diff options
Diffstat (limited to 'ecomp-portal-BE/war/WEB-INF/oid-context.xml')
| -rw-r--r-- | ecomp-portal-BE/war/WEB-INF/oid-context.xml | 455 |
1 files changed, 0 insertions, 455 deletions
diff --git a/ecomp-portal-BE/war/WEB-INF/oid-context.xml b/ecomp-portal-BE/war/WEB-INF/oid-context.xml deleted file mode 100644 index 33458d6d..00000000 --- a/ecomp-portal-BE/war/WEB-INF/oid-context.xml +++ /dev/null @@ -1,455 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - ================================================================================ - eCOMP Portal - ================================================================================ - Copyright (C) 2017 AT&T Intellectual Property - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ================================================================================ - --> - -<beans xmlns="http://www.springframework.org/schema/beans" - xmlns:mvc="http://www.springframework.org/schema/mvc" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xmlns:tx="http://www.springframework.org/schema/tx" - xmlns:context="http://www.springframework.org/schema/context" - xmlns:security="http://www.springframework.org/schema/security" - xmlns:oauth="http://www.springframework.org/schema/security/oauth2" - xmlns:util="http://www.springframework.org/schema/util" - xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd - http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd - http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd - http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd - http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.1.xsd - http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.1.xsd - http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd"> - - <!-- DispatcherServlet Context: defines this servlet's request-processing - infrastructure --> - - - <bean - class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> - <property name="location"> - <value>classpath:openid-connect.properties</value> - </property> - </bean> - - - <!-- Enables the Spring MVC @Controller programming model --> - <mvc:annotation-driven /> - - <mvc:interceptors> - <!-- Inject the UserInfo into the current context --> - <bean id="userInfoInterceptor" class="org.mitre.openid.connect.web.UserInfoInterceptor" /> - </mvc:interceptors> - - <!-- Handles HTTP GET requests for /resources/** by efficiently serving - up static resources in the ${webappRoot}/resources directory --> - <mvc:resources mapping="/resources/**" location="/resources/" /> - - <!-- Resolves views selected for rendering by @Controllers to .jsp resources - in the /WEB-INF/views directory --> - <bean - class="org.springframework.web.servlet.view.InternalResourceViewResolver"> - <property name="prefix" value="/WEB-INF/views/" /> - <property name="suffix" value=".jsp" /> - </bean> - - <context:component-scan base-package="org.openecomp.portalapp.security.openid.controllers" /> - - <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/> - - <security:http auto-config="false" use-expressions="true" disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint" pattern="/**"> - <security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" /> - <security:logout /> - </security:http> - - <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> - <property name="loginFormUrl" value="/openid_connect_login" /> - </bean> - - <security:authentication-manager alias="authenticationManager"> - <security:authentication-provider ref="openIdConnectAuthenticationProvider" /> - </security:authentication-manager> - - <bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider"> - <property name="authoritiesMapper"> - <bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper"> - <property name="admins" ref="namedAdmins" /> - </bean> - </property> - </bean> - - <util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority"> - <!-- - This is an example of how to set up a user as an administrator: they'll be given ROLE_ADMIN in addition to ROLE_USER. - Note that having an administrator role on the IdP doesn't grant administrator access on this client. - - These are values from the demo "openid-connect-server-webapp" project of MITREid Connect. - --> - <bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority"> - <constructor-arg name="subject" value="90342.ASDFJWFA" /> - <constructor-arg name="issuer" value="${authentication_server_url}" /> - </bean> - </util:set> - - - <!-- - - - - The authentication filter - - - --> - <bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter"> - <property name="authenticationManager" ref="authenticationManager" /> - - <property name="issuerService" ref="hybridIssuerService" /> - <property name="serverConfigurationService" ref="dynamicServerConfigurationService" /> - <property name="clientConfigurationService" ref="dynamicClientConfigurationService" /> - <property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" /> - <property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" /> - - </bean> - - - - <!-- - - - - Issuer Services: Determine which identity provider issuer is used. - - - --> - - - <!-- - Static issuer service, returns the same issuer for every request. - --> - <bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService"> - <property name="issuer" value="${authentication_server_url}" /> - </bean> - - <!-- - WebFinger issuer service, does OpenID Connect Discovery on user-entered text (received from the - loginPageUrl page) to find the issuer. The login page needs to return the user-entered text - as the "identifier" parameter as a query parameter. - --> - <bean class="org.mitre.openid.connect.client.service.impl.WebfingerIssuerService" id="webfingerIssuerService"> - <property name="loginPageUrl" value="login" /> - </bean> - - <!-- - Third-party (account chooser) issuer service. Looks for the "iss" parameter on the request - and returns that as the issuer. If there is no "iss" value, redirects to the configured - account chooser URI. This URI should direct back to the login filter URL with an - "iss" value as a query parameter. - --> - <bean class="org.mitre.openid.connect.client.service.impl.ThirdPartyIssuerService"> - <property name="accountChooserUrl" value="http://localhost/account-chooser/" /> - </bean> - - <!-- - Hybrid issuer service. If an issuer is passed in directly with the "iss" parameter, it will use that. If not, it will - look for an "identifier" parameter to do Webfinger discovery on that. Failing that, it will redirect to the login - page URL. - --> - <bean class="org.mitre.openid.connect.client.service.impl.HybridIssuerService" id="hybridIssuerService"> - <property name="loginPageUrl" value="login" /> - <property name="forceHttps" value="false" /> <!-- this default property forces the webfinger issuer URL to be HTTPS, turn off for development work --> - </bean> - - <!-- - - - - Server configuration: determines the parameters and URLs of the server to talk to. - - - --> - - <!-- - Static server configuration, contains a map of server configuration objects keyed by the issuer URL. - --> - <bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService"> - <property name="servers"> - <map> - <entry key="${authentication_server_url}"> - <bean class="org.mitre.openid.connect.config.ServerConfiguration"> - <property name="issuer" value="${authentication_server_url}" /> - <property name="authorizationEndpointUri" value="${authentication_server_url}authorize" /> - <property name="tokenEndpointUri" value="${authentication_server_url}token" /> - <property name="userInfoUri" value="${authentication_server_url}userinfo" /> - <property name="jwksUri" value="${authentication_server_url}jwk" /> - </bean> - </entry> - </map> - </property> - </bean> - - <!-- - Dynamic server configuration, fetches the server's information using OIDC Discovery. - --> - <bean class="org.mitre.openid.connect.client.service.impl.DynamicServerConfigurationService" id="dynamicServerConfigurationService" /> - - <!-- - Hybrid server configuration. Tries to look up a statically configured server in the map, does - dynamic OIDC Discovery if the static lookup fails. - --> - <bean class="org.mitre.openid.connect.client.service.impl.HybridServerConfigurationService"> - <property name="servers"> - <map> - <entry key="${authentication_server_url}"> - <bean class="org.mitre.openid.connect.config.ServerConfiguration"> - <property name="issuer" value="${authentication_server_url}" /> - <property name="authorizationEndpointUri" value="${authentication_server_url}authorize" /> - <property name="tokenEndpointUri" value="${authentication_server_url}token" /> - <property name="userInfoUri" value="${authentication_server_url}userinfo" /> - <property name="jwksUri" value="${authentication_server_url}jwk" /> - </bean> - </entry> - </map> - </property> - </bean> - - - <!-- - - - - Client Configuration: Determine which client identifier and credentials are used. - - - --> - - - <!-- - Dynamic Client Configuration, uses dynamic client registration. This version stores the registered - clients in an in-memory map. To override, add a bean to the registeredClientService property. - --> - - <bean class="org.mitre.openid.connect.client.service.impl.DynamicRegistrationClientConfigurationService" id="dynamicClientConfigurationService"> - <property name="template"> - <bean class="org.mitre.oauth2.model.RegisteredClient"> - <property name="clientName" value="ECOMP Portal OpenId Connect Client1" /> - - <property name="scope"> - <set value-type="java.lang.String"> - <value>openid</value> - <value>email</value> - <value>address</value> - <value>profile</value> - <value>phone</value> - </set> - </property> - <property name="tokenEndpointAuthMethod" value="SECRET_BASIC" /> - <property name="redirectUris"> - <set> - <value>${ecomp_openid_connect_client}</value> - </set> - </property> - </bean> - </property> - <!-- - Registered Client Service. Uncomment this to save dynamically registered clients out to a - file on disk (indicated by the filename property) or replace this with another implementation - of RegisteredClientService. This defaults to an in-memory implementation of RegisteredClientService - which will forget and re-register all clients on restart. - --> - <!-- - <property name="registeredClientService"> - <bean class="org.mitre.openid.connect.client.service.impl.JsonFileRegisteredClientService"> - <constructor-arg name="filename" value="/tmp/simple-web-app-clients.json" /> - </bean> - </property> - --> - </bean> - - <!-- - Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis. - --> - - <bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService"> - <property name="clients"> - <map> - <entry key="${authentication_server_url}"> - <bean class="org.mitre.oauth2.model.RegisteredClient"> - <property name="clientId" value="ecomp" /> - <property name="clientSecret" value="secret" /> - <property name="scope"> - <set value-type="java.lang.String"> - <value>openid</value> - <value>email</value> - <value>address</value> - <value>profile</value> - <value>phone</value> - </set> - </property> - <property name="tokenEndpointAuthMethod" value="SECRET_BASIC" /> - <property name="redirectUris"> - <set> - <value>${ecomp_openid_connect_client}</value> - </set> - </property> - </bean> - </entry> - </map> - </property> - </bean> - - <!-- - Hybrid Client Configuration. Tries to configure a client statically first, but if a client isn't found in the map, - it will dynamically configure one. - --> - <bean class="org.mitre.openid.connect.client.service.impl.HybridClientConfigurationService" id="hybridClientConfigurationService"> - <property name="clients"> - <map> - <entry key="${authentication_server_url}"> - <bean class="org.mitre.oauth2.model.RegisteredClient"> - <property name="clientId" value="client" /> - <property name="clientSecret" value="secret" /> - <property name="scope"> - <set value-type="java.lang.String"> - <value>openid</value> - <value>email</value> - <value>address</value> - <value>profile</value> - <value>phone</value> - </set> - </property> - <property name="tokenEndpointAuthMethod" value="SECRET_BASIC" /> - <property name="redirectUris"> - <set> - <value>${ecomp_openid_connect_client}</value> - </set> - </property> - - </bean> - </entry> - </map> - </property> - <property name="template"> - <bean class="org.mitre.oauth2.model.RegisteredClient"> - <property name="clientName" value="ECOMP Portal OpenId Connect Client2" /> - <property name="scope"> - <set value-type="java.lang.String"> - <value>openid</value> - <value>email</value> - <value>address</value> - <value>profile</value> - <value>phone</value> - </set> - </property> - <property name="tokenEndpointAuthMethod" value="SECRET_BASIC" /> - <property name="redirectUris"> - <set> - <value>${ecomp_openid_connect_client}</value> - </set> - </property> - </bean> - </property> - <!-- - Registered Client Service. Uncomment this to save dynamically registered clients out to a - file on disk (indicated by the filename property) or replace this with another implementation - of RegisteredClientService. This defaults to an in-memory implementation of RegisteredClientService - which will forget and re-register all clients on restart. - --> - <!-- - <property name="registeredClientService"> - <bean class="org.mitre.openid.connect.client.service.impl.JsonFileRegisteredClientService"> - <constructor-arg name="filename" value="/tmp/simple-web-app-clients.json" /> - </bean> - </property> - --> - </bean> - - - <!-- - - - - Auth request options service: returns the optional components of the request - - - --> - <bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService"> - <property name="options"> - <map> - <!-- Entries in this map are sent as key-value parameters to the auth request --> - <!-- - <entry key="display" value="page" /> - <entry key="max_age" value="30" /> - <entry key="prompt" value="none" /> - --> - </map> - </property> - </bean> - - <!-- - - - - Authorization URL Builders: create the URL to redirect the user to for authorization. - - - --> - - <!-- - Plain authorization request builder, puts all options as query parameters on the GET request - --> - <bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" /> - - <!-- - Signed authorization request builder, puts all options as elements in a JWS-signed request object - --> - <bean class="org.mitre.openid.connect.client.service.impl.SignedAuthRequestUrlBuilder" id="signedAuthRequestUrlBuilder"> - <property name="signingAndValidationService" ref="defaultSignerService" /> - </bean> - - <!-- - Encrypted authorization request builder, puts all the options as elements in a JWE-encrypted request object - --> - <bean class="org.mitre.openid.connect.client.service.impl.EncryptedAuthRequestUrlBuilder" id="encryptedAuthRequestUrlBuilder"> - <property name="encrypterService" ref="validatorCache" /> - <property name="alg"> - <util:constant static-field="com.nimbusds.jose.JWEAlgorithm.RSA1_5"/> - </property> - <property name="enc"> - <util:constant static-field="com.nimbusds.jose.EncryptionMethod.A128GCM"/> - </property> - </bean> - - - - - <!-- - - - - Utility beans for the above classes - - - --> - - <!-- - This service fetches and caches JWK sets from URLs. - --> - - <bean id="validatorCache" class="org.mitre.jwt.signer.service.impl.JWKSetCacheService" /> - - <!-- - This service sets up a bunch of signers and validators based on our own keys. - Replace this keystore's contents for a production deployment. - --> - <bean id="defaultSignerService" class="org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService"> - <constructor-arg name="keyStore"> - <bean id="defaultKeyStore" class="org.mitre.jose.keystore.JWKSetKeyStore"> - <property name="location" value="classpath:openid-keystore.jwks" /> - </bean> - </constructor-arg> - <property name="defaultSignerKeyId" value="rsa1" /> - <property name="defaultSigningAlgorithmName" value="RS256" /> - </bean> - - <!-- - This service publishes the client's public key on a the endpoint "jwk" off the root of this client. - --> - <bean id="clientKeyPublisher" class="org.mitre.openid.connect.client.keypublisher.ClientKeyPublisher"> - <property name="jwkPublishUrl" value="jwk" /> - <property name="signingAndValidationService" ref="defaultSignerService" /> - </bean> - -</beans> |