...
コード ブロック | ||
---|---|---|
| ||
@@ -8,7 +8,7 @@ same named beans in previous files. --> <context-param> <param-name>contextConfigLocation</param-name> - <param-value>${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/config.xml</param-value> + <param-value>classpath*:/META-INF/net.shibboleth.idp/preconfig.xml,${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/config.xml,classpath*:/META-INF/net.shibboleth.idp/postconfig.xml</param-value> </context-param> <context-param> @@ -52,7 +52,7 @@ </filter> <!-- Manages logging MDC. --> <filter> - <filter-name>SL4JMDCServletFilter</filter-name> + <filter-name>SLF4JMDCServletFilter</filter-name> <filter-class>net.shibboleth.idp.log.SLF4JMDCServletFilter</filter-class> </filter> <filter-mapping> @@ -77,14 +77,10 @@ <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> - <filter-name>SL4JMDCServletFilter</filter-name> + <filter-name>SLF4JMDCServletFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> - <!-- HTTP headers to every response in order to prevent response caching --> - <!-- <filter> <filter-name>IdPNoCacheFilter</filter-name> <filter-class>edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter</filter-class> - </filter> <filter-mapping> <filter-name>IdPNoCacheFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> --> - <!-- Servlets and servlet mappings --> <servlet> <servlet-name>idp</servlet-name> @@ -136,6 +132,35 @@ <servlet-name>shibboleth_jsp</servlet-name> <url-pattern>/shibboleth</url-pattern> </servlet-mapping> + + <!-- Send servlet errors through the IdP's MVC error handling. --> + <error-page> + <exception-type>net.shibboleth.idp.authn.ExternalAuthenticationException</exception-type> + <location>/profile/RaiseError</location> + </error-page> + + <!-- Block commonly flagged methods by using an empty auth-constraint. --> + <security-constraint> + <web-resource-collection> + <web-resource-name>Non-API Content</web-resource-name> + <url-pattern>/*</url-pattern> + <http-method>PUT</http-method> + <http-method>PATCH</http-method> + <http-method>DELETE</http-method> + <http-method>OPTIONS</http-method> + <http-method>TRACE</http-method> + </web-resource-collection> + <auth-constraint/> + </security-constraint> + + <!-- Allow any HTTP methods to the API flows. --> + <security-constraint> + <web-resource-collection> + <web-resource-name>Administrative APIs</web-resource-name> + <url-pattern>/profile/admin/*</url-pattern> + </web-resource-collection> + <!-- no auth-constraint tag here --> + </security-constraint> <!-- Uncomment to use container managed authentication. The new servlet spec (3.1) @@ -150,7 +175,6 @@ <web-resource-name>user authentication</web-resource-name> <url-pattern>/Authn/RemoteUser</url-pattern> <url-pattern>/profile/SAML2/SOAP/ECP</url-pattern> - <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> |
3.1.2→3.2.1
コード ブロック | ||
---|---|---|
| ||
@@ -8,12 +8,12 @@
same named beans in previous files. -->
<context-param>
<param-name>contextConfigLocation</param-name>
- <param-value>${idp.home}/system/conf/global-system.xml</param-value>
+ <param-value>${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/config.xml</param-value>
</context-param>
<context-param>
<param-name>contextClass</param-name>
- <param-value>net.shibboleth.ext.spring.context.DeferPlaceholderFileSystemXmlWebApplicationContext</param-value>
+ <param-value>net.shibboleth.ext.spring.context.DelimiterAwareApplicationContext</param-value>
</context-param>
<context-param>
@@ -45,24 +45,6 @@
<filter-name>CookieBufferingFilter</filter-name>
<filter-class>net.shibboleth.utilities.java.support.net.CookieBufferingFilter</filter-class>
</filter>
- <!-- Automates the unpack and pack of the cookie-based storage model. -->
- <filter>
- <filter-name>ClientSessionStorageServiceFilter</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- <init-param>
- <param-name>targetBeanName</param-name>
- <param-value>shibboleth.ClientSessionStorageService</param-value>
- </init-param>
- </filter>
- <!-- Automates the unpack and pack of the cookie-based storage model. -->
- <filter>
- <filter-name>ClientPersistentStorageServiceFilter</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- <init-param>
- <param-name>targetBeanName</param-name>
- <param-value>shibboleth.ClientPersistentStorageService</param-value>
- </init-param>
- </filter>
<!-- Automates TLS-based propagation of HttpServletRequest/Response into beans. -->
<filter>
<filter-name>RequestResponseContextFilter</filter-name>
@@ -87,28 +69,6 @@
<url-pattern>/profile/cas/login</url-pattern>
</filter-mapping>
<filter-mapping>
- <filter-name>ClientSessionStorageServiceFilter</filter-name>
- <url-pattern>/profile/Logout</url-pattern>
- <url-pattern>/profile/Shibboleth/SSO</url-pattern>
- <url-pattern>/profile/SAML2/Unsolicited/SSO</url-pattern>
- <url-pattern>/profile/SAML2/Redirect/SSO</url-pattern>
- <url-pattern>/profile/SAML2/POST/SSO</url-pattern>
- <url-pattern>/profile/SAML2/POST-SimpleSign/SSO</url-pattern>
- <url-pattern>/profile/SAML2/Redirect/SLO</url-pattern>
- <url-pattern>/profile/SAML2/POST/SLO</url-pattern>
- <url-pattern>/profile/SAML2/POST-SimpleSign/SLO</url-pattern>
- <url-pattern>/profile/cas/login</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>ClientPersistentStorageServiceFilter</filter-name>
- <url-pattern>/profile/Shibboleth/SSO</url-pattern>
- <url-pattern>/profile/SAML2/Unsolicited/SSO</url-pattern>
- <url-pattern>/profile/SAML2/Redirect/SSO</url-pattern>
- <url-pattern>/profile/SAML2/POST/SSO</url-pattern>
- <url-pattern>/profile/SAML2/POST-SimpleSign/SSO</url-pattern>
- <url-pattern>/profile/cas/login</url-pattern>
- </filter-mapping>
- <filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
@@ -131,11 +91,11 @@
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
- <param-value>${idp.home}/system/conf/mvc-beans.xml ${idp.home}/system/conf/webflow-config.xml</param-value>
+ <param-value>${idp.home}/system/conf/mvc-beans.xml, ${idp.home}/system/conf/webflow-config.xml</param-value>
</init-param>
<init-param>
<param-name>contextClass</param-name>
- <param-value>net.shibboleth.ext.spring.context.DeferPlaceholderFileSystemXmlWebApplicationContext</param-value>
+ <param-value>net.shibboleth.ext.spring.context.DelimiterAwareApplicationContext</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet> |