/*
* Main ini section
*/
Ini ini = new Ini();
Section main = ini.addSection("main");
/*
* Get the login url
* TODO: Should we also allow a configuration with a standard 403 response?
*/
String loginUrl = (String) securityConfig.get("loginUrl");
main.put("authc.loginUrl", loginUrl == null ? "/login/" : loginUrl);
/*
* Set up our realm, right now only LDAP
* This also sets up an authorization cache
* TODO: Add ability to have other and more advanced realms
*/
Map<String,String> ldapConfig = (Map<String, String>) securityConfig.get("ldap");
if (ldapConfig != null) {
main.put("ldapRealm", "com.adaptrex.core.security.realm.BasicLdapRealm");
main.put("ldapRealm.searchBase", ldapConfig.get("searchBase"));
main.put("ldapRealm.userDnTemplate", ldapConfig.get("userDnTemplate"));
main.put("ldapRealm.contextFactory.url", ldapConfig.get("url"));
main.put("ldapRealm.authorizationCacheName", "com.adaptrex.cache.authorizationCache");
main.put("ldapRealm.authenticationCacheName", "com.adaptrex.cache.authenticationCache");
}
// Adaptrex Shiro Cache Manager
main.put("cacheManager", "com.adaptrex.core.security.shiro.AdaptrexShiroCacheManager");
main.put("cacheManager.cacheManagerConfigFile", "classpath:adaptrex-ehcache.xml");
main.put("securityManager.cacheManager", "$cacheManager");
// Need to use native session for single sign on
main.put("sessionManager", "org.apache.shiro.web.session.mgt.DefaultWebSessionManager");
main.put("sessionManager.globalSessionTimeout", timeout);
main.put("securityManager.sessionManager", "$sessionManager");
// DAO for cached sessions
main.put("sessionDAO", "org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO");
main.put("sessionDAO.activeSessionsCacheName", "com.adaptrex.cache.ActiveSession." + ssoName);
main.put("securityManager.sessionManager.sessionDAO", "$sessionDAO");
// cookie for single sign on
main.put("cookie", "org.apache.shiro.web.servlet.SimpleCookie");
main.put("cookie.name", "session." + ssoName);
main.put("cookie.path", "/");
main.put("securityManager.sessionManager.sessionIdCookie", "$cookie");
/*
* URLs ini section
*/
Section urls = ini.addSection("urls");
/*
* Add standard urls
* TODO: login should be customized based on the config for this webapp
*/
urls.put("/ax-login*", "anon");
urls.put("/ax-logout*", "anon");
urls.put("/login/**", "anon");
urls.put("/favicon.ico", "anon");
/*
* Add site specific url filters
* TODO: allow reading a configuration for each webapp instead of the server config
*/
Map<String,String> urlsConfig = (Map<String,String>) securityConfig.get("urls");
if (securityConfig.get("urls") != null) {
for (String key : urlsConfig.keySet()) {
urls.put(key, urlsConfig.get(key));
}
}
setIni(ini);
configure();