Permalink
Switch branches/tags
Find file
Fetching contributors…
Cannot retrieve contributors at this time
executable file 517 lines (443 sloc) 30.5 KB
<?xml version="1.0" encoding="UTF-8" ?>
<!--
Cloud Foundry
Copyright (c) [2009-2014] Pivotal Software, Inc. All Rights Reserved.
This product is licensed to you under the Apache License, Version 2.0 (the "License").
You may not use this product except in compliance with the License.
This product includes a number of subcomponents with
separate copyright notices and license terms. Your use of these
subcomponents is subject to the terms and conditions of the
subcomponent's license, as noted in the LICENSE file.
-->
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.3.xsd">
<bean id="urlCache" class="org.cloudfoundry.identity.uaa.cache.ExpiringUrlCache">
<constructor-arg name="expiringTimeMillis" value="600000"/>
<constructor-arg name="maxEntries" value="10000"/>
<constructor-arg name="ticker" ref="timeService"/>
</bean>
<bean id="uaaConfig" class="org.cloudfoundry.identity.uaa.impl.config.YamlConfigurationValidator">
<constructor-arg>
<bean class="org.cloudfoundry.identity.uaa.impl.config.UaaConfiguration.UaaConfigConstructor" />
</constructor-arg>
<property name="yaml" value="${environmentYamlKey}" />
</bean>
<bean id="identityZoneValidator" class="org.cloudfoundry.identity.uaa.zone.GeneralIdentityZoneValidator" />
<bean id="sessionCookieConfig" class="org.cloudfoundry.identity.uaa.web.UaaSessionCookieConfig">
<property name="comment" value="${servlet.session-cookie.comment:#{null}}"/>
<property name="domain" value="${servlet.session-cookie.domain:#{null}}"/>
<property name="httpOnly" value="${servlet.session-cookie.http-only:true}"/>
<property name="maxAge" value="${servlet.session-cookie.max-age:#{T(java.lang.Integer).MIN_VALUE}}"/>
<property name="name" value="${servlet.session-cookie.name:#{null}}"/>
<property name="path" value="${servlet.session-cookie.path:#{null}}"/>
<property name="secure" value="${servlet.session-cookie.secure:${require_https:false}}"/>
</bean>
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">
<property name="contentNegotiationManager" ref="contentNegotiationManager"/>
<property name="useSuffixPatternMatch" value="false"/>
<property name="order" value="1"/>
</bean>
<bean name="contentNegotiationManager" class="org.springframework.web.accept.ContentNegotiationManagerFactoryBean">
<property name="favorPathExtension" value="false"/>
<property name="favorParameter" value="true"/>
<property name="mediaTypes">
<value>
json=application/json
xml=application/xml
html=test/html
</value>
</property>
</bean>
<bean id="backwardsCompatibleScopeParameter" class="org.cloudfoundry.identity.uaa.web.BackwardsCompatibleScopeParsingFilter"/>
<bean id="disableIdTokenResponseFilter" class="org.cloudfoundry.identity.uaa.oauth.DisableIdTokenResponseTypeFilter">
<constructor-arg index="0" value="${oauth.id_token.disable:false}"/>
<constructor-arg index="1">
<list>
<value>/**/oauth/authorize</value>
<value>/oauth/authorize</value>
</list>
</constructor-arg>
</bean>
<import resource="classpath:spring/data-source.xml" />
<import resource="classpath:spring/env.xml" />
<import resource="spring/audit.xml" />
<sec:http name="secFilterOpen01" pattern="/resources/**" security="none" />
<sec:http name="secFilterOpen02" pattern="/square-logo.png" security="none" />
<sec:http name="secFilterOpen03" pattern="/info" security="none" />
<sec:http name="secFilterOpen04" pattern="/password/**" security="none" />
<sec:http name="secFilterOpen05Healthz" pattern="/healthz/**" security="none" />
<sec:http name="secFilterOpen06" pattern="/saml/web/**" security="none" />
<sec:http name="secFilterOpen07" pattern="/vendor/**" security="none" />
<!--<sec:http pattern="/login" security="none" />-->
<sec:http name="secFilterOpen08" pattern="/error" security="none" />
<sec:http name="secFilterOpen11" pattern="/email_sent" security="none" />
<sec:http name="secFilterOpen12" pattern="/create_account*" security="none" />
<sec:http name="secFilterOpen13" pattern="/accounts/email_sent" security="none" />
<sec:http name="secFilterCsrfLandingPage14" pattern="/invalid_request" security="none" />
<sec:http name="secFilterOpen15" pattern="/saml_error" security="none" />
<sec:http name="secFilterOpen16" pattern="/favicon.ico" security="none" />
<sec:http name="secFilterOpen17" pattern="/oauth_error" security="none" />
<sec:http name="secFilterOpen18" pattern="/session" security="none" />
<bean id="oauth2TokenParseFilter" class="java.lang.Class" factory-method="forName">
<constructor-arg value="org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter"/>
</bean>
<bean id="utf8ConversionFilter" class="org.cloudfoundry.identity.uaa.authentication.UTF8ConversionFilter"/>
<bean id="corsFilter" class="org.cloudfoundry.identity.uaa.security.web.CorsFilter">
<property name="corsAllowedUris"
value="#{@config['cors']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['default']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['default']['allowed']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['default']['allowed']['uris']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['default']['allowed']['uris']}"/>
<property name="corsAllowedOrigins"
value="#{@config['cors']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['default']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['default']['allowed']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['default']['allowed']['origins']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['default']['allowed']['origins']}"/>
<property name="corsAllowedHeaders"
value="#{@config['cors']==null ? T(java.util.Arrays).asList('Accept','Authorization','Content-Type','Accept-Language','Content-Language') :
@config['cors']['default']==null ? T(java.util.Arrays).asList('Accept','Authorization','Content-Type','Accept-Language','Content-Language') :
@config['cors']['default']['allowed']==null ? T(java.util.Arrays).asList('Accept','Authorization','Content-Type','Accept-Language','Content-Language') :
@config['cors']['default']['allowed']['headers']==null ? T(java.util.Arrays).asList('Accept','Authorization','Content-Type','Accept-Language','Content-Language') :
@config['cors']['default']['allowed']['headers']}"/>
<property name="corsAllowedMethods"
value="#{@config['cors']==null ? T(java.util.Arrays).asList('GET','POST','PUT','OPTIONS','DELETE','PATCH') :
@config['cors']['default']==null ? T(java.util.Arrays).asList('GET','POST','PUT','OPTIONS','DELETE','PATCH') :
@config['cors']['default']['allowed']==null ? T(java.util.Arrays).asList('GET','POST','PUT','OPTIONS','DELETE','PATCH') :
@config['cors']['default']['allowed']['methods']==null ? T(java.util.Arrays).asList('GET','POST','PUT','OPTIONS','DELETE','PATCH') :
@config['cors']['default']['allowed']['methods']}"/>
<property name="corsAllowedCredentials"
value="#{@config['cors']==null ? false :
@config['cors']['default']==null ? false :
@config['cors']['default']['allowed']==null ? false :
@config['cors']['default']['allowed']['credentials']==null ? false :
@config['cors']['default']['allowed']['credentials']}"/>
<property name="corsMaxAge"
value="#{@config['cors']==null ? 1728000 :
@config['cors']['default']==null ? 1728000 :
@config['cors']['default']['max_age']==null ? 1728000 :
@config['cors']['default']['max_age']}"/>
<property name="corsXhrAllowedUris"
value="#{@config['cors']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['xhr']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['xhr']['allowed']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['xhr']['allowed']['uris']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['xhr']['allowed']['uris']}"/>
<property name="corsXhrAllowedOrigins"
value="#{@config['cors']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['xhr']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['xhr']['allowed']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['xhr']['allowed']['origins']==null ? T(java.util.Arrays).asList('.*') :
@config['cors']['xhr']['allowed']['origins']}"/>
<property name="corsXhrAllowedHeaders"
value="#{@config['cors']==null ? T(java.util.Arrays).asList('Accept','Authorization','Content-Type','Accept-Language','Content-Language', 'X-Requested-With') :
@config['cors']['xhr']==null ? T(java.util.Arrays).asList('Accept','Authorization','Content-Type','Accept-Language','Content-Language', 'X-Requested-With') :
@config['cors']['xhr']['allowed']==null ? T(java.util.Arrays).asList('Accept','Authorization','Content-Type','Accept-Language','Content-Language', 'X-Requested-With') :
@config['cors']['xhr']['allowed']['headers']==null ? T(java.util.Arrays).asList('Accept','Authorization','Content-Type','Accept-Language','Content-Language', 'X-Requested-With') :
@config['cors']['xhr']['allowed']['headers']}"/>
<property name="corsXhrAllowedMethods"
value="#{@config['cors']==null ? T(java.util.Arrays).asList('GET','OPTIONS') :
@config['cors']['xhr']==null ? T(java.util.Arrays).asList('GET','OPTIONS') :
@config['cors']['xhr']['allowed']==null ? T(java.util.Arrays).asList('GET','OPTIONS') :
@config['cors']['xhr']['allowed']['methods']==null ? T(java.util.Arrays).asList('GET','OPTIONS') :
@config['cors']['xhr']['allowed']['methods']}"/>
<property name="corsXhrAllowedCredentials"
value="#{@config['cors']==null ? true :
@config['cors']['xhr']==null ? true :
@config['cors']['xhr']['allowed']==null ? true :
@config['cors']['xhr']['allowed']['credentials']==null ? true :
@config['cors']['xhr']['allowed']['credentials']}"/>
<property name="corsXhrMaxAge"
value="#{@config['cors']==null ? 1728000 :
@config['cors']['xhr']==null ? 1728000 :
@config['cors']['xhr']['max_age']==null ? 1728000 :
@config['cors']['xhr']['max_age']}"/>
</bean>
<bean id="allowQueryStringForTokens" class="java.lang.Boolean">
<constructor-arg value="${jwt.token.queryString.enabled:true}"/>
</bean>
<bean id="sessionFixationProtectionStrategy"
class="org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy" />
<bean class="org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor">
<property name="requireHttps" value="${require_https:false}" />
<property name="dumpRequests" value="${dump_requests:false}" />
<property name="redirectToHttps">
<list>
<value>uiSecurity</value>
</list>
</property>
<property name="ignore">
<list>
<value>secFilterOpen05Healthz</value>
</list>
</property>
<property name="errorMap">
<map>
<entry key="org.springframework.dao.NonTransientDataAccessException">
<bean class="org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor$ReasonPhrase">
<constructor-arg index="0" value="503"/>
<constructor-arg index="1" value="Database unavailable. Retry later."/>
</bean>
</entry>
</map>
</property>
<property name="additionalFilters">
<map>
<entry value-ref="headerFilter"
key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).position(0)}" />
<entry value-ref="utf8ConversionFilter"
key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).position(1)}" />
<entry value-ref="corsFilter"
key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).position(2)}" />
<entry value-ref="identityZoneResolvingFilter"
key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).position(3)}"/>
<!-- Add in a flag that removes id_token from /oauth/authorize requests-->
<entry value-ref="disableIdTokenResponseFilter"
key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).position(4)}"/>
<!-- Zone switcher goes *after* class OAuth2AuthenticationProcessingFilter as it requires a token to be present to work -->
<entry value-ref="identityZoneSwitchingFilter"
key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).after(@oauth2TokenParseFilter)}"/>
<entry value-ref="userManagementSecurityFilter"
key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).after(T(org.cloudfoundry.identity.uaa.zone.IdentityZoneSwitchingFilter))}"/>
<entry value-ref="userManagementFilter"
key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).after(T(org.cloudfoundry.identity.uaa.scim.DisableUserManagementSecurityFilter))}"/>
<entry value-ref="sessionResetFilter" key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).position(102)}"/>
</map>
</property>
</bean>
<util:list id="defaultFilteredHeaders" value-type="java.lang.String">
<value>X-Forwarded-For</value>
<value>X-Forwarded-Host</value>
<value>X-Forwarded-Proto</value>
<value>X-Forwarded-Prefix</value>
<value>Forwarded</value>
</util:list>
<bean id="headerFilter" class="org.cloudfoundry.identity.uaa.web.HeaderFilter">
<constructor-arg value="#{@config['servlet']==null ? @defaultFilteredHeaders : @config['servlet']['filtered-headers'] == null ? @defaultFilteredHeaders : @config['servlet']['filtered-headers']}"/>
</bean>
<bean id="userManagementSecurityFilter" class="org.cloudfoundry.identity.uaa.scim.DisableUserManagementSecurityFilter">
<constructor-arg ref="identityProviderProvisioning"/>
</bean>
<bean id="userManagementFilter" class="org.cloudfoundry.identity.uaa.scim.DisableInternalUserManagementFilter">
<constructor-arg ref="identityProviderProvisioning"/>
</bean>
<bean id="identityZoneResolvingFilter" class="org.cloudfoundry.identity.uaa.zone.IdentityZoneResolvingFilter">
<property name="identityZoneProvisioning" ref="identityZoneProvisioning"/>
<property name="defaultInternalHostnames">
<set>
<value>#{T(org.cloudfoundry.identity.uaa.util.UaaUrlUtils).getHostForURI(@uaaUrl)}</value>
<value>#{T(org.cloudfoundry.identity.uaa.util.UaaUrlUtils).getHostForURI(@loginUrl)}</value>
<value>localhost</value>
</set>
</property>
<property name="additionalInternalHostnames" value="#{@config['zones']==null ? null : @config['zones']['internal']==null ? null : @config['zones']['internal']['hostnames']}"/>
</bean>
<bean id="sessionResetFilter" class="org.cloudfoundry.identity.uaa.authentication.SessionResetFilter">
<constructor-arg>
<bean class="org.springframework.security.web.DefaultRedirectStrategy"/>
</constructor-arg>
<constructor-arg value="/login"/>
<constructor-arg ref="userDatabase"/>
</bean>
<bean id="identityZoneSwitchingFilter" class="org.cloudfoundry.identity.uaa.zone.IdentityZoneSwitchingFilter"/>
<bean id="uaaUrl" class="java.lang.String">
<constructor-arg value="${uaa.url:http://localhost:8080/uaa}"/>
</bean>
<bean id="loginUrl" class="java.lang.String">
<constructor-arg value="${login.url:http://localhost:8080/uaa}"/>
</bean>
<bean id="scimUserQueryConverter" class="org.cloudfoundry.identity.uaa.scim.jdbc.ScimSearchQueryConverter">
<property name="attributeNameMapper">
<bean class="org.cloudfoundry.identity.uaa.resources.SimpleAttributeNameMapper">
<constructor-arg name="paramsMap">
<map key-type="java.lang.String" value-type="java.lang.String">
<entry key="emails\.value" value="email" />
<entry key="groups\.display" value="authorities" />
<entry key="phoneNumbers\.value" value="phoneNumber" />
</map>
</constructor-arg>
</bean>
</property>
<property name="dbCaseInsensitive" ref="useCaseInsensitiveQueries"/>
</bean>
<import resource="spring/oauth-clients.xml" />
<!-- The order of these imports is important because of Spring Security filter chain rules -->
<import resource="spring/login-server-security.xml" />
<import resource="spring/oauth-endpoints.xml" />
<import resource="spring/scim-endpoints.xml" />
<import resource="spring/multitenant-endpoints.xml" />
<import resource="spring/approvals-endpoints.xml" />
<import resource="spring/client-admin-endpoints.xml" />
<import resource="spring/resource-endpoints.xml" />
<import resource="spring/openid-endpoints.xml" />
<import resource="spring/password-endpoints.xml" />
<import resource="spring/codestore-endpoints.xml" />
<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basenames">
<list>
<value>#{systemEnvironment['CLOUD_FOUNDRY_CONFIG_PATH']!=null ? 'file:'+systemEnvironment['CLOUD_FOUNDRY_CONFIG_PATH']+'/messages':'classpath:messages'}</value>
<value>classpath:messages</value>
</list>
</property>
</bean>
<authentication-manager id="emptyAuthenticationManager" xmlns="http://www.springframework.org/schema/security" />
<bean id="authenticationDetailsSource" class="org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetailsSource" />
<bean id="basicAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="UAA/client" />
<property name="typeName" value="Basic" />
<property name="exceptionTranslator" ref="accountNotVerifiedExceptionTranslator" />
</bean>
<bean id="accountNotVerifiedExceptionTranslator" class="org.cloudfoundry.identity.uaa.authentication.UaaExceptionTranslator"/>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<constructor-arg>
<list>
<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter">
<property name="scopePrefix" value="scope=" />
</bean>
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</constructor-arg>
</bean>
<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="UAA/oauth" />
</bean>
<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
<import resource="classpath:spring/login-ui.xml"/>
<import resource="spring/saml-idp.xml"/>
<import resource="spring/saml-providers.xml"/>
<!-- Deny-all "buffer" which a request will hit if it isn't matched by any of the other filter chains -->
<!--<sec:http name="denyAll" use-expressions="true" create-session="stateless" entry-point-ref="http403EntryPoint"-->
<!--authentication-manager-ref="emptyAuthenticationManager">-->
<!--<sec:intercept-url pattern="/**" access="denyAll" />-->
<!--</sec:http>-->
<bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
<bean id="bcryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
<bean id="cachingPasswordEncoder" class="org.cloudfoundry.identity.uaa.util.CachingPasswordEncoder">
<property name="passwordEncoder" ref="bcryptPasswordEncoder"/>
<property name="maxKeys" value="1000"/>
<property name="maxEncodedPasswords" value="5"/>
<property name="enabled" value="${oauth.client.encoder_cache:true}"/>
<property name="expiryInSeconds" value="${oauth.client.encoder_expiry:300}"/>
</bean>
<bean id="uaaIdentityZone" class="org.cloudfoundry.identity.uaa.zone.IdentityZone" factory-method="getUaa"/>
<bean id="oauthWebExpressionHandler"
class="org.cloudfoundry.identity.uaa.security.ContextSensitiveOAuth2WebSecurityExpressionHandler">
<property name="identityZone" ref="uaaIdentityZone"/>
</bean>
<mvc:default-servlet-handler />
<util:list id="prompts">
<bean class="org.cloudfoundry.identity.uaa.login.Prompt">
<constructor-arg name="name" value="username" />
<constructor-arg name="text" value="${login.prompt.username.text:Email}" />
<constructor-arg name="type" value="text" />
</bean>
<bean class="org.cloudfoundry.identity.uaa.login.Prompt">
<constructor-arg name="name" value="password" />
<constructor-arg name="text" value="${login.prompt.password.text:Password}" />
<constructor-arg name="type" value="password" />
</bean>
<bean class="org.cloudfoundry.identity.uaa.login.Prompt">
<constructor-arg name="name" value="passcode" />
<constructor-arg name="text"
value="One Time Code ( Get one at ${login.entityBaseURL:http://localhost:8080/uaa}/passcode )" />
<constructor-arg name="type" value="password" />
</bean>
</util:list>
<bean id="restTemplateFactory" class="org.cloudfoundry.identity.uaa.util.RestTemplateFactory"/>
<bean id="xoauthProviderConfigurator" class="org.cloudfoundry.identity.uaa.provider.oauth.XOAuthProviderConfigurator">
<constructor-arg name="providerProvisioning" ref="identityProviderProvisioning"/>
<constructor-arg name="contentCache" ref="urlCache"/>
<constructor-arg name="restTemplateFactory" ref="restTemplateFactory"/>
</bean>
<bean id="globalLinks" class="org.cloudfoundry.identity.uaa.zone.Links">
<property name="selfService">
<bean class="org.cloudfoundry.identity.uaa.zone.Links$SelfService">
<property name="passwd" value="${links.global.passwd:#{null}}"/>
<property name="signup" value="${links.global.signup:#{null}}"/>
</bean>
</property>
<property name="homeRedirect" value="${links.global.homeRedirect:#{null}}"/>
</bean>
<!--Basic application beans. -->
<bean id="loginInfoEndpoint" class="org.cloudfoundry.identity.uaa.login.LoginInfoEndpoint">
<property name="authenticationManager" ref="zoneAwareAuthzAuthenticationManager"/>
<property name="uaaBaseUrl" ref="uaaUrl" />
<property name="entityID" ref="samlEntityID"/>
<property name="idpDefinitions" ref="metaDataProviders"/>
<property name="clientDetailsService" ref="jdbcClientDetailsService"/>
<property name="expiringCodeStore" ref="codeStore"/>
<property name="externalLoginUrl" value="${login.url:''}"/>
<property name="providerProvisioning" ref="identityProviderProvisioning"/>
<property name="xoAuthProviderConfigurator" ref="xoauthProviderConfigurator"/>
<property name="globalLinks" ref="globalLinks"/>
</bean>
<bean id="healthzEndpoint" class="org.cloudfoundry.identity.uaa.health.HealthzEndpoint" />
<context:annotation-config />
<bean id="idpBootstrap" class="org.cloudfoundry.identity.uaa.impl.config.IdentityProviderBootstrap">
<constructor-arg ref="identityProviderProvisioning"/>
<constructor-arg ref="environment"/>
<property name="defaultPasswordPolicy" ref="defaultUaaPasswordPolicy"/>
<property name="defaultLockoutPolicy" ref="userLockoutPolicy"/>
<property name="disableInternalUserManagement" value="#{@config['disableInternalUserManagement'] == null ? false : @config['disableInternalUserManagement']}"/>
<property name="ldapConfig" value="#{@config['ldap']}"/>
<property name="keystoneConfig" value="#{@config['keystone']}"/>
<property name="samlProviders" ref="bootstrapMetaDataProviders"/>
<property name="oauthIdpDefinitions" ref="oauthIdpDefinitions"/>
</bean>
<bean id="oauthIdpConfigurator" class="org.cloudfoundry.identity.uaa.provider.oauth.OauthIdentityProviderDefinitionFactoryBean">
<constructor-arg name="definitions"
value="#{@config['login']==null ? null :
@config['login']['oauth']==null ? null :
@config['login']['oauth']['providers']}"/>
</bean>
<bean id="oauthIdpDefinitions" factory-bean="oauthIdpConfigurator" factory-method="getOauthIdpDefinitions" />
<bean id="identityZoneConfigurationBootstrap" class="org.cloudfoundry.identity.uaa.impl.config.IdentityZoneConfigurationBootstrap">
<constructor-arg name="provisioning" ref="identityZoneProvisioning"/>
<property name="tokenPolicy" ref="uaaTokenPolicy"/>
<property name="selfServiceLinksEnabled" value="${login.selfServiceLinksEnabled:true}"/>
<property name="selfServiceLinks" ref="links" />
<property name="homeRedirect" value="${links.homeRedirect:${login.homeRedirect:#{null}}}"/>
<property name="idpDiscoveryEnabled" value="${login.idpDiscoveryEnabled:false}" />
<property name="accountChooserEnabled" value="${login.accountChooserEnabled:false}" />
<property name="logoutRedirectWhitelist"
value="#{@config['logout']==null ? null :
@config['logout']['redirect']==null ? null :
@config['logout']['redirect']['parameter']==null ? null :
@config['logout']['redirect']['parameter']['whitelist']}"/>
<property name="logoutRedirectParameterName" value="redirect" />
<property name="logoutDefaultRedirectUrl" value="${logout.redirect.url:/login}" />
<property name="logoutDisableRedirectParameter" value="${logout.redirect.parameter.disable:false}"/>
<property name="prompts" ref="prompts"/>
<property name="branding" value="#{@config['login']['branding']}" />
<property name="samlSpPrivateKey" value="${login.serviceProviderKey}" />
<property name="samlSpPrivateKeyPassphrase" value="${login.serviceProviderKeyPassword}" />
<property name="samlSpCertificate" value="${login.serviceProviderCertificate}" />
<property name="activeKeyId" value="${login.saml.activeKeyId:#{null}}"/>
<property name="samlKeys"
value="#{@config['login']==null ? null :
@config['login']['saml']==null ? null :
@config['login']['saml']['keys']}"/>
</bean>
<bean id="ldapLoginAuthenticationMgr" class="org.cloudfoundry.identity.uaa.authentication.manager.LdapLoginAuthenticationManager">
<constructor-arg index="0" ref="identityProviderProvisioning"/>
<property name="userDatabase" ref="userDatabase" />
<property name="origin" value="ldap"/>
</bean>
<bean class="org.cloudfoundry.identity.uaa.authentication.listener.UserAuthenticationSuccessListener">
<constructor-arg name="scimUserProvisioning" ref="scimUserProvisioning" />
</bean>
<bean id="autologinAuthenticationManager" class="org.cloudfoundry.identity.uaa.authentication.manager.AutologinAuthenticationManager">
<property name="expiringCodeStore" ref="codeStore" />
<property name="clientDetailsService" ref="jdbcClientDetailsService"/>
<property name="userDatabase" ref="userDatabase"/>
</bean>
</beans>