="attributeRepository" />
</bean>
<bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
</list>
</property>
<property name="authenticationHandlers">
<list>
<!--<bean class="weaver.loginsso.WeaverHttpAuthenticationHandler" p:httpClient-ref="httpClient" p:requireSecure="false" />-->
<!--<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />-->
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource"></property>
<property name="sql" value="SELECT id,password,isADAccount from (SELECT id,loginid,password,isADAccount FROM HrmResource UNION ALL SELECT id,loginid,password,null as isADAccount FROM HrmResourceManager) t WHERE loginid=?"></property>
<!--<property name="sql" value="SELECT id,password,isADAccount FROM HrmResource WHERE loginid=?"></property>-->
<property name="passwordEncoder" ref="MD5PasswordEncoder" />
</bean>
<!--<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"-->
<!--p:filter="uid=%u"-->
<!--p:searchBase="OU=liul-test,DC=lw,DC=com"-->
<!--p:contextSource-ref="contextSource" />-->
<!--<bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"-->
<!--p:filter="%u"-->
<!--p:contextSource-ref="contextSource"-->
<!--/>-->
</list>
</property>
</bean>
<!--
This bean defines the security roles for the Services Management application. Simple deployments can use the in-memory version.
More robust deployments will want to use another option, such as the Jdbc version.
The name of this should remain "userDetailsService" in order for Spring Security to find it.
-->
<!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />-->
<sec:user-service id="userDetailsService">
<sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused"
authorities="ROLE_ADMIN" />
</sec:user-service>
<!--
Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation
may go against a database or LDAP server. The id should remain "attributeRepository" though.
-->
<bean id="attributeRepository" class="weaver.authentication.dao.SSOStubPersonAttributeDao"
p:ssoUserDaoJdbc-ref="ssoUserDaoJdbc" p:userNameAttribute="userUid" >
<!--<property name="backingMap">-->
<!--<map>-->
<!--<entry key="uid" value="uid" />-->
<!--<entry key="eduPersonAffiliation"-->
<!--value="eduPersonAffiliation" />-->
<!--<entry key="groupMembership" value="groupMembership" />-->
<!--</map>-->
<!--</property>-->
</bean>
<!--
Sample, in-memory data store for the ServiceRegistry. A real implementation
would probably want to replace this with the JPA-backed ServiceRegistry DAO
The name of this bean should remain "serviceRegistryDao".
-->
<bean id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean
class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="0" />
<property name="name" value="HTTP and IMAP" />
<property name="description"
value="Allows HTTP(S) and IMAP(S) protocols" />
<property name="serviceId"
value="^(https?|imaps?)://.*" />
<property name="evaluationOrder" value="10000001" />
<property name="ignoreAttributes" value="true" />
</bean>
<!--以下OAUTH2配置-->
<!--回调地址-->
<!--<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="1" />
<property name="name" value="HTTP" />
<property name="description" value="oauth wrapper callback url" />
<property name="serviceId" value="${server.prefix}/oauth2.0/callbackAuthorize" />
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="2" />
<property name="name" value="key" />
<property name="description" value="secret" />
<property name="serviceId" value="http://www.yoodb.com" />
<property name="theme" value="Yoodb" />
</bean>-->
<!--
Use the following definition instead of the above to further restrict access
to services within your domain (including subdomains).
Note that example.com must be replaced with the domain you wish to permit.
-->
<!--
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="1" />
<property name="name" value="HTTP and IMAP on example.com" />
<property name="description" value="Allows HTTP(S) and IMAP(S) protocols on example.com" />
<property name="serviceId" value="^(https?|imaps?)://([A-Za-z0-9_-]+\.)*example\.com/.*" />
<property name="evaluationOrder" value="0" />
</bean>
-->
</list>
</property>
</bean>
<bean id="auditTrailManager"
class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
<bean id="healthCheckMonitor"
class="org.jasig.cas.monitor.HealthCheckMonitor">
<property name="monitors">
<list>
<bean class="org.jasig.cas.monitor.MemoryMonitor"
p:freeMemoryWarnThreshold="10" />
<!--
NOTE
The following ticket registries support SessionMonitor:
* DefaultTicketRegistry
* JpaTicketRegistry
Remove this monitor if you use an unsupported registry.
-->
<bean class="org.jasig.cas.monitor.SessionMonitor"
p:ticketRegistry-ref="ticketRegistry"
p:serviceTicketCountWarnThreshold="5000"
p:sessionCountWarnThreshold="100000" />
</list>
</property>
</bean>
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="${DriverClasses}" />
<property name="url" value="${ecology.url}" />
<property name="username" value="${ecology.user}" />
<property name="password" value="${ecology.password}" />
</bean>
<bean id="MD5PasswordEncoder" class="weaver.authentication.handler.encoder.MD5PasswordEncoder" />
<bean id="SM3PasswordEncoder" class="weaver.authentication.handler.encoder.SM3PasswordEncoder" >
<property name="dataSource" ref="dataSource"></property>
<property name="sql" value="SELECT id,password,salt from (SELECT id,loginid,password,salt FROM HrmResource UNION ALL SELECT id,loginid,password,salt FROM HrmResourceManager) t WHERE loginid=?"></property>
</bean>
<bean id="ssoUserDaoJdbc" class="weaver.authentication.dao.SSOUserDaoJdbc"
p:dataSource-ref="dataSource"
p:sql="SELECT * from HrmResource where loginid = ?;SELECT appid,apploginid FROM WEAVER_SSO_USER_MAPPING WHERE loginid=?"
/>
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<!-- DO NOT enable JNDI pooling for context sources that perform LDAP bind operations. -->
<property name="pooled" value="false"/>
<!--
Although multiple URLs may defined, it's strongly recommended to avoid this configuration
since the implementation attempts hosts in sequence and requires a connection timeout
prior to attempting the next host, which incurs unacceptable latency on node failure.
A proper HA setup for LDAP directories should use a single virtual host that maps to multiple
real hosts using a hardware load balancer.
-->
<property name="url" value="ldap://192.168.7.217:389" />
<!--
Manager credentials are only required if your directory does not support anonymous searches.
Never provide these credentials for FastBindLdapAuthenticationHandler since the user's
credentials are used for the bind operation.
-->
<property name="userDn" value="OU=liul-test,DC=lw,DC=com"/>
<property name="password" value="WEAVERecology123456"/>
<!-- Place JNDI environment properties here. -->
<property name="baseEnvironmentProperties">
<map>
<!-- Three seconds is an eternity to users. -->
<entry key="com.sun.jndi.ldap.connect.timeout" value="3000" />
<entry key="com.sun.jndi.ldap.read.timeout" value="3000" />
<!-- Explained at http://docs.oracle.com/javase/jndi/tutorial/ldap/security/auth.html -->
<entry key="java.naming.security.authentication" value="simple" />
</map>
</property>
</bean>
</beans>