1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans:beans xmlns="http://www.springframework.org/schema/security" 3 xmlns:beans="http://www.springframework.org/schema/beans" 4 xmlns:oauth2="http://www.springframework.org/schema/security/oauth2" 5 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 6 xsi:schemaLocation="http://www.springframework.org/schema/beans 7 http://www.springframework.org/schema/beans/spring-beans-4.2.xsd 8 http://www.springframework.org/schema/security 9 http://www.springframework.org/schema/security/spring-security-4.0.xsd 10 http://www.springframework.org/schema/security/oauth2 11 http://www.springframework.org/schema/security/spring-security-oauth2.xsd"> 12 13 14 <global-method-security pre-post-annotations="enabled" order="0" 15 proxy-target-class="true"> 16 </global-method-security> 17 18 <beans:bean id="sessionRegistry" 19 class="org.springframework.security.core.session.SessionRegistryImpl" /> 20 21 <http security="none" pattern="/resources/**" /> 22 <http security="none" pattern="/favicon.ico" /> 23 24 <beans:beans profile="oauth-authorization-server"> 25 <beans:bean id="oauth2AuthorizationServerJwtAccessTokenConverter" class="org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter" > 26 <beans:property name="signingKey" ref="jwtSigningKey"/> 27 <beans:property name="verifierKey" ref="jwtVerifierKey"/> 28 </beans:bean> 29 30 <beans:bean id="oauth2AuthorizationServerTokenStore" class="org.springframework.security.oauth2.provider.token.store.JwtTokenStore" > 31 <beans:constructor-arg ref="oauth2AuthorizationServerJwtAccessTokenConverter"/> 32 </beans:bean> 33 34 <beans:bean id="oauth2AuthorizationServerTokenServices" 35 class="org.springframework.security.oauth2.provider.token.DefaultTokenServices"> 36 <beans:property name="tokenStore" ref="oauth2AuthorizationServerTokenStore" /> 37 <beans:property name="clientDetailsService" ref="clientDetailsService" /> 38 <beans:property name="tokenEnhancer" ref="oauth2AuthorizationServerJwtAccessTokenConverter" /> 39 <beans:property name="supportRefreshToken" value="true" /> 40 </beans:bean> 41 42 <beans:bean id="oauth2AuthorizationServerClientDetailsUserService" 43 class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService"> 44 <beans:constructor-arg ref="clientDetailsService"/> 45 <beans:property name="passwordEncoder" ref="passwordEncoder"/> 46 </beans:bean> 47 48 <beans:bean id="oauth2AuthorizationServerAuthenticationEntryPoint" 49 class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" /> 50 51 <authentication-manager id="oauth2AuthorizationServerAuthenticationManager"> 52 <authentication-provider user-service-ref="oauth2AuthorizationServerClientDetailsUserService"> 53 <password-encoder ref="passwordEncoder" /> 54 </authentication-provider> 55 </authentication-manager> 56 57 <beans:bean id="oauth2AuthorizationServerUserApprovalHandler" 58 class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler" > 59 <beans:property name="tokenStore" ref="oauth2AuthorizationServerTokenStore" /> 60 <beans:property name="clientDetailsService" ref="clientDetailsService" /> 61 <beans:property name="requestFactory"> 62 <beans:bean class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory"> 63 <beans:constructor-arg ref="clientDetailsService"/> 64 </beans:bean> 65 </beans:property> 66 </beans:bean> 67 68 <beans:bean id="oauth2AuthorizationServerAccessDeniedHandler" 69 class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" /> 70 71 <oauth2:authorization-server 72 token-services-ref="oauth2AuthorizationServerTokenServices" 73 client-details-service-ref="clientDetailsService" 74 user-approval-handler-ref="oauth2AuthorizationServerUserApprovalHandler" 75 user-approval-page="oauth/authorize" 76 error-page="oauth/error" > 77 <oauth2:authorization-code /> 78 <!--<oauth2:implicit />--> 79 <oauth2:refresh-token /> 80 <!--<oauth2:client-credentials />--> 81 <oauth2:password /> 82 </oauth2:authorization-server> 83 84 <http pattern="/oauth/token" use-s="true" create-session="stateless" 85 authentication-manager-ref="oauth2AuthorizationServerAuthenticationManager" 86 entry-point-ref="oauth2AuthorizationServerAuthenticationEntryPoint"> 87 <intercept-url pattern="/oauth/token" access="isFullyAuthenticated()"/> 88 <http-basic /> 89 <access-denied-handler ref="oauth2AuthorizationServerAccessDeniedHandler"/> 90 <csrf disabled="true"/> 91 </http> 92 </beans:beans> 93 94 <beans:beans profile="rest-security-oauth,oauth-resource-server"> 95 <beans:bean id="oauth2ResourceServerJwtAccessTokenConverter" class="org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter" > 96 <beans:property name="verifierKey" ref="jwtVerifierKey"/> 97 </beans:bean> 98 99 <beans:bean id="oauth2ResourceServerTokenStore" class="org.springframework.security.oauth2.provider.token.store.JwtTokenStore" >100 <beans:constructor-arg ref="oauth2ResourceServerJwtAccessTokenConverter"/>101 </beans:bean>102 103 <beans:bean id="oauth2ResourceServerTokenServices"104 class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">105 <beans:property name="tokenStore" ref="oauth2ResourceServerTokenStore" />106 <beans:property name="clientDetailsService" ref="clientDetailsService" />107 <beans:property name="tokenEnhancer" ref="oauth2ResourceServerJwtAccessTokenConverter" />108 <beans:property name="supportRefreshToken" value="true" />109 </beans:bean>110 111 <beans:bean id="oauth2ResourceServerAccessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">112 <beans:constructor-arg>113 <beans:list>114 <beans:bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter"/>115 <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>116 </beans:list>117 </beans:constructor-arg>118 </beans:bean>119 120 <beans:bean id="oauth2ResourceServerAuthenticationEntryPoint"121 class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" />122 123 <beans:bean id="oauth2ResourceServerAccessDeniedHandler"124 class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />125 126 <oauth2:resource-server id="oauth2ResourceServerFilter" resource-id="${oauth.resourceId}" token-services-ref="oauth2ResourceServerTokenServices" />127 128 <http pattern="${rest.rooturl}/**" use-s="false" create-session="stateless"129 entry-point-ref="oauth2ResourceServerAuthenticationEntryPoint"130 access-decision-manager-ref="oauth2ResourceServerAccessDecisionManager">131 132 <intercept-url pattern="${rest.rooturl}/security/**" access="SCOPE_SECURITY"/>133 <intercept-url pattern="${rest.rooturl}/demo/**" access="IS_AUTHENTICATED_FULLY"/>134 <intercept-url pattern="${rest.rooturl}/**" access="DENY_OAUTH"/>135 136 <custom-filter ref="oauth2ResourceServerFilter" before="PRE_AUTH_FILTER"/>137 <access-denied-handler ref="oauth2ResourceServerAccessDeniedHandler"/>138 <csrf disabled="true"/>139 </http>140 </beans:beans>141 142 <beans:beans profile="rest-security-basic">143 <http pattern="${rest.rooturl}/**" use-s="true" create-session="stateless">144 <intercept-url pattern="${rest.rooturl}/**" access="isFullyAuthenticated()"/>145 <http-basic />146 <csrf disabled="true"/>147 </http>148 </beans:beans>149 150 <beans:beans profile="rest-security-none">151 <http security="none" pattern="${rest.rooturl}/**" />152 </beans:beans>153 154 <beans:beans profile="web-security-none">155 <http security="none" pattern="/**" />156 </beans:beans>157 158 <beans:beans profile="web-security-local,web-security-ldap">159 <http use-s="true">160 161 <intercept-url pattern="/login" access="permitAll" />162 <intercept-url pattern="/login/**" access="permitAll" />163 <intercept-url pattern="/logout" access="permitAll" />164 <intercept-url pattern="/oauth/**" access="isFullyAuthenticated()" />165 <intercept-url pattern="/**" access="isFullyAuthenticated()" />166 <form-login login-page="/login" login-processing-url="/login"167 authentication-failure-url="/login?error"168 default-target-url="/" username-parameter="username"169 password-parameter="password" />170 <logout logout-url="/logout" logout-success-url="/login?loggedOut"171 invalidate-session="true" delete-cookies="JSESSIONID" />172 173 <session-management invalid-session-url="/login"174 session-fixation-protection="migrateSession">175 <concurrency-control max-sessions="1"176 error-if-maximum-exceeded="false"177 session-registry-ref="sessionRegistry" />178 </session-management>179 180 <csrf disabled="true" />181 182 </http>183 </beans:beans>184 185 <beans:beans profile="web-security-local">186 <authentication-manager>187 <authentication-provider user-service-ref="userDetailsService">188 <password-encoder ref="passwordEncoder" />189 </authentication-provider>190 </authentication-manager>191 </beans:beans>192 193 <beans:beans profile="web-security-ldap">194 <authentication-manager>195 <authentication-provider ref="ldapAuthenticationProvider" />196 </authentication-manager>197 198 <beans:bean id="ldapAuthenticationProvider"199 class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">200 <beans:constructor-arg index="0"201 ref="ldapAuthenticator" />202 <beans:constructor-arg index="1"203 ref="ldapAuthoritiesPopulator" />204 </beans:bean>205 206 <beans:bean id="ldapAuthenticator"207 class="org.springframework.security.ldap.authentication.BindAuthenticator">208 <beans:constructor-arg ref="ldapContextSource" />209 <beans:property name="userSearch" ref="ldapUserSearch" />210 </beans:bean>211 212 <beans:bean id="ldapUserSearch"213 class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">214 <beans:constructor-arg index="0"215 value="${ldap.searchBase}" />216 <beans:constructor-arg index="1"217 value="${ldap.searchFilter}" />218 <beans:constructor-arg index="2"219 ref="ldapContextSource" />220 </beans:bean>221 222 <beans:bean id="ldapContextSource"223 class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">224 <beans:constructor-arg value="${ldap.url}" />225 <beans:property name="userDn" value="${ldap.userDN}" />226 <beans:property name="password" value="${ldap.password}" />227 </beans:bean>228 229 <beans:bean id="ldapAuthoritiesPopulator"230 class="org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator">231 <beans:constructor-arg ref="userDetailsService" />232 </beans:bean>233 </beans:beans>234 235 <beans:beans profile="web-security-cas">236 <http use-s="true" auto-config="false" entry-point-ref="casEntryPoint" servlet-api-provision="true">237 <intercept-url pattern="${cas.localSystemLoginUrl}" access="permitAll" />238 <intercept-url pattern="/logout" access="permitAll" />239 <intercept-url pattern="/**" access="isFullyAuthenticated()" />240 <custom-filter position="CAS_FILTER" ref="casFilter"/>241 <custom-filter before="CAS_FILTER" ref="singleLogoutFilter" />242 <custom-filter before="LOGOUT_FILTER" ref="requestSingleLogoutFilter" />243 <logout logout-url="/logout" logout-success-url="/login?loggedOut"244 invalidate-session="true" delete-cookies="JSESSIONID" />245 246 <session-management invalid-session-url="/login"247 session-fixation-protection="migrateSession">248 <concurrency-control max-sessions="1"249 error-if-maximum-exceeded="false" />250 </session-management>251 252 <csrf disabled="true" />253 254 </http>255 256 <authentication-manager alias="authenticationManager">257 <authentication-provider ref="casAuthenticationProvider" />258 </authentication-manager>259 260 <beans:bean id="serviceProperties"261 class="org.springframework.security.cas.ServiceProperties">262 <beans:property name="service"263 value="${cas.localSystemUrl}${cas.localSystemLoginUrl}" />264 <beans:property name="sendRenew" value="false" />265 </beans:bean>266 267 <beans:bean id="casEntryPoint"268 class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">269 <beans:property name="loginUrl" value="${cas.loginUrl}" />270 <beans:property name="serviceProperties" ref="serviceProperties" />271 </beans:bean>272 273 <beans:bean id="casAuthenticationProvider"274 class="org.springframework.security.cas.authentication.CasAuthenticationProvider">275 <beans:property name="userDetailsService" ref="userDetailsService" />276 <beans:property name="serviceProperties" ref="serviceProperties" />277 <beans:property name="ticketValidator">278 <beans:bean279 class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">280 <beans:constructor-arg index="0"281 value="${cas.url}" />282 </beans:bean>283 </beans:property>284 <beans:property name="key"285 value="an_id_for_this_auth_provider_only" />286 </beans:bean>287 288 <beans:bean id="casFilter"289 class="org.springframework.security.cas.web.CasAuthenticationFilter">290 <beans:property name="authenticationManager" ref="authenticationManager" />291 <beans:property name="filterProcessesUrl" value="${cas.localSystemLoginUrl}" />292 </beans:bean>293 294 <beans:bean id="singleLogoutFilter"295 class="org.jasig.cas.client.session.SingleSignOutFilter" />296 297 <beans:bean id="requestSingleLogoutFilter"298 class="org.springframework.security.web.authentication.logout.LogoutFilter">299 <beans:constructor-arg value="${cas.logoutUrl}" />300 <beans:constructor-arg>301 <beans:bean302 class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />303 </beans:constructor-arg>304 <beans:property name="filterProcessesUrl" value="/logout" />305 </beans:bean>306 </beans:beans>307 308 </beans:beans>
联系客服
