Make user session available via public API, finishes off SIDP-296
[java-idp.git] / src / main / webapp / WEB-INF / web.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
5     version="2.4">
6
7     <display-name>Shibboleth Identity Provider</display-name>
8
9     <!--
10         Spring 2.0 application context files.  Files are loaded in the order they appear with subsequent files 
11         overwriting same named beans in previous files.
12     -->
13     <context-param>
14         <param-name>contextConfigLocation</param-name>
15         <param-value>$IDP_HOME$/conf/internal.xml; $IDP_HOME$/conf/service.xml;</param-value>
16     </context-param>
17
18     <!-- Spring 2.0 listener used to load up the configuration -->
19     <listener>
20         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
21     </listener>
22
23     <!--  Add IdP Session object to incoming profile requests -->
24     <filter>
25         <filter-name>IdPSessionFilter</filter-name>
26         <filter-class>edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter</filter-class>
27     </filter>
28     
29     <filter-mapping>
30         <filter-name>IdPSessionFilter</filter-name>
31         <url-pattern>/*</url-pattern>
32     </filter-mapping>
33
34     <!-- Profile Request Dispatcher -->
35     <servlet>
36         <servlet-name>ProfileRequestDispatcher</servlet-name>
37         <servlet-class>edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet</servlet-class>
38         <load-on-startup>1</load-on-startup>
39     </servlet>
40
41     <servlet-mapping>
42         <servlet-name>ProfileRequestDispatcher</servlet-name>
43         <url-pattern>/profile/*</url-pattern>
44     </servlet-mapping> 
45
46     <!-- Authentication Engine Entry Point -->
47     <servlet>
48         <servlet-name>AuthenticationEngine</servlet-name>
49         <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine</servlet-class>
50         
51         <!-- Whether public credentials returned by a login handler are retained in the subject. -->
52         <!--
53         <init-param>
54             <param-name>retainSubjectsPublicCredentials</param-name>
55             <param-value>false</param-value>
56         </init-param>
57         -->
58         
59         <!-- Whether private credentials returned by a login handler are retained in the subject. -->
60         <!--
61         <init-param>
62             <param-name>retainSubjectsPrivateCredentials</param-name>
63             <param-value>false</param-value>
64         </init-param>
65         -->
66         
67         <load-on-startup>2</load-on-startup>
68         
69     </servlet>
70
71     <servlet-mapping>
72         <servlet-name>AuthenticationEngine</servlet-name>
73         <url-pattern>/AuthnEngine</url-pattern>
74     </servlet-mapping>
75
76     <!-- Servlet protected by container user for RemoteUser authentication -->
77     <servlet>
78         <servlet-name>RemoteUserAuthHandler</servlet-name>
79         <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet</servlet-class>
80         <load-on-startup>3</load-on-startup>
81     </servlet>
82
83     <servlet-mapping>
84         <servlet-name>RemoteUserAuthHandler</servlet-name>
85         <url-pattern>/Authn/RemoteUser</url-pattern>
86     </servlet-mapping>
87     
88     <!-- Servlet for doing Username/Password authentication -->
89     <servlet>
90         <servlet-name>UsernamePasswordAuthHandler</servlet-name>
91         <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet</servlet-class>
92         <load-on-startup>4</load-on-startup>
93     </servlet>
94
95     <servlet-mapping>
96         <servlet-name>UsernamePasswordAuthHandler</servlet-name>
97         <url-pattern>/Authn/UserPassword</url-pattern>
98     </servlet-mapping>
99     
100     <!-- Servlet for displaying IdP status. -->
101     <servlet>
102         <servlet-name>Status</servlet-name>
103         <servlet-class>edu.internet2.middleware.shibboleth.idp.StatusServlet</servlet-class>
104         <load-on-startup>2</load-on-startup>
105     </servlet>
106
107     <servlet-mapping>
108         <servlet-name>Status</servlet-name>
109         <url-pattern>/status</url-pattern>
110     </servlet-mapping>
111     
112         
113     <!-- Send request to the EntityID to the SAML metadata handler. -->
114     <servlet>
115         <servlet-name>shibboleth_jsp</servlet-name>
116         <jsp-file>/shibboleth.jsp</jsp-file>
117     </servlet>
118
119     <servlet-mapping>
120         <servlet-name>shibboleth_jsp</servlet-name>
121         <url-pattern>/shibboleth</url-pattern>
122     </servlet-mapping>
123     
124     <error-page>
125         <error-code>500</error-code>
126         <location>/error.jsp</location>
127     </error-page>
128     
129     <error-page>
130         <error-code>404</error-code>
131         <location>/error-404.jsp</location>
132     </error-page>
133
134 <!-- Uncomment to use container managed authentication -->
135 <!--
136     <security-constraint>
137         <display-name>Shibboleth IdP</display-name>
138         <web-resource-collection>
139             <web-resource-name>user authentication</web-resource-name>
140             <url-pattern>/Authn/RemoteUser</url-pattern>
141             <http-method>GET</http-method>
142             <http-method>POST</http-method>
143         </web-resource-collection>
144         <auth-constraint> 
145             <role-name>user</role-name> 
146         </auth-constraint>
147         <user-data-constraint>
148             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
149         </user-data-constraint>
150     </security-constraint>
151     
152     <security-role>
153       <role-name>user</role-name>
154     </security-role> 
155 -->
156
157 <!-- Uncomment if you want BASIC auth managed by the container -->
158 <!--
159     <login-config>
160       <auth-method>BASIC</auth-method>
161       <realm-name>IdP Password Authentication</realm-name>
162     </login-config>
163 -->
164
165 <!-- Uncomment if you want form-based auth managed by the container -->
166 <!--
167     <login-config>
168         <auth-method>FORM</auth-method>
169         <realm-name>IdP Password Authentication</realm-name>
170         <form-login-config>
171             <form-login-page>/login.jsp</form-login-page>
172             <form-error-page>/login-error.jsp</form-error-page>
173         </form-login-config>
174     </login-config>
175 -->
176
177 </web-app>