OpenIDConfigTests groovy->java
For the remember me test, there is some hand configuration that was carried over from the groovy test as there isn't a way via the xml config to achieve the same result. For the attribute exchange test, in order to reduce the amount of endpoint configuration, the test uses a bit of reflection to disable the OpenID association step. This is because the xml config does not support wiring a custom ConsumerManager, like the java configurer does. Issue: gh-4939
This commit is contained in:
parent
36cbdfe013
commit
195a6943e2
|
@ -1,166 +0,0 @@
|
||||||
package org.springframework.security.config.http
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest
|
|
||||||
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException
|
|
||||||
import org.springframework.mock.web.MockFilterChain
|
|
||||||
import org.springframework.mock.web.MockHttpServletRequest
|
|
||||||
import org.springframework.mock.web.MockHttpServletResponse
|
|
||||||
import org.springframework.security.config.BeanIds
|
|
||||||
import org.springframework.security.openid.OpenIDAuthenticationFilter
|
|
||||||
import org.springframework.security.openid.OpenIDAuthenticationToken
|
|
||||||
import org.springframework.security.openid.OpenIDConsumer
|
|
||||||
import org.springframework.security.openid.OpenIDConsumerException
|
|
||||||
|
|
||||||
import org.springframework.security.web.access.ExceptionTranslationFilter
|
|
||||||
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
|
|
||||||
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
|
|
||||||
|
|
||||||
import javax.servlet.Filter
|
|
||||||
|
|
||||||
/**
|
|
||||||
*
|
|
||||||
* @author Luke Taylor
|
|
||||||
*/
|
|
||||||
class OpenIDConfigTests extends AbstractHttpConfigTests {
|
|
||||||
|
|
||||||
def openIDAndFormLoginWorkTogether() {
|
|
||||||
xml.http() {
|
|
||||||
'openid-login'()
|
|
||||||
'form-login'()
|
|
||||||
}
|
|
||||||
createAppContext()
|
|
||||||
|
|
||||||
def etf = getFilter(ExceptionTranslationFilter)
|
|
||||||
def ap = etf.getAuthenticationEntryPoint();
|
|
||||||
|
|
||||||
expect:
|
|
||||||
ap.loginFormUrl == "/login"
|
|
||||||
// Default login filter should be present since we haven't specified any login URLs
|
|
||||||
getFilter(DefaultLoginPageGeneratingFilter) != null
|
|
||||||
}
|
|
||||||
|
|
||||||
def formLoginEntryPointTakesPrecedenceIfLoginUrlIsSet() {
|
|
||||||
xml.http() {
|
|
||||||
'openid-login'()
|
|
||||||
'form-login'('login-page': '/form-page')
|
|
||||||
}
|
|
||||||
createAppContext()
|
|
||||||
|
|
||||||
expect:
|
|
||||||
getFilter(ExceptionTranslationFilter).authenticationEntryPoint.loginFormUrl == '/form-page'
|
|
||||||
}
|
|
||||||
|
|
||||||
def openIDEntryPointTakesPrecedenceIfLoginUrlIsSet() {
|
|
||||||
xml.http() {
|
|
||||||
'openid-login'('login-page': '/openid-page')
|
|
||||||
'form-login'()
|
|
||||||
}
|
|
||||||
createAppContext()
|
|
||||||
|
|
||||||
expect:
|
|
||||||
getFilter(ExceptionTranslationFilter).authenticationEntryPoint.loginFormUrl == '/openid-page'
|
|
||||||
}
|
|
||||||
|
|
||||||
def multipleLoginPagesCausesError() {
|
|
||||||
when:
|
|
||||||
xml.http() {
|
|
||||||
'openid-login'('login-page': '/openid-page')
|
|
||||||
'form-login'('login-page': '/form-page')
|
|
||||||
}
|
|
||||||
createAppContext()
|
|
||||||
then:
|
|
||||||
thrown(BeanDefinitionParsingException)
|
|
||||||
}
|
|
||||||
|
|
||||||
def openIDAndRememberMeWorkTogether() {
|
|
||||||
xml.debug()
|
|
||||||
xml.http() {
|
|
||||||
interceptUrl('/**', 'denyAll')
|
|
||||||
'openid-login'()
|
|
||||||
'remember-me'()
|
|
||||||
'csrf'(disabled:true)
|
|
||||||
}
|
|
||||||
createAppContext()
|
|
||||||
|
|
||||||
// Default login filter should be present since we haven't specified any login URLs
|
|
||||||
def loginFilter = getFilter(DefaultLoginPageGeneratingFilter)
|
|
||||||
def openIDFilter = getFilter(OpenIDAuthenticationFilter)
|
|
||||||
openIDFilter.setConsumer(new OpenIDConsumer() {
|
|
||||||
public String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl, String realm)
|
|
||||||
throws OpenIDConsumerException {
|
|
||||||
return "http://testopenid.com?openid.return_to=" + returnToUrl;
|
|
||||||
}
|
|
||||||
|
|
||||||
public OpenIDAuthenticationToken endConsumption(HttpServletRequest req) throws OpenIDConsumerException {
|
|
||||||
throw new UnsupportedOperationException();
|
|
||||||
}
|
|
||||||
})
|
|
||||||
Set<String> returnToUrlParameters = new HashSet<String>()
|
|
||||||
returnToUrlParameters.add(AbstractRememberMeServices.DEFAULT_PARAMETER)
|
|
||||||
openIDFilter.setReturnToUrlParameters(returnToUrlParameters)
|
|
||||||
assert loginFilter.openIDrememberMeParameter != null
|
|
||||||
|
|
||||||
MockHttpServletRequest request = new MockHttpServletRequest(method:'GET');
|
|
||||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
|
||||||
|
|
||||||
when: "Initial request is made"
|
|
||||||
Filter fc = appContext.getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN)
|
|
||||||
request.setServletPath("/something.html")
|
|
||||||
fc.doFilter(request, response, new MockFilterChain())
|
|
||||||
then: "Redirected to login"
|
|
||||||
response.getRedirectedUrl().endsWith("/login")
|
|
||||||
when: "Login page is requested"
|
|
||||||
request.setServletPath("/login")
|
|
||||||
request.setRequestURI("/login")
|
|
||||||
response = new MockHttpServletResponse()
|
|
||||||
fc.doFilter(request, response, new MockFilterChain())
|
|
||||||
then: "Remember-me choice is added to page"
|
|
||||||
response.getContentAsString().contains(AbstractRememberMeServices.DEFAULT_PARAMETER)
|
|
||||||
when: "Login is submitted with remember-me selected"
|
|
||||||
request.servletPath = "/login/openid"
|
|
||||||
request.setParameter(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "http://hey.openid.com/")
|
|
||||||
request.setParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "on")
|
|
||||||
response = new MockHttpServletResponse();
|
|
||||||
fc.doFilter(request, response, new MockFilterChain());
|
|
||||||
String expectedReturnTo = request.getRequestURL().append("?")
|
|
||||||
.append(AbstractRememberMeServices.DEFAULT_PARAMETER)
|
|
||||||
.append("=").append("on").toString();
|
|
||||||
then: "return_to URL contains remember-me choice"
|
|
||||||
response.getRedirectedUrl() == "http://testopenid.com?openid.return_to=" + expectedReturnTo
|
|
||||||
}
|
|
||||||
|
|
||||||
def openIDWithAttributeExchangeConfigurationIsParsedCorrectly() {
|
|
||||||
xml.http() {
|
|
||||||
'openid-login'() {
|
|
||||||
'attribute-exchange'() {
|
|
||||||
'openid-attribute'(name: 'nickname', type: 'http://schema.openid.net/namePerson/friendly')
|
|
||||||
'openid-attribute'(name: 'email', type: 'http://schema.openid.net/contact/email', required: 'true',
|
|
||||||
'count': '2')
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
createAppContext()
|
|
||||||
|
|
||||||
List attributes = getFilter(OpenIDAuthenticationFilter).consumer.attributesToFetchFactory.createAttributeList('http://someid')
|
|
||||||
|
|
||||||
expect:
|
|
||||||
attributes.size() == 2
|
|
||||||
attributes[0].name == 'nickname'
|
|
||||||
attributes[0].type == 'http://schema.openid.net/namePerson/friendly'
|
|
||||||
!attributes[0].required
|
|
||||||
attributes[1].required
|
|
||||||
attributes[1].getCount() == 2
|
|
||||||
}
|
|
||||||
|
|
||||||
def 'SEC-2919: DefaultLoginGeneratingFilter should not be present if login-page="/login"'() {
|
|
||||||
when:
|
|
||||||
xml.http() {
|
|
||||||
'openid-login'('login-page':'/login')
|
|
||||||
}
|
|
||||||
createAppContext()
|
|
||||||
|
|
||||||
then:
|
|
||||||
getFilter(DefaultLoginPageGeneratingFilter) == null
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -0,0 +1,223 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2002-2018 the original author or authors.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.springframework.security.config.http;
|
||||||
|
|
||||||
|
import java.util.HashSet;
|
||||||
|
import java.util.Set;
|
||||||
|
import javax.servlet.Filter;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
|
import okhttp3.mockwebserver.MockResponse;
|
||||||
|
import okhttp3.mockwebserver.MockWebServer;
|
||||||
|
import org.junit.Rule;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.openid4java.consumer.ConsumerManager;
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
|
||||||
|
import org.springframework.security.config.test.SpringTestRule;
|
||||||
|
import org.springframework.security.openid.OpenID4JavaConsumer;
|
||||||
|
import org.springframework.security.openid.OpenIDAuthenticationFilter;
|
||||||
|
import org.springframework.security.openid.OpenIDConsumer;
|
||||||
|
import org.springframework.security.util.FieldUtils;
|
||||||
|
import org.springframework.security.web.FilterChainProxy;
|
||||||
|
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
|
||||||
|
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
|
||||||
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
|
import static org.assertj.core.api.Assertions.assertThatCode;
|
||||||
|
import static org.hamcrest.CoreMatchers.containsString;
|
||||||
|
import static org.mockito.ArgumentMatchers.any;
|
||||||
|
import static org.mockito.ArgumentMatchers.anyString;
|
||||||
|
import static org.mockito.Mockito.mock;
|
||||||
|
import static org.mockito.Mockito.when;
|
||||||
|
import static org.openid4java.discovery.yadis.YadisResolver.YADIS_XRDS_LOCATION;
|
||||||
|
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||||
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
|
||||||
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
|
||||||
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests usage of the <openid-login> element
|
||||||
|
*
|
||||||
|
* @author Luke Taylor
|
||||||
|
*/
|
||||||
|
public class OpenIDConfigTests {
|
||||||
|
private static final String CONFIG_LOCATION_PREFIX =
|
||||||
|
"classpath:org/springframework/security/config/http/OpenIDConfigTests";
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
MockMvc mvc;
|
||||||
|
|
||||||
|
@Rule
|
||||||
|
public final SpringTestRule spring = new SpringTestRule();
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void requestWhenOpenIDAndFormLoginBothConfiguredThenRedirectsToGeneratedLoginPage()
|
||||||
|
throws Exception {
|
||||||
|
|
||||||
|
this.spring.configLocations(this.xml("WithFormLogin")).autowire();
|
||||||
|
|
||||||
|
this.mvc.perform(get("/"))
|
||||||
|
.andExpect(status().isFound())
|
||||||
|
.andExpect(redirectedUrl("http://localhost/login"));
|
||||||
|
|
||||||
|
assertThat(getFilter(DefaultLoginPageGeneratingFilter.class)).isNotNull();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void requestWhenOpenIDAndFormLoginWithFormLoginPageConfiguredThenFormLoginPageWins()
|
||||||
|
throws Exception {
|
||||||
|
|
||||||
|
this.spring.configLocations(this.xml("WithFormLoginPage")).autowire();
|
||||||
|
|
||||||
|
this.mvc.perform(get("/"))
|
||||||
|
.andExpect(status().isFound())
|
||||||
|
.andExpect(redirectedUrl("http://localhost/form-page"));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void requestWhenOpenIDAndFormLoginWithOpenIDLoginPageConfiguredThenOpenIDLoginPageWins()
|
||||||
|
throws Exception {
|
||||||
|
|
||||||
|
this.spring.configLocations(this.xml("WithOpenIDLoginPageAndFormLogin")).autowire();
|
||||||
|
|
||||||
|
this.mvc.perform(get("/"))
|
||||||
|
.andExpect(status().isFound())
|
||||||
|
.andExpect(redirectedUrl("http://localhost/openid-page"));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void configureWhenOpenIDAndFormLoginBothConfigureLoginPagesThenWiringException()
|
||||||
|
throws Exception {
|
||||||
|
|
||||||
|
assertThatCode(() -> this.spring.configLocations(this.xml("WithFormLoginAndOpenIDLoginPages")).autowire())
|
||||||
|
.isInstanceOf(BeanDefinitionParsingException.class);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void requestWhenOpenIDAndRememberMeConfiguredThenRememberMePassedToIdp()
|
||||||
|
throws Exception {
|
||||||
|
|
||||||
|
this.spring.configLocations(this.xml("WithRememberMe")).autowire();
|
||||||
|
|
||||||
|
OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class);
|
||||||
|
|
||||||
|
String openIdEndpointUrl = "http://testopenid.com?openid.return_to=";
|
||||||
|
Set<String> returnToUrlParameters = new HashSet<>();
|
||||||
|
returnToUrlParameters.add(AbstractRememberMeServices.DEFAULT_PARAMETER);
|
||||||
|
openIDFilter.setReturnToUrlParameters(returnToUrlParameters);
|
||||||
|
|
||||||
|
OpenIDConsumer consumer = mock(OpenIDConsumer.class);
|
||||||
|
when(consumer.beginConsumption(any(HttpServletRequest.class), anyString(), anyString(), anyString()))
|
||||||
|
.then(invocation -> openIdEndpointUrl + invocation.getArgument(2));
|
||||||
|
openIDFilter.setConsumer(consumer);
|
||||||
|
|
||||||
|
String expectedReturnTo = new StringBuilder("http://localhost/login/openid").append("?")
|
||||||
|
.append(AbstractRememberMeServices.DEFAULT_PARAMETER)
|
||||||
|
.append("=").append("on").toString();
|
||||||
|
|
||||||
|
this.mvc.perform(get("/"))
|
||||||
|
.andExpect(status().isFound())
|
||||||
|
.andExpect(redirectedUrl("http://localhost/login"));
|
||||||
|
|
||||||
|
this.mvc.perform(get("/login"))
|
||||||
|
.andExpect(status().isOk())
|
||||||
|
.andExpect(content().string(containsString(AbstractRememberMeServices.DEFAULT_PARAMETER)));
|
||||||
|
|
||||||
|
this.mvc.perform(get("/login/openid")
|
||||||
|
.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "http://hey.openid.com/")
|
||||||
|
.param(AbstractRememberMeServices.DEFAULT_PARAMETER, "on"))
|
||||||
|
.andExpect(status().isFound())
|
||||||
|
.andExpect(redirectedUrl(openIdEndpointUrl + expectedReturnTo));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void requestWhenAttributeExchangeConfiguredThenFetchAttributesPassedToIdp()
|
||||||
|
throws Exception {
|
||||||
|
|
||||||
|
this.spring.configLocations(this.xml("WithOpenIDAttributes")).autowire();
|
||||||
|
|
||||||
|
OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class);
|
||||||
|
OpenID4JavaConsumer consumer = getFieldValue(openIDFilter, "consumer");
|
||||||
|
ConsumerManager manager = getFieldValue(consumer, "consumerManager");
|
||||||
|
manager.setMaxAssocAttempts(0);
|
||||||
|
|
||||||
|
try ( MockWebServer server = new MockWebServer() ) {
|
||||||
|
String endpoint = server.url("/").toString();
|
||||||
|
|
||||||
|
server.enqueue(new MockResponse()
|
||||||
|
.addHeader(YADIS_XRDS_LOCATION, endpoint));
|
||||||
|
server.enqueue(new MockResponse()
|
||||||
|
.setBody(String.format(
|
||||||
|
"<XRDS><XRD><Service><URI>%s</URI></Service></XRD></XRDS>",
|
||||||
|
endpoint)));
|
||||||
|
|
||||||
|
this.mvc.perform(get("/login/openid")
|
||||||
|
.param(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, endpoint))
|
||||||
|
.andExpect(status().isFound())
|
||||||
|
.andExpect(result -> result.getResponse().getRedirectedUrl().endsWith(
|
||||||
|
"openid.ext1.type.nickname=http%3A%2F%2Fschema.openid.net%2FnamePerson%2Ffriendly&" +
|
||||||
|
"openid.ext1.if_available=nickname&" +
|
||||||
|
"openid.ext1.type.email=http%3A%2F%2Fschema.openid.net%2Fcontact%2Femail&" +
|
||||||
|
"openid.ext1.required=email&" +
|
||||||
|
"openid.ext1.count.email=2"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SEC-2919
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void requestWhenLoginPageConfiguredWithPhraseLoginThenRedirectsOnlyToUserGeneratedLoginPage()
|
||||||
|
throws Exception {
|
||||||
|
|
||||||
|
this.spring.configLocations(this.xml("Sec2919")).autowire();
|
||||||
|
|
||||||
|
assertThat(getFilter(DefaultLoginPageGeneratingFilter.class)).isNull();
|
||||||
|
|
||||||
|
this.mvc.perform(get("/login"))
|
||||||
|
.andExpect(status().isOk())
|
||||||
|
.andExpect(content().string("a custom login page"));
|
||||||
|
}
|
||||||
|
|
||||||
|
@RestController
|
||||||
|
static class CustomLoginController {
|
||||||
|
@GetMapping("/login")
|
||||||
|
public String custom() {
|
||||||
|
return "a custom login page";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private <T extends Filter> T getFilter(Class<T> clazz) {
|
||||||
|
FilterChainProxy filterChain = this.spring.getContext().getBean(FilterChainProxy.class);
|
||||||
|
return (T) filterChain.getFilters("/").stream()
|
||||||
|
.filter(clazz::isInstance)
|
||||||
|
.findFirst()
|
||||||
|
.orElse(null);
|
||||||
|
}
|
||||||
|
|
||||||
|
private String xml(String configName) {
|
||||||
|
return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
|
||||||
|
}
|
||||||
|
|
||||||
|
private static <T> T getFieldValue(Object bean, String fieldName) throws IllegalAccessException {
|
||||||
|
return (T) FieldUtils.getFieldValue(bean, fieldName);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,36 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright 2002-2018 the original author or authors.
|
||||||
|
~
|
||||||
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
~ you may not use this file except in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing, software
|
||||||
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
~ See the License for the specific language governing permissions and
|
||||||
|
~ limitations under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xmlns="http://www.springframework.org/schema/security"
|
||||||
|
xsi:schemaLocation="
|
||||||
|
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||||
|
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||||
|
|
||||||
|
<http use-expressions="true">
|
||||||
|
<intercept-url pattern="/login" access="permitAll"/>
|
||||||
|
<intercept-url pattern="/**" access="authenticated"/>
|
||||||
|
<openid-login login-page="/login"/>
|
||||||
|
</http>
|
||||||
|
|
||||||
|
<b:bean
|
||||||
|
name="customLogin"
|
||||||
|
class="org.springframework.security.config.http.OpenIDConfigTests.CustomLoginController"/>
|
||||||
|
|
||||||
|
<b:import resource="userservice.xml"/>
|
||||||
|
</b:beans>
|
|
@ -0,0 +1,32 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright 2002-2018 the original author or authors.
|
||||||
|
~
|
||||||
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
~ you may not use this file except in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing, software
|
||||||
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
~ See the License for the specific language governing permissions and
|
||||||
|
~ limitations under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xmlns="http://www.springframework.org/schema/security"
|
||||||
|
xsi:schemaLocation="
|
||||||
|
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||||
|
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||||
|
|
||||||
|
<http use-expressions="true">
|
||||||
|
<intercept-url pattern="/**" access="authenticated"/>
|
||||||
|
<openid-login/>
|
||||||
|
<form-login/>
|
||||||
|
</http>
|
||||||
|
|
||||||
|
<b:import resource="userservice.xml"/>
|
||||||
|
</b:beans>
|
|
@ -0,0 +1,32 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright 2002-2018 the original author or authors.
|
||||||
|
~
|
||||||
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
~ you may not use this file except in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing, software
|
||||||
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
~ See the License for the specific language governing permissions and
|
||||||
|
~ limitations under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xmlns="http://www.springframework.org/schema/security"
|
||||||
|
xsi:schemaLocation="
|
||||||
|
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||||
|
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||||
|
|
||||||
|
<http use-expressions="true">
|
||||||
|
<intercept-url pattern="/**" access="authenticated"/>
|
||||||
|
<openid-login login-page="/openid-page"/>
|
||||||
|
<form-login login-page="/form-page"/>
|
||||||
|
</http>
|
||||||
|
|
||||||
|
<b:import resource="userservice.xml"/>
|
||||||
|
</b:beans>
|
|
@ -0,0 +1,32 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright 2002-2018 the original author or authors.
|
||||||
|
~
|
||||||
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
~ you may not use this file except in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing, software
|
||||||
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
~ See the License for the specific language governing permissions and
|
||||||
|
~ limitations under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xmlns="http://www.springframework.org/schema/security"
|
||||||
|
xsi:schemaLocation="
|
||||||
|
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||||
|
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||||
|
|
||||||
|
<http use-expressions="true">
|
||||||
|
<intercept-url pattern="/**" access="authenticated"/>
|
||||||
|
<openid-login/>
|
||||||
|
<form-login login-page="/form-page"/>
|
||||||
|
</http>
|
||||||
|
|
||||||
|
<b:import resource="userservice.xml"/>
|
||||||
|
</b:beans>
|
|
@ -0,0 +1,36 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright 2002-2018 the original author or authors.
|
||||||
|
~
|
||||||
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
~ you may not use this file except in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing, software
|
||||||
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
~ See the License for the specific language governing permissions and
|
||||||
|
~ limitations under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xmlns="http://www.springframework.org/schema/security"
|
||||||
|
xsi:schemaLocation="
|
||||||
|
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||||
|
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||||
|
|
||||||
|
<http use-expressions="true">
|
||||||
|
<intercept-url pattern="/**" access="denyAll"/>
|
||||||
|
<openid-login>
|
||||||
|
<attribute-exchange>
|
||||||
|
<openid-attribute name="nickname" type="http://schema.openid.net/namePerson/friendly"/>
|
||||||
|
<openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" count="2"/>
|
||||||
|
</attribute-exchange>
|
||||||
|
</openid-login>
|
||||||
|
</http>
|
||||||
|
|
||||||
|
<b:import resource="userservice.xml"/>
|
||||||
|
</b:beans>
|
|
@ -0,0 +1,32 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright 2002-2018 the original author or authors.
|
||||||
|
~
|
||||||
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
~ you may not use this file except in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing, software
|
||||||
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
~ See the License for the specific language governing permissions and
|
||||||
|
~ limitations under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xmlns="http://www.springframework.org/schema/security"
|
||||||
|
xsi:schemaLocation="
|
||||||
|
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||||
|
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||||
|
|
||||||
|
<http use-expressions="true">
|
||||||
|
<intercept-url pattern="/**" access="authenticated"/>
|
||||||
|
<openid-login login-page="/openid-page"/>
|
||||||
|
<form-login/>
|
||||||
|
</http>
|
||||||
|
|
||||||
|
<b:import resource="userservice.xml"/>
|
||||||
|
</b:beans>
|
|
@ -0,0 +1,33 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright 2002-2018 the original author or authors.
|
||||||
|
~
|
||||||
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
~ you may not use this file except in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing, software
|
||||||
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
~ See the License for the specific language governing permissions and
|
||||||
|
~ limitations under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xmlns="http://www.springframework.org/schema/security"
|
||||||
|
xsi:schemaLocation="
|
||||||
|
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||||
|
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||||
|
|
||||||
|
<http use-expressions="true">
|
||||||
|
<intercept-url pattern="/**" access="denyAll"/>
|
||||||
|
<openid-login/>
|
||||||
|
<remember-me/>
|
||||||
|
<csrf disabled="true"/>
|
||||||
|
</http>
|
||||||
|
|
||||||
|
<b:import resource="userservice.xml"/>
|
||||||
|
</b:beans>
|
Loading…
Reference in New Issue