apereo · wgthom · Dec 29, 2011 · Dec 30, 2011 · Mar 9, 2012 · Mar 12, 2012
diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/cas-servlet.xml b/cas-server-webapp/src/main/webapp/WEB-INF/cas-servlet.xml
@@ -10,7 +10,7 @@
 
 	<!-- Theme Resolver -->
 	<bean id="themeResolver" class="org.jasig.cas.services.web.ServiceThemeResolver"
-		p:defaultThemeName="${cas.themeResolver.defaultThemeName}"
+		p:defaultThemeName="${cas.themeResolver.defaultThemeName:cas-theme-default}"
         p:argumentExtractors-ref="argumentExtractors"
         p:servicesManager-ref="servicesManager">
         <property name="mobileBrowsers">
@@ -28,7 +28,7 @@
 		p:order="0">
 		<property name="basenames">
 			<list>
-				<value>${cas.viewResolver.basename}</value>
+				<value>${cas.viewResolver.basename:default_views}</value>
 				<value>protocol_views</value>
 			</list>
 		</property>
@@ -123,7 +123,7 @@
 	<bean
 		id="openIdProviderController"
 		class="org.jasig.cas.web.OpenIdProviderController"
-		p:loginUrl="${cas.securityContext.casProcessingFilterEntryPoint.loginUrl}" />
+		p:loginUrl="${cas.url}/login" />
 
 	<bean
 		id="serviceLogoutViewController"
@@ -253,7 +253,7 @@
 
 	<bean id="manageRegisteredServicesMultiActionController" class="org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController">
 		<constructor-arg index="0" ref="servicesManager" />
-        <constructor-arg index="1" value="${cas.securityContext.serviceProperties.service}" />
+        <constructor-arg index="1" value="${cas.url}/services/j_acegi_cas_security_check" />
 	</bean>
 
     <bean id="messageInterpolator" class="org.jasig.cas.util.SpringAwareMessageMessageInterpolator" />

diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/cas.properties b/cas-server-webapp/src/main/webapp/WEB-INF/cas.properties
@@ -1,17 +1,54 @@
-server.prefix=http://localhost:8080/cas
-
-cas.securityContext.serviceProperties.service=${server.prefix}/services/j_acegi_cas_security_check
-# Names of roles allowed to access the CAS service manager
-cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN
-cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login
-cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix}
-
-
-cas.themeResolver.defaultThemeName=cas-theme-default
-cas.viewResolver.basename=default_views
-
-host.name=cas
-
-#database.hibernate.dialect=org.hibernate.dialect.OracleDialect
-#database.hibernate.dialect=org.hibernate.dialect.MySQLDialect
-database.hibernate.dialect=org.hibernate.dialect.HSQLDialect
+##
+# Unique CAS node name
+# cas.node.name is used to generate unique Ticket IDs and SAMLArtifacts.  This is usually set to the specific hostname
+# of the machine running the node, but it could be any label as long as it is unique in the cluster.
+cas.node.name=cas01.example.org
+
+##
+# Services Manager Security
+# cas.url used to configure security for Services Manager.
+cas.url=https://cas.example.org/cas
+#cas.securityContext.serviceProperties.service=${cas.url}/services/j_acegi_cas_security_check
+#cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${cas.url}/login
+#cas.securityContext.ticketValidator.casServerUrlPrefix=${cas.url}
+# Names of roles allowed to access the CAS Services Manager
+cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN
+
+
+#cas.themeResolver.defaultThemeName=cas-theme-default
+#cas.viewResolver.basename=default_views
+
+
+
+##
+# Single Sign On Session Timeouts
+# Defaults sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml
+#
+# Maximum session timeout - TGT will expire in maxTimeToLiveInSeconds regardless of usage
+# tgt.maxTimeToLiveInSeconds=28800
+#
+# Idle session timeout -  TGT will expire sooner than maxTimeToLiveInSeconds if no further requests
+# for STs occur within timeToKillInSeconds
+# tgt.timeToKillInSeconds=7200
+
+
+##
+# Single Logout Out Callbacks
+# Default sourced from WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml
+#
+# To turn off all back channel SLO requests set slo.disabled to true
+# slo.disabled=false
+
+
+## Log4j
+#
+# Default sourced from WEB-INF/spring-configuration/log4jConfiguration.xml:
+# log4j.config.location=classpath:log4j.xml
+# log4j.refresh.interval=60000
+#
+# The default log4j.xml file can be found in WEB-INF/classes/log4j.xml.  However, it is most often helpful
+# to externalize this file by setting an absolute path for the log4j.config.location property in this file,
+# for example:
+#  log4j.config.location=/etc/cas/log4j.xml
+#  log4j.config.location=C:/cas/log4j.xml
+
diff --git a/...r-webapp/src/main/webapp/WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml b/...r-webapp/src/main/webapp/WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml
@@ -12,10 +12,12 @@
  	<bean
  		id="casArgumentExtractor"
  		class="org.jasig.cas.web.support.CasArgumentExtractor"
-         p:httpClient-ref="httpClient" />
+         p:httpClient-ref="httpClient"
+         p:disableSingleSignOut="${slo.disabled:false}" />
 
  	<bean id="samlArgumentExtractor" class="org.jasig.cas.web.support.SamlArgumentExtractor"
-             p:httpClient-ref="httpClient" />
+             p:httpClient-ref="httpClient"
+             p:disableSingleSignOut="${slo.disabled:false}" />
 
  	<util:list id="argumentExtractors">
 		<ref bean="casArgumentExtractor" />

diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/log4jConfiguration.xml b/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/log4jConfiguration.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:p="http://www.springframework.org/schema/p"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
+
+    <description>
+        Log4J initialization.  Configuration options are sourced from cas.properties.  This allows deployers to externalize
+        both cas.properties and log4j.xml, so that a single cas.war file can be deployed to multiple tiers or hosts without
+        having to do any post configuration.  This approach also helps to preserve configuration between upgrades.
+
+        Deployers should not have to edit this file.
+    </description>
+
+     <bean id="log4jInitialization" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
+         <property name="targetClass" value="org.springframework.util.Log4jConfigurer"/>
+         <property name="targetMethod" value="initLogging"/>
+         <property name="arguments">
+             <list>
+                 <value>${log4j.config.location:classpath:log4j.xml}</value>
+                 <value>${log4j.refresh.interval:60000}</value>
+             </list>
+         </property>
+    </bean>
+
+</beans>
diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/securityContext.xml b/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/securityContext.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
+git <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:p="http://www.springframework.org/schema/p"
        xmlns:sec="http://www.springframework.org/schema/security"
@@ -23,7 +23,7 @@
     </sec:authentication-manager>
 
 	<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"
-		p:service="${cas.securityContext.serviceProperties.service}"
+		p:service="${cas.url}/services/j_acegi_cas_security_check"
 		p:sendRenew="false" />
 
 	<bean id="casProcessingFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"
@@ -42,7 +42,7 @@
 	</bean>
 
 	<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
-		p:loginUrl="${cas.securityContext.casProcessingFilterEntryPoint.loginUrl}"
+		p:loginUrl="${cas.url}/login"
 		p:serviceProperties-ref="serviceProperties" />
 
 	<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
@@ -51,7 +51,7 @@
 		p:userDetailsService-ref="userDetailsService">
 	    <property name="ticketValidator">
 	      <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
-	        <constructor-arg index="0" value="${cas.securityContext.ticketValidator.casServerUrlPrefix}" />
+	        <constructor-arg index="0" value="${cas.url}" />
 	        </bean>
 	    </property>
 	</bean>

diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketExpirationPolicies.xml b/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketExpirationPolicies.xml
@@ -22,6 +22,6 @@
     <!-- TicketGrantingTicketExpirationPolicy: Default as of 3.5 -->
     <!-- Provides both idle and hard timeouts, for instance 2 hour sliding window with an 8 hour max lifetime -->
     <bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy"
-          p:maxTimeToLiveInSeconds="28800"
-          p:timeToKillInSeconds="7200"/>
+          p:maxTimeToLiveInSeconds="${tgt.maxTimeToLiveInSeconds:28800}"
+          p:timeToKillInSeconds="${tgt.timeToKillInSeconds:7200}"/>
 </beans>
diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/uniqueIdGenerators.xml b/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/uniqueIdGenerators.xml
@@ -48,7 +48,7 @@
 </bean>
 
 	<bean id="samlServiceTicketUniqueIdGenerator" class="org.jasig.cas.util.SamlCompliantUniqueTicketIdGenerator">
-		<constructor-arg index="0" value="https://localhost:8443" />
+		<constructor-arg index="0" value="${host.name}" />
 	</bean>
 
 	<util:map id="uniqueIdGeneratorsMap">

diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/web.xml b/cas-server-webapp/src/main/webapp/WEB-INF/web.xml
@@ -14,29 +14,6 @@
 	</context-param>
 
 
-	<!--
-		- Location of the Log4J config file, for initialization and refresh checks.
-		- Applied by Log4jConfigListener.
-	-->
-	<context-param>
-		<param-name>log4jConfigLocation</param-name>
-		<param-value>classpath:log4j.xml</param-value>
-	</context-param>
-
-	<context-param>
-		<param-name>log4jExposeWebAppRoot</param-name>
-		<param-value>false</param-value>
-	</context-param>
-
-<!--
-    Specify that the log4j configuration should be reloaded periodically
-    to pick up changes
-  -->
-  <context-param>
-    <param-name>log4jRefreshInterval</param-name>
-    <param-value>60000</param-value>
-  </context-param>
-
 	<filter>
 		<filter-name>CAS Client Info Logging Filter</filter-name>
 		<filter-class>com.github.inspektr.common.web.ClientInfoThreadLocalFilter</filter-class>
@@ -67,25 +44,6 @@
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
 
-	<!--
-		- Configures Log4J for this web app.
-		- As this context specifies a context-param "log4jConfigLocation", its file path
-		- is used to load the Log4J configuration, including periodic refresh checks.
-		-
-		- Would fall back to default Log4J initialization (non-refreshing) if no special
-		- context-params are given.
-		-
-		- Exports a "web app root key", i.e. a system property that specifies the root
-		- directory of this web app, for usage in log file paths.
-		- This web app specifies "cas.root" (see log4j.properties file).
-	-->
-	<!-- Leave the listener commented-out if using JBoss -->
-	<listener>
-		<listener-class>
-			org.springframework.web.util.Log4jConfigListener
-		</listener-class>
-	</listener>
-
 	<!--
 		- Loads the CAS ApplicationContext.  
 		- The deployer choice here is how to handle Throwables thrown by Spring's