Significantly decrease number of allowed entity expansion operations
[java-idp.git] / resources / conf / internal.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4     xmlns:util="http://www.springframework.org/schema/util"
5     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
6                            http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
7
8     <bean id="shibboleth.TaskTimer" class="java.util.Timer" destroy-method="cancel">
9         <constructor-arg value="true" type="boolean" />
10     </bean>
11     
12     <bean id="shibboleth.LogbackLogging" class="edu.internet2.middleware.shibboleth.common.log.LogbackLoggingService" depends-on="shibboleth.TaskTimer">
13         <constructor-arg ref="shibboleth.TaskTimer" />
14         <constructor-arg value="$IDP_HOME$/conf/logging.xml" />
15         <constructor-arg value="600000" />
16     </bean>
17     
18     <!-- Spring configuration file that boostraps OpenSAML -->
19     <bean id="shibboleth.OpensamlConfig" class="edu.internet2.middleware.shibboleth.common.config.OpensamlConfigBean" depends-on="shibboleth.LogbackLogging">
20         <constructor-arg>
21             <list>
22                 <bean id="shibMetadataExtensions" class="org.opensaml.util.resource.ClasspathResource">
23                     <constructor-arg value="/shibboleth-saml-ext-config.xml" />
24                 </bean>
25             </list>
26         </constructor-arg>
27     </bean>
28
29     <bean id="shibboleth.IdGenerator" class="org.opensaml.common.impl.SecureRandomIdentifierGenerator" depends-on="shibboleth.LogbackLogging">
30         <constructor-arg value="SHA1PRNG" />
31     </bean>
32
33     <bean id="shibboleth.VelocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean" depends-on="shibboleth.LogbackLogging">
34         <property name="velocityProperties">
35             <props>
36                 <prop key="resource.loader">classpath, string</prop>
37                 <prop key="classpath.resource.loader.class">
38                     org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
39                 </prop>
40                 <prop key="string.resource.loader.class">
41                     org.apache.velocity.runtime.resource.loader.StringResourceLoader
42                 </prop>
43             </props>
44         </property>
45     </bean>
46
47     <bean id="shibboleth.TemplateEngine"
48         class="edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine"
49         depends-on="shibboleth.LogbackLogging">
50         <constructor-arg ref="shibboleth.VelocityEngine" />
51     </bean>
52
53     <bean id="shibboleth.ParserPool" class="org.opensaml.xml.parse.BasicParserPool" depends-on="shibboleth.LogbackLogging">
54         <property name="maxPoolSize" value="50" />
55         <property name="createBuildersAtPoolLimit" value="true" />
56         <property name="coalescing" value="true" />
57         <property name="ignoreComments" value="true" />
58         <property name="ignoreElementContentWhitespace" value="true" />
59         <property name="namespaceAware" value="true" />
60         <property name="builderAttributes">
61             <map>
62                 <entry>
63                     <key>
64                         <value>http://apache.org/xml/properties/security-manager</value>
65                     </key>
66                     <bean id="shibboleth.XercesSecurityManager" class="org.apache.xerces.util.SecurityManager">
67                         <property name="entityExpansionLimit" value="1000" />
68                     </bean>
69                 </entry>
70             </map>
71         </property>
72         <property name="builderFeatures">
73             <map>
74                 <entry>
75                     <key>
76                         <value>http://xml.org/sax/features/external-general-entities</value>
77                     </key>
78                     <util:constant static-field="java.lang.Boolean.FALSE"/>
79                 </entry>
80                 <entry>
81                     <key>
82                         <value>http://xml.org/sax/features/external-parameter-entities</value>
83                     </key>
84                     <util:constant static-field="java.lang.Boolean.FALSE"/>
85                 </entry>
86             </map>
87         </property>
88     </bean>
89
90     <bean id="shibboleth.StorageService" class="org.opensaml.util.storage.MapBasedStorageService" depends-on="shibboleth.LogbackLogging" />
91
92     <bean id="shibboleth.StorageServiceSweeper" class="org.opensaml.util.storage.ExpiringObjectStorageServiceSweeper" depends-on="shibboleth.LogbackLogging">
93         <constructor-arg ref="shibboleth.TaskTimer" />
94         <constructor-arg ref="shibboleth.StorageService" />
95         <constructor-arg value="600000" type="long" />
96     </bean>
97
98     <bean id="shibboleth.SessionManager"
99           class="edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl"
100           depends-on="shibboleth.LogbackLogging">
101         <constructor-arg ref="shibboleth.StorageService" />
102         <constructor-arg value="1800000" type="long" />
103     </bean>
104
105     <bean id="shibboleth.ArtifactMap" class="org.opensaml.common.binding.artifact.BasicSAMLArtifactMap" depends-on="shibboleth.LogbackLogging">
106         <constructor-arg ref="shibboleth.ParserPool" />
107         <constructor-arg ref="shibboleth.StorageService" />
108         <constructor-arg type="long" value="300000" />
109     </bean>
110     
111     <bean id="shibboleth.ReplayCache" class="org.opensaml.util.storage.ReplayCache" depends-on="shibboleth.LogbackLogging">
112         <constructor-arg ref="shibboleth.StorageService" />
113         <constructor-arg type="long" value="300000" />
114     </bean>
115
116     <util:map id="shibboleth.MessageDecoders">
117         <entry>
118             <key>
119                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign</value>
120             </key>
121             <bean id="shibboleth.SAML2HttpPostSimpleSignDecoder" class="org.opensaml.saml2.binding.decoding.HTTPPostSimpleSignDecoder">
122                 <constructor-arg ref="shibboleth.ParserPool" />
123             </bean>
124         </entry>
125         <entry>
126             <key>
127                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</value>
128             </key>
129             <bean id="shibboleth.SAML2HttpPostDecoder" class="org.opensaml.saml2.binding.decoding.HTTPPostDecoder">
130                 <constructor-arg ref="shibboleth.ParserPool" />
131             </bean>
132         </entry>
133         <entry>
134             <key>
135                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</value>
136             </key>
137             <bean id="shibboleth.SAML2HttpRedirectDecoder"
138                 class="org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder">
139                 <constructor-arg ref="shibboleth.ParserPool" />
140             </bean>
141         </entry>
142         <entry>
143             <key>
144                 <value>urn:oasis:names:tc:SAML:2.0:bindings:SOAP</value>
145             </key>
146             <bean id="shibboleth.SAML2HttpSoap11Decoder"
147                 class="org.opensaml.saml2.binding.decoding.HTTPSOAP11Decoder">
148                 <constructor-arg ref="shibboleth.ParserPool" />
149             </bean>
150         </entry>
151         <entry>
152             <key>
153                 <value>urn:oasis:names:tc:SAML:1.0:profiles:browser-post</value>
154             </key>
155             <bean id="shibboleth.SAML1HttpPostDecoder" class="org.opensaml.saml1.binding.decoding.HTTPPostDecoder">
156                 <constructor-arg ref="shibboleth.ArtifactMap" />
157                 <constructor-arg ref="shibboleth.ParserPool" />
158             </bean>
159         </entry>
160         <entry>
161             <key>
162                 <value>urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding</value>
163             </key>
164             <bean id="shibboleth.SAML1HttpSoap11Decoder"
165                 class="org.opensaml.saml1.binding.decoding.HTTPSOAP11Decoder">
166                 <constructor-arg ref="shibboleth.ArtifactMap" />
167                 <constructor-arg ref="shibboleth.ParserPool" />
168             </bean>
169         </entry>
170         <entry>
171             <key>
172                 <value>urn:mace:shibboleth:1.0:profiles:AuthnRequest</value>
173             </key>
174             <bean id="shibboleth.ShibbolethSSODecoder"
175                 class="edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSODecoder">
176             </bean>
177         </entry>
178     </util:map>
179
180     <util:map id="shibboleth.MessageEncoders">
181         <entry>
182             <key>
183                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign</value>
184             </key>
185             <bean id="shibboleth.SAML2HttpPostSimpleSignEncoder" class="org.opensaml.saml2.binding.encoding.HTTPPostSimpleSignEncoder">
186                 <constructor-arg ref="shibboleth.VelocityEngine" />
187                 <constructor-arg value="/templates/saml2-post-simplesign-binding.vm" />
188             </bean>
189         </entry>
190         <entry>
191             <key>
192                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</value>
193             </key>
194             <bean id="shibboleth.SAML2HttpPostEncoder" class="org.opensaml.saml2.binding.encoding.HTTPPostEncoder">
195                 <constructor-arg ref="shibboleth.VelocityEngine" />
196                 <constructor-arg value="/templates/saml2-post-binding.vm" />
197             </bean>
198         </entry>
199         <entry>
200             <key>
201                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</value>
202             </key>
203             <bean id="shibboleth.SAML2HttpRedirectEncoder"
204                 class="org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder" />
205         </entry>
206         <entry>
207             <key>
208                 <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact</value>
209             </key>
210             <bean id="shibboleth.SAML2HTTPArtifactEncoder"
211                 class="org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder">
212                 <constructor-arg ref="shibboleth.ArtifactMap" />
213                 <constructor-arg ref="shibboleth.VelocityEngine" />
214                 <constructor-arg value="/templates/saml2-post-artifact-binding.vm" />
215             </bean>
216         </entry>
217         <entry>
218             <key>
219                 <value>urn:oasis:names:tc:SAML:2.0:bindings:SOAP</value>
220             </key>
221             <bean id="shibboleth.SAML2HttpSoap11Encoder" class="org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder" />
222         </entry>
223         <entry>
224             <key>
225                 <value>urn:oasis:names:tc:SAML:1.0:profiles:browser-post</value>
226             </key>
227             <bean id="shibboleth.SAML1HttpPostEncoder" class="org.opensaml.saml1.binding.encoding.HTTPPostEncoder">
228                 <constructor-arg ref="shibboleth.VelocityEngine" />
229                 <constructor-arg value="/templates/saml1-post-binding.vm" />
230             </bean>
231         </entry>
232         <entry>
233             <key>
234                 <value>urn:oasis:names:tc:SAML:1.0:profiles:artifact-01</value>
235             </key>
236             <bean id="shibboleth.SAML1HttpArtifactEncoder"
237                 class="org.opensaml.saml1.binding.encoding.HTTPArtifactEncoder">
238                 <constructor-arg ref="shibboleth.ArtifactMap" />
239             </bean>
240         </entry>
241         <entry>
242             <key>
243                 <value>urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding</value>
244             </key>
245             <bean id="shibboleth.SAML1HttpSoap11EncoderBuilder"
246                 class="org.opensaml.saml1.binding.encoding.HTTPSOAP11Encoder" />
247         </entry>
248     </util:map>
249
250     <bean id="shibboleth.SAML1AttributeAuthority"
251         class="edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML1AttributeAuthority" depends-on="shibboleth.LogbackLogging">
252         <constructor-arg ref="shibboleth.AttributeResolver" />
253         <property name="filteringEngine" ref="shibboleth.AttributeFilterEngine" />
254     </bean>
255
256     <bean id="shibboleth.SAML2AttributeAuthority"
257         class="edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority" depends-on="shibboleth.LogbackLogging">
258         <constructor-arg ref="shibboleth.AttributeResolver" />
259         <property name="filteringEngine" ref="shibboleth.AttributeFilterEngine" />
260     </bean>
261
262     <bean id="shibboleth.ServletAttributeExporter"
263         class="org.springframework.web.context.support.ServletContextAttributeExporter" depends-on="shibboleth.LogbackLogging">
264         <property name="attributes">
265             <map>
266                 <entry>
267                     <key>
268                         <value>handlerManager</value>
269                     </key>
270                     <ref bean="shibboleth.HandlerManager" />
271                 </entry>
272                 <entry>
273                     <key>
274                         <value>sessionManager</value>
275                     </key>
276                     <ref bean="shibboleth.SessionManager" />
277                 </entry>
278             </map>
279         </property>
280     </bean>
281
282 </beans>