Add xerces security manager to pool parsers - fixed SIDP-74
[java-idp.git] / resources / conf / internal.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4     xmlns:util="http://www.springframework.org/schema/util"
5     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
6                            http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
7
8     <bean id="shibboleth.TaskTimer" class="java.util.Timer" destroy-method="cancel">
9         <constructor-arg value="true" type="boolean" />
10     </bean>
11     
12     <bean id="shibboleth.LogbackLogging" class="edu.internet2.middleware.shibboleth.common.log.LogbackLoggingService" depends-on="shibboleth.TaskTimer">
13         <constructor-arg ref="shibboleth.TaskTimer" />
14         <constructor-arg value="$IDP_HOME$/conf/logging.xml" />
15         <constructor-arg value="600000" />
16     </bean>
17     
18     <!-- Spring configuration file that boostraps OpenSAML -->
19     <bean id="shibboleth.OpensamlConfig" class="edu.internet2.middleware.shibboleth.common.config.OpensamlConfigBean" depends-on="shibboleth.LogbackLogging">
20         <constructor-arg>
21             <list>
22                 <bean id="shibMetadataExtensions" class="org.opensaml.util.resource.ClasspathResource">
23                     <constructor-arg value="/shibboleth-saml-ext-config.xml" />
24                 </bean>
25             </list>
26         </constructor-arg>
27     </bean>
28
29     <bean id="shibboleth.IdGenerator" class="org.opensaml.common.impl.SecureRandomIdentifierGenerator" depends-on="shibboleth.LogbackLogging">
30         <constructor-arg value="SHA1PRNG" />
31     </bean>
32
33     <bean id="shibboleth.VelocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean" depends-on="shibboleth.LogbackLogging">
34         <property name="velocityProperties">
35             <props>
36                 <prop key="resource.loader">classpath, string</prop>
37                 <prop key="classpath.resource.loader.class">
38                     org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
39                 </prop>
40                 <prop key="string.resource.loader.class">
41                     org.apache.velocity.runtime.resource.loader.StringResourceLoader
42                 </prop>
43             </props>
44         </property>
45     </bean>
46
47     <bean id="shibboleth.TemplateEngine"
48         class="edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine"
49         depends-on="shibboleth.LogbackLogging">
50         <constructor-arg ref="shibboleth.VelocityEngine" />
51     </bean>
52
53     <bean id="shibboleth.ParserPool" class="org.opensaml.xml.parse.BasicParserPool" depends-on="shibboleth.LogbackLogging">
54         <property name="maxPoolSize" value="50" />
55         <property name="createBuildersAtPoolLimit" value="true" />
56         <property name="coalescing" value="true" />
57         <property name="ignoreComments" value="true" />
58         <property name="ignoreElementContentWhitespace" value="true" />
59         <property name="namespaceAware" value="true" />
60         <property name="builderAttributes">
61             <util:map>
62                 <entry>
63                     <key>
64                         <value>http://apache.org/xml/properties/security-manager</value>
65                     </key>
66                     <bean id="shibboleth.XercesSecurityManager" class="org.apache.xerces.util.SecurityManager" />
67                 </entry>
68             </util:map>
69         </property>
70     </bean>
71
72     <bean id="shibboleth.StorageService" class="org.opensaml.util.storage.MapBasedStorageService" depends-on="shibboleth.LogbackLogging" />
73
74     <bean id="shibboleth.StorageServiceSweeper" class="org.opensaml.util.storage.ExpiringObjectStorageServiceSweeper" depends-on="shibboleth.LogbackLogging">
75         <constructor-arg ref="shibboleth.TaskTimer" />
76         <constructor-arg ref="shibboleth.StorageService" />
77         <constructor-arg value="600000" type="long" />
78     </bean>
79
80     <bean id="shibboleth.SessionManager"
81           class="edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl"
82           depends-on="shibboleth.LogbackLogging">
83         <constructor-arg ref="shibboleth.StorageService" />
84         <constructor-arg value="1800000" type="long" />
85     </bean>
86
87     <bean id="shibboleth.ArtifactMap" class="org.opensaml.common.binding.artifact.BasicSAMLArtifactMap" depends-on="shibboleth.LogbackLogging">
88         <constructor-arg ref="shibboleth.StorageService" />
89         <constructor-arg type="long" value="300000" />
90     </bean>
91     
92     <bean id="shibboleth.ReplayCache" class="org.opensaml.util.storage.ReplayCache" depends-on="shibboleth.LogbackLogging">
93         <constructor-arg ref="shibboleth.StorageService" />
94         <constructor-arg type="long" value="300000" />
95     </bean>
96
97     <util:map id="shibboleth.MessageDecoders">
98         <entry>
99             <key>
100                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign</value>
101             </key>
102             <bean id="shibboleth.SAML2HttpPostSimpleSignDecoder" class="org.opensaml.saml2.binding.decoding.HTTPPostSimpleSignDecoder">
103                 <constructor-arg ref="shibboleth.ParserPool" />
104             </bean>
105         </entry>
106         <entry>
107             <key>
108                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</value>
109             </key>
110             <bean id="shibboleth.SAML2HttpPostDecoder" class="org.opensaml.saml2.binding.decoding.HTTPPostDecoder">
111                 <constructor-arg ref="shibboleth.ParserPool" />
112             </bean>
113         </entry>
114         <entry>
115             <key>
116                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</value>
117             </key>
118             <bean id="shibboleth.SAML2HttpRedirectDecoder"
119                 class="org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder">
120                 <constructor-arg ref="shibboleth.ParserPool" />
121             </bean>
122         </entry>
123         <entry>
124             <key>
125                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact</value>
126             </key>
127             <bean id="shibboleth.SAML2HTTPArtifactDecoder"
128                 class="org.opensaml.saml2.binding.decoding.HTTPArtifactDecoder">
129                 <constructor-arg ref="shibboleth.ParserPool" />
130             </bean>
131         </entry>
132         <entry>
133             <key>
134                 <value>urn:oasis:names:tc:SAML:2.0:bindings:SOAP</value>
135             </key>
136             <bean id="shibboleth.SAML2HttpSoap11Decoder"
137                 class="org.opensaml.saml2.binding.decoding.HTTPSOAP11Decoder">
138                 <constructor-arg ref="shibboleth.ParserPool" />
139             </bean>
140         </entry>
141         <entry>
142             <key>
143                 <value>urn:oasis:names:tc:SAML:1.0:profiles:browser-post</value>
144             </key>
145             <bean id="shibboleth.SAML1HttpPostDecoder" class="org.opensaml.saml1.binding.decoding.HTTPPostDecoder">
146                 <constructor-arg ref="shibboleth.ArtifactMap" />
147                 <constructor-arg ref="shibboleth.ParserPool" />
148             </bean>
149         </entry>
150         <entry>
151             <key>
152                 <value>urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding</value>
153             </key>
154             <bean id="shibboleth.SAML1HttpSoap11Decoder"
155                 class="org.opensaml.saml1.binding.decoding.HTTPSOAP11Decoder">
156                 <constructor-arg ref="shibboleth.ArtifactMap" />
157                 <constructor-arg ref="shibboleth.ParserPool" />
158             </bean>
159         </entry>
160         <entry>
161             <key>
162                 <value>urn:mace:shibboleth:1.0:profiles:AuthnRequest</value>
163             </key>
164             <bean id="shibboleth.ShibbolethSSODecoder"
165                 class="edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSODecoder">
166             </bean>
167         </entry>
168     </util:map>
169
170     <util:map id="shibboleth.MessageEncoders">
171         <entry>
172             <key>
173                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign</value>
174             </key>
175             <bean id="shibboleth.SAML2HttpPostSimpleSignEncoder" class="org.opensaml.saml2.binding.encoding.HTTPPostSimpleSignEncoder">
176                 <constructor-arg ref="shibboleth.VelocityEngine" />
177                 <constructor-arg value="/templates/saml2-post-simplesign-binding.vm" />
178             </bean>
179         </entry>
180         <entry>
181             <key>
182                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</value>
183             </key>
184             <bean id="shibboleth.SAML2HttpPostEncoder" class="org.opensaml.saml2.binding.encoding.HTTPPostEncoder">
185                 <constructor-arg ref="shibboleth.VelocityEngine" />
186                 <constructor-arg value="/templates/saml2-post-binding.vm" />
187             </bean>
188         </entry>
189         <entry>
190             <key>
191                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</value>
192             </key>
193             <bean id="shibboleth.SAML2HttpRedirectEncoder"
194                 class="org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder" />
195         </entry>
196         <entry>
197             <key>
198                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact</value>
199             </key>
200             <bean id="shibboleth.SAML2HTTPArtifactEncoder"
201                 class="org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder">
202                 <constructor-arg ref="shibboleth.ArtifactMap" />
203                 <constructor-arg ref="shibboleth.VelocityEngine" />
204                 <constructor-arg value="/templates/saml2-post-artifact-binding.vm" />
205             </bean>
206         </entry>
207         <entry>
208             <key>
209                 <value>urn:oasis:names:tc:SAML:2.0:bindings:SOAP</value>
210             </key>
211             <bean id="shibboleth.SAML2HttpSoap11Encoder" class="org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder" />
212         </entry>
213         <entry>
214             <key>
215                 <value>urn:oasis:names:tc:SAML:1.0:profiles:browser-post</value>
216             </key>
217             <bean id="shibboleth.SAML1HttpPostEncoder" class="org.opensaml.saml1.binding.encoding.HTTPPostEncoder">
218                 <constructor-arg ref="shibboleth.VelocityEngine" />
219                 <constructor-arg value="/templates/saml1-post-binding.vm" />
220             </bean>
221         </entry>
222         <entry>
223             <key>
224                 <value>urn:oasis:names:tc:SAML:1.0:profiles:artifact-01</value>
225             </key>
226             <bean id="shibboleth.SAML1HttpArtifactEncoder"
227                 class="org.opensaml.saml1.binding.encoding.HTTPArtifactEncoder">
228                 <constructor-arg ref="shibboleth.ArtifactMap" />
229             </bean>
230         </entry>
231         <entry>
232             <key>
233                 <value>urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding</value>
234             </key>
235             <bean id="shibboleth.SAML1HttpSoap11EncoderBuilder"
236                 class="org.opensaml.saml1.binding.encoding.HTTPSOAP11Encoder" />
237         </entry>
238     </util:map>
239
240     <bean id="shibboleth.SAML1AttributeAuthority"
241         class="edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML1AttributeAuthority" depends-on="shibboleth.LogbackLogging">
242         <constructor-arg ref="shibboleth.AttributeResolver" />
243         <property name="filteringEngine" ref="shibboleth.AttributeFilterEngine" />
244     </bean>
245
246     <bean id="shibboleth.SAML2AttributeAuthority"
247         class="edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority" depends-on="shibboleth.LogbackLogging">
248         <constructor-arg ref="shibboleth.AttributeResolver" />
249         <property name="filteringEngine" ref="shibboleth.AttributeFilterEngine" />
250     </bean>
251
252     <bean id="shibboleth.ServletAttributeExporter"
253         class="org.springframework.web.context.support.ServletContextAttributeExporter" depends-on="shibboleth.LogbackLogging">
254         <property name="attributes">
255             <map>
256                 <entry>
257                     <key>
258                         <value>handlerManager</value>
259                     </key>
260                     <ref bean="shibboleth.HandlerManager" />
261                 </entry>
262                 <entry>
263                     <key>
264                         <value>sessionManager</value>
265                     </key>
266                     <ref bean="shibboleth.SessionManager" />
267                 </entry>
268             </map>
269         </property>
270     </bean>
271
272 </beans>