dromara
/
MaxKey
oglindă de https://gitee.com/dromara/MaxKey.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267
							<?xml version="1.0" encoding="UTF-8" ?>
<beans 	xmlns="http://www.springframework.org/schema/beans"
		xmlns:context="http://www.springframework.org/schema/context"
		xmlns:mvc="http://www.springframework.org/schema/mvc"
		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		xmlns:p="http://www.springframework.org/schema/p"
		xmlns:util="http://www.springframework.org/schema/util"
		xsi:schemaLocation="
	        http://www.springframework.org/schema/beans 
			http://www.springframework.org/schema/beans/spring-beans.xsd
			http://www.springframework.org/schema/context 
			http://www.springframework.org/schema/context/spring-context.xsd
	        http://www.springframework.org/schema/util     
	        http://www.springframework.org/schema/util/spring-util.xsd
	        http://www.springframework.org/schema/mvc 
			http://www.springframework.org/schema/mvc/spring-mvc.xsd">
			
	<!-- enable autowire -->
    <context:annotation-config />
    <!-- language select must remove -->
	<mvc:annotation-driven />
  
	 <!-- 
	 * Self-issued Provider Metadata
	 *
	 * http://openid.net/specs/openid-connect-core-1_0.html#SelfIssued 
	 * -->
	<bean id="oidcProviderMetadata" class="org.maxkey.config.oidc.OIDCProviderMetadataDetails">
		<property name="issuer" value="${config.oidc.metadata.issuer}" />
		<property name="authorizationEndpoint" value="${config.oidc.metadata.authorizationEndpoint}" />
		<property name="tokenEndpoint" value="${config.oidc.metadata.tokenEndpoint}" />
		<property name="userinfoEndpoint" value="${config.oidc.metadata.userinfoEndpoint}" />
	</bean>
	
	<bean id="jwkSetKeyStore" class="org.maxkey.crypto.jose.keystore.JWKSetKeyStore">
		<property name="location" value="classpath:config/keystore.jwks" />
	</bean>
	
	<bean id="jwtSignerValidationService" class="org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService">
		<constructor-arg name="keyStore" ref="jwkSetKeyStore" />
		<property name="defaultSignerKeyId" value="connsec_rsa" />
 		<property name="defaultSigningAlgorithmName" value="RS256" />
	</bean>

	<bean id="jwtEncryptionService" class="org.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService">
		<constructor-arg name="keyStore" ref="jwkSetKeyStore" />
		<property name="defaultAlgorithm" value="RSA1_5" />
		<property name="defaultDecryptionKeyId" value="connsec_rsa" />
		<property name="defaultEncryptionKeyId" value="connsec_rsa" />
	</bean>

	<bean id="jwtLoginService" class="org.maxkey.authn.support.jwt.JwtLoginService">
		<property name="jwtSignerValidationService" ref="jwtSignerValidationService" />
 		<property name="jwtProviderMetadata"  ref="oidcProviderMetadata" />
	</bean>
		
	<!-- web Controller InterceptorAdapter  -->
	<mvc:interceptors>
		<!-- web Controller InterceptorAdapter for platform permission  -->
		<mvc:interceptor>
			<!-- for index -->
			<mvc:mapping path="/index/*" />
			<!-- for System -->
			<mvc:mapping path="/menus/*" />
			<mvc:mapping path="/roles/*" />
			<mvc:mapping path="/logs/*" />
			<mvc:mapping path="/userinfo/*" />
			<mvc:mapping path="/relyingparty/*" />
			<mvc:mapping path="/sysconfig/*" />
			
			<mvc:mapping path="/roles/*"/>
			<mvc:mapping path="/applications/*"/>
			<mvc:mapping path="/approles/*"/>
			
			<mvc:mapping path="/users/*" />
			<mvc:mapping path="/enterprises/*" />
			<mvc:mapping path="/employees/*" />
			<mvc:mapping path="/authInfo/*" />
			<mvc:mapping path="/usercenter/*"/>
			<bean class="org.maxkey.web.interceptor.PermissionAdapter" />
		</mvc:interceptor>	
		<!-- web Controller InterceptorAdapter for platform log  -->
		<mvc:interceptor>
			<mvc:mapping path="/users/*" /> 
			<mvc:mapping path="/userinfo/*" />
			<mvc:mapping path="/enterprises/*" />
			<mvc:mapping path="/employees/*" />
			<mvc:mapping path="/authInfo/*" />
			<mvc:mapping path="/usercenter/*"/>
			<mvc:mapping path="/retrievePassword/*"/>
			<mvc:mapping path="/roles/*"/>
			<mvc:mapping path="/applications/*"/>
			<mvc:mapping path="/approles/*"/>
			<bean class="org.maxkey.web.interceptor.LogAdapter" />
		</mvc:interceptor>
		
		 <ref bean="localeChangeInterceptor" />
	</mvc:interceptors>
     
     	<bean id="remeberMeService" class="org.maxkey.authn.support.rememberme.JdbcRemeberMeService">
		<constructor-arg ref="jdbcTemplate"/>
		<property name="validity" value="${config.login.remeberme.validity}"/>
	</bean>
	
	<bean id="timeBasedKeyUriFormat" class="org.maxkey.crypto.password.opt.algorithm.KeyUriFormat">
		<property name="type" value="totp" />
		<property name="digits" value="6" />
		<property name="issuer" value="ConnSec" />
		<property name="domain" value="connsec.com" />
		<property name="period" value="30" />
		
	</bean>
	
	<bean id="counterBasedKeyUriFormat" class="org.maxkey.crypto.password.opt.algorithm.KeyUriFormat">
		<property name="type" value="hotp" />
		<property name="digits" value="6" />
		<property name="issuer" value="maxkey" />
		<property name="domain" value="maxkey.org" />
		<property name="counter" value="0" />
	</bean>
	
	<bean id="hotpKeyUriFormat" class="org.maxkey.crypto.password.opt.algorithm.KeyUriFormat">
		<property name="type" value="hotp" />
		<property name="digits" value="6" />
		<property name="issuer" value="maxkey" />
		<property name="domain" value="maxkey.org" />
		<property name="counter" value="0" />
	</bean>
	
	
	<bean id="tfaOTPAuthn" class="org.maxkey.crypto.password.opt.impl.TimeBasedOTPAuthn">
		<constructor-arg ref="jdbcTemplate" /> 
	</bean>
	
	<!-- Authentication Password Encoder Config -->
	<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></bean>   
	
	<bean id="passwordReciprocal" class="org.maxkey.crypto.password.PasswordReciprocal"></bean>
	
	<!-- Captcha Producer  Config -->
	<bean id="captchaProducer" class="com.google.code.kaptcha.impl.DefaultKaptcha">
        <property name="config">
                <bean class="com.google.code.kaptcha.util.Config">
                        <constructor-arg type="java.util.Properties">
                                <props>
                                        <prop key="kaptcha.image.width">70</prop> 
                                        <prop key="kaptcha.image.height">25</prop>
                                        <prop key="kaptcha.border">no</prop>
                                        <prop key="kaptcha.obscurificator.impl">com.google.code.kaptcha.impl.ShadowGimpy</prop>
                                        <prop key="kaptcha.textproducer.font.size">23</prop>
                                        <prop key="kaptcha.textproducer.char.string">0123456789</prop>
                                        <prop key="kaptcha.textproducer.char.length">4</prop>
                                        <prop key="kaptcha.noise.impl">com.google.code.kaptcha.impl.NoNoise</prop>
                                        <!-- <prop key="kaptcha.noise.color">white</prop>
                                          -->
                                </props>
                        </constructor-arg>
                </bean>
        </property>
	</bean>
	
    
	<!-- Follow is config for Spring security -->
	<!--<csrf disabled="true"/>-->
	<!-- Login  
	<http use-expressions="false"  disable-url-rewriting="false" xmlns="http://www.springframework.org/schema/security" >
		
		<headers>
			<frame-options policy="SAMEORIGIN" />
		</headers> 
		<access-denied-handler error-page="/login"/>
		<intercept-url pattern="/index" access="ROLE_USER" />
		<intercept-url pattern="/forwardindex" access="ROLE_USER" />
   		<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER" />
		<form-login authentication-failure-url="/login" 
					default-target-url="/forwardindex" 
					login-page="/login" 
					login-processing-url="/logon.do"
					username-parameter="j_username"
					password-parameter="j_password"
					authentication-success-handler-ref="savedRequestSuccessHandler"/>
					
		<logout  logout-url="/logout.do"  logout-success-url="/logout" invalidate-session="true" delete-cookies="JSESSIONID"  />
		
		<session-management invalid-session-url="/login" />
		
		<anonymous />
	</http>
	-->	

   	<bean id="savedRequestSuccessHandler" class="org.maxkey.authn.SavedRequestAwareAuthenticationSuccessHandler"> </bean>
	
	<!-- spring authentication provider 
	<authentication-manager alias="authenticationProvider"  xmlns="http://www.springframework.org/schema/security"/>
-->
	<!-- LDAP Realm 
	<bean id="authenticationRealm" class="org.maxkey.web.authentication.realm.ldap.LdapAuthenticationRealm">
		<constructor-arg ref="jdbcTemplate"/>
		<property name="ldapServers">
			<list>
				<bean id="ldapServer1" class="org.maxkey.web.authentication.realm.ldap.LdapServer">
					<property name="ldapUtils">
						<bean id="ldapUtils" class="org.maxkey.ldap.LdapUtils">
							<property name="providerUrl" value="ldap://localhost:389"></property>
							<property name="principal" value="cn=root"></property>
							<property name="credentials" value="rootroot"></property>
							<property name="baseDN" value="dc=connsec,dc=com"></property>
						</bean>
					</property>
					<property name="filterAttribute" value="uid"></property>
				</bean>	
			</list>
		</property>
	</bean> -->
	
	<!-- Active Directory  Realm 
	<bean id="authenticationRealm" class="org.maxkey.web.authentication.realm.activedirectory.ActiveDirectoryAuthenticationRealm">
		<constructor-arg ref="jdbcTemplate"/>
		<property name="activeDirectoryServers">
			<list>
				<bean id="activeDirectory1" class="org.maxkey.web.authentication.realm.activedirectory.ActiveDirectoryServer">
					<property name="activeDirectoryUtils">
						<bean id="ldapUtils" class="org.maxkey.ldap.ActiveDirectoryUtils">
							<property name="providerUrl" value="ldap://localhost:389"></property>
							<property name="principal" value="cn=root"></property>
							<property name="credentials" value="rootroot"></property>
							<property name="domain" value="connsec"></property>
						</bean>
					</property>
				</bean>	
			</list>
		</property>
	</bean> -->
	
	<!-- Radius Server  Realm  
	<bean id="authenticationRealm" class="org.maxkey.web.authentication.realm.radius.RadiusServerAuthenticationRealm">
		<constructor-arg ref="jdbcTemplate"/>
		<property name="jradiusServers">
			<list>
				<bean id="radiusServer1" class="org.maxkey.web.authentication.realm.radius.RadiusServer">
					<property name="inetAddress" value="localhost"/>
					<property name="secret" value="test1234"/>
				</bean>	
			</list>
		</property>
	</bean>-->
	
	<!-- Default Realm-->
	<!-- realm use jdbc -->
	<bean id="authenticationRealm" class="org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm">
		<constructor-arg ref="jdbcTemplate"/>
	</bean>
	
		
	<!-- Authentication providers -->
    <bean id="authenticationProvider" class="org.maxkey.authn.RealmAuthenticationProvider" >
    </bean>
    <!--
	<authentication-manager alias="authenticationManager" xmlns="http://www.springframework.org/schema/security">
		<authentication-provider ref= "realmAuthenticationProvider"/>  
	</authentication-manager>
    -->
	<mvc:annotation-driven />

	<mvc:default-servlet-handler />

</beans>