Skip to content
Permalink
Browse files
Merge pull request #40 from amarkevich/spring-security-4
fediz-idp: adopt to Spring Security 4.x
  • Loading branch information
coheigea committed Jun 11, 2020
2 parents f13f4c4 + 9ec71a3 commit 79796b0570d1649bd3639faa5ba2adc76633b029
Showing 11 changed files with 50 additions and 32 deletions.
@@ -29,10 +29,6 @@
<name>Apache Fediz IDP Core</name>
<packaging>jar</packaging>

<properties>
<spring.security.version>3.2.10.RELEASE</spring.security.version>
</properties>

<dependencies>
<dependency>
<groupId>junit</groupId>
@@ -92,14 +92,12 @@
</bean>

<bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<property name="decisionVoters">
<constructor-arg>
<list>
<bean class="org.springframework.security.access.vote.RoleVoter">
<property name="rolePrefix" value="ROLE_" />
</bean>
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</property>
</constructor-arg>
</bean>

</beans>
@@ -25,7 +25,7 @@
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-4.3.xsd
">
@@ -24,7 +24,7 @@
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/security/spring-security.xsd
">

<!-- DISABLE in production as it might log confidential information about the user -->
@@ -24,13 +24,14 @@
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/security/spring-security.xsd
">

<!-- DISABLE in production as it might log confidential information about the user -->
<!-- <security:debug /> -->

<security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager">
<security:csrf disabled="true"/>
<security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
<security:intercept-url pattern="/services/rs/**" access="isAuthenticated()" />
@@ -56,7 +57,7 @@
<security:salt-source user-property="username" />
</security:password-encoder>
-->
<security:user-service properties="classpath:/users.properties" />
<security:user-service properties="classpath:/users.properties" />
</security:authentication-provider>
<security:authentication-provider ref="stsUPAuthProvider" />
</security:authentication-manager>
@@ -24,7 +24,7 @@
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/security/spring-security.xsd
">

<!-- DISABLE in production as it might log confidential information about the user -->
@@ -47,11 +47,11 @@
username-parameter="username"
password-parameter="password"
/-->
<security:logout logout-url="/federation/up/logout"
logout-success-url="/federation/up/login?out"
delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
invalidate-session="true"
/>
<security:logout logout-url="/federation/up/logout"
logout-success-url="/federation/up/login?out"
delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
invalidate-session="true"
/>

<security:headers>
<security:content-type-options />
@@ -62,6 +62,7 @@

<!-- HTTP/BA entry point for SAML SSO -->
<security:http pattern="/saml/up/**" use-expressions="true">
<security:csrf disabled="true"/>
<security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAuthenticated()" />
<security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
@@ -74,11 +75,11 @@
username-parameter="username"
password-parameter="password"
/-->
<security:logout logout-url="/saml/up/logout"
logout-success-url="/saml/up/login?out"
delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
invalidate-session="true"
/>
<security:logout logout-url="/saml/up/logout"
logout-success-url="/saml/up/login?out"
delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
invalidate-session="true"
/>

<security:headers>
<security:content-type-options />
@@ -27,7 +27,7 @@
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.3.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/security/spring-security.xsd
">

<context:property-placeholder location="classpath:realm.properties" />
@@ -46,6 +46,11 @@
<!-- The user has no role during the login phase of WS-Federation -->
<security:global-method-security pre-post-annotations="enabled" />

<!-- Remove the ROLE_ prefix -->
<bean id="grantedAuthorityDefaults" class="org.springframework.security.config.core.GrantedAuthorityDefaults">
<constructor-arg value="" />
</bean>

<!-- Redirects to a dedicated http config -->
<bean id="fedizEntryPoint" class="org.apache.cxf.fediz.service.idp.FedizEntryPoint">
<property name="realm" value="${realm-uri}" />
@@ -54,6 +59,7 @@

<!-- Main entry point for WS-Federation -->
<security:http pattern="/federation" use-expressions="true" entry-point-ref="fedizEntryPoint">
<security:csrf disabled="true"/>
<security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
<security:intercept-url pattern="/FederationMetadata/2007-06/FederationMetadata.xml" access="isAnonymous() or isAuthenticated()" />
@@ -68,6 +74,7 @@

<!-- Main entry point for SAML SSO -->
<security:http pattern="/saml" use-expressions="true" entry-point-ref="fedizEntryPoint">
<security:csrf disabled="true"/>
<security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />

@@ -77,13 +84,13 @@
<security:xss-protection />
</security:headers>
</security:http>
<security:authentication-manager alias="authenticationManagers">

<security:authentication-manager alias="authenticationManagers" id="authenticationManagers">
<security:authentication-provider ref="stsUPAuthProvider" />
<security:authentication-provider ref="stsKrbAuthProvider" />
<security:authentication-provider ref="stsClientCertAuthProvider" />
</security:authentication-manager>

<bean id="entitlementsEnricher"
class="org.apache.cxf.fediz.service.idp.service.security.GrantedAuthorityEntitlements" />

@@ -28,7 +28,7 @@
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.3.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-4.3.xsd
">
@@ -27,7 +27,7 @@
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.3.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/security/spring-security.xsd
">

<context:property-placeholder location="classpath:realm.properties"/>
@@ -41,6 +41,11 @@
<!-- The user has no role during the login phase of WS-Federation -->
<security:global-method-security pre-post-annotations="enabled"/>

<!-- Remove the ROLE_ prefix -->
<bean id="grantedAuthorityDefaults" class="org.springframework.security.config.core.GrantedAuthorityDefaults">
<constructor-arg value="" />
</bean>

<security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager">
<security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
@@ -27,7 +27,7 @@
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.3.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/security/spring-security.xsd
">

<context:property-placeholder location="classpath:realm.properties"/>
@@ -41,6 +41,11 @@
<!-- The user has no role during the login phase of WS-Federation -->
<security:global-method-security pre-post-annotations="enabled"/>

<!-- Remove the ROLE_ prefix -->
<bean id="grantedAuthorityDefaults" class="org.springframework.security.config.core.GrantedAuthorityDefaults">
<constructor-arg value="" />
</bean>

<security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager">
<security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
@@ -27,7 +27,7 @@
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.3.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/security/spring-security.xsd
">

<context:property-placeholder location="classpath:realm.properties"/>
@@ -41,6 +41,11 @@
<!-- The user has no role during the login phase of WS-Federation -->
<security:global-method-security pre-post-annotations="enabled"/>

<!-- Remove the ROLE_ prefix -->
<bean id="grantedAuthorityDefaults" class="org.springframework.security.config.core.GrantedAuthorityDefaults">
<constructor-arg value="" />
</bean>

<security:http pattern="/services/rs/**" use-expressions="true" authentication-manager-ref="restAuthenticationManager">
<security:custom-filter after="CHANNEL_FILTER" ref="stsPortFilter" />
<security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />

0 comments on commit 79796b0

Please sign in to comment.