1 
<?xml version="1.0" encoding="UTF-8"?>
2 
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
3 
    xmlns="http://www.springframework.org/schema/security"
4 
    xmlns:p="http://www.springframework.org/schema/p"
5 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
6 
    xmlns:context="http://www.springframework.org/schema/context"
7 
    xmlns:util="http://www.springframework.org/schema/util"
8 
    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
9 
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
10 
		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
11 
		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
12 





13

    <http entry-point-ref="casEntryPoint" use-expressions="true">





14

        <intercept-url pattern="/" access="permitAll"/>





15

        <intercept-url pattern="/index.jsp" access="permitAll"/>





16

        <intercept-url pattern="/cas-logout.jsp" access="permitAll"/>





17

        <intercept-url pattern="/casfailed.jsp" access="permitAll"/>





18






19

        <intercept-url pattern="/secure/extreme/**"





20

            access="hasRole('ROLE_SUPERVISOR')" />





21

        <intercept-url pattern="/secure/**" access="hasRole('ROLE_USER')" />





22

        <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />





23

        <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>





24

        <custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>





25

        <custom-filter ref="casFilter" position="CAS_FILTER" />





26

        <logout logout-success-url="/cas-logout.jsp"/>





27

    </http>





28






29

    <authentication-manager alias="authManager">





30

        <authentication-provider ref="casAuthProvider" />





31

    </authentication-manager>





32






33

    <user-service id="userService">





34

        <user name="rod" password="rod" authorities="ROLE_SUPERVISOR,ROLE_USER" />





35

        <user name="dianne" password="dianne" authorities="ROLE_USER" />





36

        <user name="scott" password="scott" authorities="ROLE_USER" />





37

    </user-service>





38






39

    <!-- This filter handles a Single Logout Request from the CAS Server -->





40

    <b:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>





41

    <!-- This filter redirects to the CAS Server to signal Single Logout should be performed -->





42

    <b:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"





43

        p:filterProcessesUrl="/j_spring_cas_security_logout">





44

        <b:constructor-arg value="https://${cas.server.host}/cas/logout"/>





45

        <b:constructor-arg>





46

            <b:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>





47

        </b:constructor-arg>





48

    </b:bean>





49






50

    <b:bean id="serviceProperties"





51

        class="org.springframework.security.cas.ServiceProperties"





52

        p:service="https://${cas.service.host}/cas-sample/j_spring_cas_security_check"





53

        p:authenticateAllArtifacts="true"/>





54

    <b:bean id="casEntryPoint"





55

        class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"





56

        p:serviceProperties-ref="serviceProperties" p:loginUrl="https://${cas.server.host}/cas/login" />





57

    <b:bean id="casFilter"





58

        class="org.springframework.security.cas.web.CasAuthenticationFilter"





59

        p:authenticationManager-ref="authManager"





60

        p:serviceProperties-ref="serviceProperties"





61

        p:proxyGrantingTicketStorage-ref="pgtStorage"





62

        p:proxyReceptorUrl="/j_spring_cas_security_proxyreceptor">





63

        <b:property name="authenticationDetailsSource">





64

            <b:bean class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource"/>





65

        </b:property>





66

        <b:property name="authenticationFailureHandler">





67

            <b:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"





68

                p:defaultFailureUrl="/casfailed.jsp"/>





69

        </b:property>





70

    </b:bean>





71

    <!--





72

        NOTE: In a real application you should not use an in memory implementation. You will also want





73

              to ensure to clean up expired tickets by calling ProxyGrantingTicketStorage.cleanup()





74

     -->





75

    <b:bean id="pgtStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/>





76

    <b:bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"





77

        p:serviceProperties-ref="serviceProperties"





78

        p:key="casAuthProviderKey">





79

        <b:property name="authenticationUserDetailsService">





80

            <b:bean





81

                class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">





82

                <b:constructor-arg ref="userService" />





83

            </b:bean>





84

        </b:property>





85

        <b:property name="ticketValidator">





86

            <b:bean





87

                class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"





88

                p:acceptAnyProxy="true"





89

                p:proxyCallbackUrl="https://${cas.service.host}/cas-sample/j_spring_cas_security_proxyreceptor"





90

                p:proxyGrantingTicketStorage-ref="pgtStorage">





91

                <b:constructor-arg value="https://${cas.server.host}/cas" />





92

            </b:bean>





93

        </b:property>





94

        <b:property name="statelessTicketCache">





95

            <b:bean class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">





96

                <b:property name="cache">





97

                    <b:bean class="net.sf.ehcache.Cache"





98

                      init-method="initialise"





99

                      destroy-method="dispose">





100

                        <b:constructor-arg value="casTickets"/>





101

                        <b:constructor-arg value="50"/>





102

                        <b:constructor-arg value="true"/>





103

                        <b:constructor-arg value="false"/>





104

                        <b:constructor-arg value="3600"/>





105

                        <b:constructor-arg value="900"/>





106

                    </b:bean>





107

                </b:property>





108

            </b:bean>





109

        </b:property>





110

    </b:bean>





111






112

    <!-- Configuration for the environment can be overriden by system properties -->





113

    <context:property-placeholder system-properties-mode="OVERRIDE" properties-ref="environment"/>





114

    <util:properties id="environment">





115

        <b:prop key="cas.service.host">localhost:8443</b:prop>





116

        <b:prop key="cas.server.host">localhost:9443</b:prop>





117

    </util:properties>





118

</b:beans>