-
Notifications
You must be signed in to change notification settings - Fork 56
/
Copy pathshiro.ini
87 lines (72 loc) · 3.15 KB
/
shiro.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
[main]
############################################################################
# CONFIG:
############################################################################
roleAdminAuthGenerator = org.pac4j.demo.shiro.RoleAdminAuthGenerator
casConfig = org.pac4j.cas.config.CasConfiguration
casConfig.loginUrl = https://casserverpac4j.herokuapp.com/login
casClient = org.pac4j.cas.client.CasClient
casClient.configuration = $casConfig
oidcConfig = org.pac4j.oidc.config.OidcConfiguration
oidcConfig.clientId = 167480702619-8e1lo80dnu8bpk3k0lvvj27noin97vu9.apps.googleusercontent.com
oidcConfig.secret = MhMme_Ik6IH2JMnAT6MFIfee
oidcConfig.useNonce = true
googleOidClient = org.pac4j.oidc.client.GoogleOidcClient
googleOidClient.configuration = $oidcConfig
googleOidClient.authorizationGenerator = $roleAdminAuthGenerator
saml2Config = org.pac4j.saml.config.SAML2Configuration
saml2Config.keystorePath = resource:samlKeystore.jks
saml2Config.keystorePassword = pac4j-demo-passwd
saml2Config.privateKeyPassword = pac4j-demo-passwd
saml2Config.identityProviderMetadataPath = resource:metadata-okta.xml
saml2Config.maximumAuthenticationLifetime = 3600
saml2Config.serviceProviderEntityId = http://localhost:8080/callback?client_name=SAML2Client
saml2Config.serviceProviderMetadataPath = sp-metadata.xml
saml2Client = org.pac4j.saml.client.SAML2Client
saml2Client.configuration = $saml2Config
simpleAuthenticator = org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator
directBasicAuthClient = org.pac4j.http.client.direct.DirectBasicAuthClient
directBasicAuthClient.authenticator = $simpleAuthenticator
clients.callbackUrl = http://localhost:8080/callback
clients.clients = $casClient,$googleOidClient,$saml2Client,$directBasicAuthClient
############################################################################
# REALM & FILTERS:
############################################################################
casSecurityFilter = org.pac4j.jee.filter.SecurityFilter
casSecurityFilter.config = $config
casSecurityFilter.clients = CasClient
saml2SecurityFilter = org.pac4j.jee.filter.SecurityFilter
saml2SecurityFilter.config = $config
saml2SecurityFilter.clients = SAML2Client
oidcSecurityFilter = org.pac4j.jee.filter.SecurityFilter
oidcSecurityFilter.config = $config
oidcSecurityFilter.clients = GoogleOidcClient
dbaSecurityFilter = org.pac4j.jee.filter.SecurityFilter
dbaSecurityFilter.config = $config
dbaSecurityFilter.clients = DirectBasicAuthClient
protectedSecurityFilter = org.pac4j.jee.filter.SecurityFilter
protectedSecurityFilter.config = $config
callbackFilter = org.pac4j.jee.filter.CallbackFilter
callbackFilter.config = $config
pac4jLogout = org.pac4j.jee.filter.LogoutFilter
pac4jLogout.config = $config
authc.loginUrl = /login.jsp
[users]
user = user, ROLE_USER
admin = admin, ROLE_ADMIN
[roles]
ROLE_USER = *
ROLE_ADMIN = *
[urls]
/login.jsp = authc
/login/** = authc
/admin/** = authc,roles[ROLE_ADMIN]
/cas/** = casSecurityFilter
/saml2/** = saml2SecurityFilter
/oidc/** = oidcSecurityFilter
/protected/** = protectedSecurityFilter
/dba/** = noSessionCreation,dbaSecurityFilter
/callback = callbackFilter
/logout = logout
/pac4jLogout = pac4jLogout
/** = anon