danieldbower/deployerConfigContext.xml

## deployerConfigContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- | deployerConfigContext.xml centralizes into one file some of the declarative
	configuration that | all CAS deployers will need to modify. | | This file
	declares some of the Spring-managed JavaBeans that make up a CAS deployment.
	| The beans declared in this file are instantiated at context initialization
	time by the Spring | ContextLoaderListener declared in web.xml. It finds
	this file because this | file is among those declared in the context parameter
	"contextConfigLocation". | | By far the most common change you will need
	to make in this file is to change the last bean | declaration to replace
	the default SimpleTestUsernamePasswordAuthenticationHandler with | one implementing
	your approach for authenticating usernames and passwords. + -->

<!-- ~ Licensed to Jasig under one or more contributor license ~ agreements.
	See the NOTICE file distributed with this work ~ for additional information
	regarding copyright ownership. ~ Jasig licenses this file to you under the
	Apache License, ~ Version 2.0 (the "License"); you may not use this file
	~ except in compliance with the License. You may obtain a ~ copy of the License
	at the following location: ~ ~ http://www.apache.org/licenses/LICENSE-2.0
	~ ~ Unless required by applicable law or agreed to in writing, ~ software
	distributed under the License is distributed on an ~ "AS IS" BASIS, WITHOUT
	WARRANTIES OR CONDITIONS OF ANY ~ KIND, either express or implied. See the
	License for the ~ specific language governing permissions and limitations
	~ under the License. -->

<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
	xmlns:sec="http://www.springframework.org/schema/security" xmlns:tx="http://www.springframework.org/schema/tx"
	xsi:schemaLocation="
       http://www.springframework.org/schema/beans     http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
       http://www.springframework.org/schema/security  http://www.springframework.org/schema/security/spring-security-3.1.xsd
       http://www.springframework.org/schema/tx        http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">

	<!-- Pooled DataSource using c3p0 -->
	<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"
		p:driverClass="${database.driverClass}" p:jdbcUrl="${database.url}"
		p:user="${database.user}" p:password="${database.password}"
		p:initialPoolSize="${database.pool.minSize}" p:minPoolSize="${database.pool.minSize}"
		p:maxPoolSize="${database.pool.maxSize}"
		p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}"
		p:checkoutTimeout="${database.pool.maxWait}" p:acquireIncrement="${database.pool.acquireIncrement}"
		p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}"
		p:acquireRetryDelay="${database.pool.acquireRetryDelay}"
		p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}"
		p:preferredTestQuery="${database.pool.connectionHealthQuery}" />

	<!-- JPA Definition - See also persistence.xml -->
	<bean id="entityManagerFactory"
		class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
		<property name="dataSource" ref="dataSource" />
		<property name="jpaVendorAdapter">
			<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
				<property name="generateDdl" value="true" />
				<property name="showSql" value="true" />
			</bean>
		</property>
		<property name="jpaProperties">
			<props>
				<prop key="hibernate.dialect">${database.hibernate.dialect}</prop>
				<prop key="hibernate.hbm2ddl.auto">update</prop>
			</props>
		</property>
	</bean>

	<!-- Injects EntityManager/Factory instances into beans with @PersistenceUnit
		and @PersistenceContext -->
	<bean
		class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" />

	<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager"
		p:entityManagerFactory-ref="entityManagerFactory" />

	<tx:annotation-driven transaction-manager="transactionManager" />

	<!-- | This bean declares our AuthenticationManager. The CentralAuthenticationService
		service bean | declared in applicationContext.xml picks up this AuthenticationManager
		by reference to its id, | "authenticationManager". Most deployers will be
		able to use the default AuthenticationManager | implementation and so do
		not need to change the class of this bean. We include the whole | AuthenticationManager
		here in the userConfigContext.xml so that you can see the things you will
		| need to change in context. + -->
	<bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">

		<!-- Uncomment the metadata populator to allow clearpass to capture and
			cache the password This switch effectively will turn on clearpass. <property
			name="authenticationMetaDataPopulators"> <list> <bean class="org.jasig.cas.extension.clearpass.CacheCredentialsMetaDataPopulator">
			<constructor-arg index="0" ref="credentialsCache" /> </bean> </list> </property> -->

		<!-- | This is the List of CredentialToPrincipalResolvers that identify
			what Principal is trying to authenticate. | The AuthenticationManagerImpl
			considers them in order, finding a CredentialToPrincipalResolver which |
			supports the presented credentials. | | AuthenticationManagerImpl uses these
			resolvers for two purposes. First, it uses them to identify the Principal
			| attempting to authenticate to CAS /login . In the default configuration,
			it is the DefaultCredentialsToPrincipalResolver | that fills this role. If
			you are using some other kind of credentials than UsernamePasswordCredentials,
			you will need to replace | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver
			that supports the credentials you are | using. | | Second, AuthenticationManagerImpl
			uses these resolvers to identify a service requesting a proxy granting ticket.
			| In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver
			that serves this purpose. | You will need to change this list if you are
			identifying services by something more or other than their callback URL.
			+ -->
		<property name="credentialsToPrincipalResolvers">
			<list>
				<!-- | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials
					that we use for /login | by default and produces SimplePrincipal instances
					conveying the username from the credentials. | | If you've changed your LoginFormAction
					to use credentials other than UsernamePasswordCredentials then you will also
					| need to change this bean declaration (or add additional declarations) to
					declare a CredentialsToPrincipalResolver that supports the | Credentials
					you are using. + -->
				<bean
					class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver">
					<property name="attributeRepository" ref="attributeRepository" />
				</bean>

				<!-- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials.
					It supports the CAS 2.0 approach of | authenticating services by SSL callback,
					extracting the callback URL from the Credentials and representing it as a
					| SimpleService identified by that callback URL. | | If you are representing
					services by something more or other than an HTTPS URL whereat they are able
					to | receive a proxy callback, you will need to change this bean declaration
					(or add additional declarations). + -->
				<bean
					class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
			</list>
		</property>

		<!-- | Whereas CredentialsToPrincipalResolvers identify who it is some
			Credentials might authenticate, | AuthenticationHandlers actually authenticate
			credentials. Here we declare the AuthenticationHandlers that | authenticate
			the Principals that the CredentialsToPrincipalResolvers identified. CAS will
			try these handlers in turn | until it finds one that both supports the Credentials
			presented and succeeds in authenticating. + -->
		<property name="authenticationHandlers">
			<list>
				<!-- | This is the authentication handler that authenticates services
					by means of callback via SSL, thereby validating | a server side SSL certificate.
					+ -->
				<bean
					class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
					p:httpClient-ref="httpClient" />
				<!-- | This is the authentication handler declaration that every CAS
					deployer will need to change before deploying CAS | into production. The
					default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
					| where the username equals the password. You will need to replace this with
					an AuthenticationHandler that implements your | local authentication strategy.
					You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler
					here, or you might use one of the handlers provided in the adaptors modules.
					+ -->
				<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
			</list>
		</property>
	</bean>

	<!-- Modify security of CAS services/manage.html app to use SAML instead of
		CAS 2.0 protocol - overrides the bean in
		WEB-INF/spring-configuration/securityContext.xml -->
	<bean id="casAuthenticationProvider"
		class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
		p:key="my_password_for_this_auth_provider_only"
		p:serviceProperties-ref="serviceProperties">
		<property name="authenticationUserDetailsService" ref="userDetailsService"/>
		<property name="ticketValidator">
			<bean class="org.jasig.cas.client.validation.Saml11TicketValidator">
				<constructor-arg index="0"
					value="${cas.securityContext.ticketValidator.casServerUrlPrefix}" />
			</bean>
		</property>
	</bean>

	<!-- Provides group membership to CAS services/manage.html app using SAML -->
	<bean id="userDetailsService"
		class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService">
		<constructor-arg>
			<list>
				<value>groupMembership</value>
			</list>
		</constructor-arg>
	</bean>

	<!-- Use JPA to store which services have access to CAS and its attributes -->
	<bean id="serviceRegistryDao" class="org.jasig.cas.services.JpaServiceRegistryDaoImpl">
		<property name="entityManagerFactory" ref="entityManagerFactory" />
	</bean>

	<!-- Pulls attributes for users from the list of PersonAttributeDaos and merge them together.
		These attributes are then pushed via SAML as configured in services/manage.html -->
	<bean id="attributeRepository" class="org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl">
		<property name="personAttributeDaos">
			<list>
				<!-- Access username/role combinations (authorities/groupMembership).  These could just as easily come from ldap or even another source -->
				<bean class="com.bowerstudios.cas.UserRolePersonAttributeDaoImpl" />
				<!-- Placeholder for later ldap implementation -->
				<bean class="org.jasig.services.persondir.support.ComplexStubPersonAttributeDao">
					<property name="backingMap">
						<map>
							<entry key="admin">
								<map>
									<entry key="firstName" value="Joe" />
									<entry key="lastName" value="Admin" />
									<entry key="email" value="joe.admin@test.com" />
									<entry key="enabled" value="true" />
								</map>
							</entry>
							<entry key="user">
								<map>
									<entry key="firstName" value="Joe" />
									<entry key="lastName" value="User" />
									<entry key="email" value="joe.user@test.com" />
									<entry key="enabled" value="true" />
								</map>
							</entry>
						</map>
					</property>
				</bean>
			</list>
		</property>
	</bean>

	<bean id="auditTrailManager"
		class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />

	<bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor">
		<property name="monitors">
			<list>
				<bean class="org.jasig.cas.monitor.MemoryMonitor"
					p:freeMemoryWarnThreshold="10" />
				<!-- NOTE The following ticket registries support SessionMonitor: * DefaultTicketRegistry
					* JpaTicketRegistry Remove this monitor if you use an unsupported registry. -->
				<bean class="org.jasig.cas.monitor.SessionMonitor"
					p:ticketRegistry-ref="ticketRegistry"
					p:serviceTicketCountWarnThreshold="5000"
					p:sessionCountWarnThreshold="100000" />
			</list>
		</property>
	</bean>

</beans>
	<?xml version="1.0" encoding="UTF-8"?>
	<!-- \| deployerConfigContext.xml centralizes into one file some of the declarative
	configuration that \| all CAS deployers will need to modify. \| \| This file
	declares some of the Spring-managed JavaBeans that make up a CAS deployment.
	\| The beans declared in this file are instantiated at context initialization
	time by the Spring \| ContextLoaderListener declared in web.xml. It finds
	this file because this \| file is among those declared in the context parameter
	"contextConfigLocation". \| \| By far the most common change you will need
	to make in this file is to change the last bean \| declaration to replace
	the default SimpleTestUsernamePasswordAuthenticationHandler with \| one implementing
	your approach for authenticating usernames and passwords. + -->

	<!-- ~ Licensed to Jasig under one or more contributor license ~ agreements.
	See the NOTICE file distributed with this work ~ for additional information
	regarding copyright ownership. ~ Jasig licenses this file to you under the
	Apache License, ~ Version 2.0 (the "License"); you may not use this file
	~ except in compliance with the License. You may obtain a ~ copy of the License
	at the following location: ~ ~ http://www.apache.org/licenses/LICENSE-2.0
	~ ~ Unless required by applicable law or agreed to in writing, ~ software
	distributed under the License is distributed on an ~ "AS IS" BASIS, WITHOUT
	WARRANTIES OR CONDITIONS OF ANY ~ KIND, either express or implied. See the
	License for the ~ specific language governing permissions and limitations
	~ under the License. -->

	<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
	xmlns:sec="http://www.springframework.org/schema/security" xmlns:tx="http://www.springframework.org/schema/tx"
	xsi:schemaLocation="
	http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
	http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">

	<!-- Pooled DataSource using c3p0 -->
	<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"
	p:driverClass="${database.driverClass}" p:jdbcUrl="${database.url}"
	p:user="${database.user}" p:password="${database.password}"
	p:initialPoolSize="${database.pool.minSize}" p:minPoolSize="${database.pool.minSize}"
	p:maxPoolSize="${database.pool.maxSize}"
	p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}"
	p:checkoutTimeout="${database.pool.maxWait}" p:acquireIncrement="${database.pool.acquireIncrement}"
	p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}"
	p:acquireRetryDelay="${database.pool.acquireRetryDelay}"
	p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}"
	p:preferredTestQuery="${database.pool.connectionHealthQuery}" />

	<!-- JPA Definition - See also persistence.xml -->
	<bean id="entityManagerFactory"
	class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
	<property name="dataSource" ref="dataSource" />
	<property name="jpaVendorAdapter">
	<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
	<property name="generateDdl" value="true" />
	<property name="showSql" value="true" />
	</bean>
	</property>
	<property name="jpaProperties">
	<props>
	<prop key="hibernate.dialect">${database.hibernate.dialect}</prop>
	<prop key="hibernate.hbm2ddl.auto">update</prop>
	</props>
	</property>
	</bean>

	<!-- Injects EntityManager/Factory instances into beans with @PersistenceUnit
	and @PersistenceContext -->
	<bean
	class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" />

	<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager"
	p:entityManagerFactory-ref="entityManagerFactory" />

	<tx:annotation-driven transaction-manager="transactionManager" />

	<!-- \| This bean declares our AuthenticationManager. The CentralAuthenticationService
	service bean \| declared in applicationContext.xml picks up this AuthenticationManager
	by reference to its id, \| "authenticationManager". Most deployers will be
	able to use the default AuthenticationManager \| implementation and so do
	not need to change the class of this bean. We include the whole \| AuthenticationManager
	here in the userConfigContext.xml so that you can see the things you will
	\| need to change in context. + -->
	<bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">

	<!-- Uncomment the metadata populator to allow clearpass to capture and
	cache the password This switch effectively will turn on clearpass. <property
	name="authenticationMetaDataPopulators"> <list> <bean class="org.jasig.cas.extension.clearpass.CacheCredentialsMetaDataPopulator">
	<constructor-arg index="0" ref="credentialsCache" /> </bean> </list> </property> -->

	<!-- \| This is the List of CredentialToPrincipalResolvers that identify
	what Principal is trying to authenticate. \| The AuthenticationManagerImpl
	considers them in order, finding a CredentialToPrincipalResolver which \|
	supports the presented credentials. \| \| AuthenticationManagerImpl uses these
	resolvers for two purposes. First, it uses them to identify the Principal
	\| attempting to authenticate to CAS /login . In the default configuration,
	it is the DefaultCredentialsToPrincipalResolver \| that fills this role. If
	you are using some other kind of credentials than UsernamePasswordCredentials,
	you will need to replace \| DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver
	that supports the credentials you are \| using. \| \| Second, AuthenticationManagerImpl
	uses these resolvers to identify a service requesting a proxy granting ticket.
	\| In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver
	that serves this purpose. \| You will need to change this list if you are
	identifying services by something more or other than their callback URL.
	+ -->
	<property name="credentialsToPrincipalResolvers">
	<list>
	<!-- \| UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials
	that we use for /login \| by default and produces SimplePrincipal instances
	conveying the username from the credentials. \| \| If you've changed your LoginFormAction
	to use credentials other than UsernamePasswordCredentials then you will also
	\| need to change this bean declaration (or add additional declarations) to
	declare a CredentialsToPrincipalResolver that supports the \| Credentials
	you are using. + -->
	<bean
	class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver">
	<property name="attributeRepository" ref="attributeRepository" />
	</bean>

	<!-- \| HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials.
	It supports the CAS 2.0 approach of \| authenticating services by SSL callback,
	extracting the callback URL from the Credentials and representing it as a
	\| SimpleService identified by that callback URL. \| \| If you are representing
	services by something more or other than an HTTPS URL whereat they are able
	to \| receive a proxy callback, you will need to change this bean declaration
	(or add additional declarations). + -->
	<bean
	class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
	</list>
	</property>

	<!-- \| Whereas CredentialsToPrincipalResolvers identify who it is some
	Credentials might authenticate, \| AuthenticationHandlers actually authenticate
	credentials. Here we declare the AuthenticationHandlers that \| authenticate
	the Principals that the CredentialsToPrincipalResolvers identified. CAS will
	try these handlers in turn \| until it finds one that both supports the Credentials
	presented and succeeds in authenticating. + -->
	<property name="authenticationHandlers">
	<list>
	<!-- \| This is the authentication handler that authenticates services
	by means of callback via SSL, thereby validating \| a server side SSL certificate.
	+ -->
	<bean
	class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
	p:httpClient-ref="httpClient" />
	<!-- \| This is the authentication handler declaration that every CAS
	deployer will need to change before deploying CAS \| into production. The
	default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
	\| where the username equals the password. You will need to replace this with
	an AuthenticationHandler that implements your \| local authentication strategy.
	You might accomplish this by coding a new such handler and declaring \| edu.someschool.its.cas.MySpecialHandler
	here, or you might use one of the handlers provided in the adaptors modules.
	+ -->
	<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
	</list>
	</property>
	</bean>

	<!-- Modify security of CAS services/manage.html app to use SAML instead of
	CAS 2.0 protocol - overrides the bean in
	WEB-INF/spring-configuration/securityContext.xml -->
	<bean id="casAuthenticationProvider"
	class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
	p:key="my_password_for_this_auth_provider_only"
	p:serviceProperties-ref="serviceProperties">
	<property name="authenticationUserDetailsService" ref="userDetailsService"/>
	<property name="ticketValidator">
	<bean class="org.jasig.cas.client.validation.Saml11TicketValidator">
	<constructor-arg index="0"
	value="${cas.securityContext.ticketValidator.casServerUrlPrefix}" />
	</bean>
	</property>
	</bean>

	<!-- Provides group membership to CAS services/manage.html app using SAML -->
	<bean id="userDetailsService"
	class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService">
	<constructor-arg>
	<list>
	<value>groupMembership</value>
	</list>
	</constructor-arg>
	</bean>

	<!-- Use JPA to store which services have access to CAS and its attributes -->
	<bean id="serviceRegistryDao" class="org.jasig.cas.services.JpaServiceRegistryDaoImpl">
	<property name="entityManagerFactory" ref="entityManagerFactory" />
	</bean>

	<!-- Pulls attributes for users from the list of PersonAttributeDaos and merge them together.
	These attributes are then pushed via SAML as configured in services/manage.html -->
	<bean id="attributeRepository" class="org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl">
	<property name="personAttributeDaos">
	<list>
	<!-- Access username/role combinations (authorities/groupMembership). These could just as easily come from ldap or even another source -->
	<bean class="com.bowerstudios.cas.UserRolePersonAttributeDaoImpl" />
	<!-- Placeholder for later ldap implementation -->
	<bean class="org.jasig.services.persondir.support.ComplexStubPersonAttributeDao">
	<property name="backingMap">
	<map>
	<entry key="admin">
	<map>
	<entry key="firstName" value="Joe" />
	<entry key="lastName" value="Admin" />
	<entry key="email" value="joe.admin@test.com" />
	<entry key="enabled" value="true" />
	</map>
	</entry>
	<entry key="user">
	<map>
	<entry key="firstName" value="Joe" />
	<entry key="lastName" value="User" />
	<entry key="email" value="joe.user@test.com" />
	<entry key="enabled" value="true" />
	</map>
	</entry>
	</map>
	</property>
	</bean>
	</list>
	</property>
	</bean>

	<bean id="auditTrailManager"
	class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />

	<bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor">
	<property name="monitors">
	<list>
	<bean class="org.jasig.cas.monitor.MemoryMonitor"
	p:freeMemoryWarnThreshold="10" />
	<!-- NOTE The following ticket registries support SessionMonitor: * DefaultTicketRegistry
	* JpaTicketRegistry Remove this monitor if you use an unsupported registry. -->
	<bean class="org.jasig.cas.monitor.SessionMonitor"
	p:ticketRegistry-ref="ticketRegistry"
	p:serviceTicketCountWarnThreshold="5000"
	p:sessionCountWarnThreshold="100000" />
	</list>
	</property>
	</bean>

	</beans>