Add default security role so Tomcat stops bitching: SIDP-175
[java-idp.git] / src / main / webapp / WEB-INF / web.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
5     version="2.4">
6
7     <display-name>Shibboleth Identity Provider</display-name>
8
9     <!--
10         Spring 2.0 application context files.  Files are loaded in the order they appear with subsequent files 
11         overwriting same named beans in previous files.
12     -->
13     <context-param>
14         <param-name>contextConfigLocation</param-name>
15         <param-value>$IDP_HOME$/conf/internal.xml; $IDP_HOME$/conf/service.xml;</param-value>
16     </context-param>
17
18     <!-- Spring 2.0 listener used to load up the configuration -->
19     <listener>
20         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
21     </listener>
22     
23     <listener>
24         <listener-class>edu.internet2.middleware.shibboleth.idp.session.ContainerSessionListener</listener-class>
25     </listener>
26
27     <!--  Add IdP Session object to incoming profile requests -->
28     <filter>
29         <filter-name>IdPSessionFilter</filter-name>
30         <filter-class>edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter</filter-class>
31     </filter>
32     
33     <filter-mapping>
34         <filter-name>IdPSessionFilter</filter-name>
35         <url-pattern>/*</url-pattern>
36     </filter-mapping>
37
38     <!-- Profile Request Dispatcher -->
39     <servlet>
40         <servlet-name>ProfileRequestDispatcher</servlet-name>
41         <servlet-class>edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet</servlet-class>
42     </servlet>
43
44     <servlet-mapping>
45         <servlet-name>ProfileRequestDispatcher</servlet-name>
46         <url-pattern>/profile/*</url-pattern>
47     </servlet-mapping>
48
49     <!-- Authentication Engine Entry Point -->
50     <servlet>
51         <servlet-name>AuthenticationEngine</servlet-name>
52         <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine</servlet-class>
53     </servlet>
54
55     <servlet-mapping>
56         <servlet-name>AuthenticationEngine</servlet-name>
57         <url-pattern>/AuthnEngine</url-pattern>
58     </servlet-mapping>
59
60     <!-- Servlet protected by container user for RemoteUser authentication -->
61     <servlet>
62         <servlet-name>RemoteUserAuthHandler</servlet-name>
63         <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet</servlet-class>
64     </servlet>
65
66     <servlet-mapping>
67         <servlet-name>RemoteUserAuthHandler</servlet-name>
68         <url-pattern>/Authn/RemoteUser</url-pattern>
69     </servlet-mapping>
70     
71     <!-- Servlet for doing Username/Password authentication -->
72     <servlet>
73         <servlet-name>UsernamePasswordAuthHandler</servlet-name>
74         <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet</servlet-class>
75     </servlet>
76
77     <servlet-mapping>
78         <servlet-name>UsernamePasswordAuthHandler</servlet-name>
79         <url-pattern>/Authn/UserPassword</url-pattern>
80     </servlet-mapping>
81     
82     <error-page>
83         <error-code>500</error-code>
84         <location>/error.jsp</location>
85     </error-page>
86     
87     <error-page>
88         <error-code>404</error-code>
89         <location>/error-404.jsp</location>
90     </error-page>
91
92 <!-- Uncomment to use container managed authentication -->
93 <!--
94     <security-constraint>
95         <display-name>Shibboleth IdP</display-name>
96         <web-resource-collection>
97             <web-resource-name>user authentication</web-resource-name>
98             <url-pattern>/Authn/RemoteUser</url-pattern>
99             <http-method>GET</http-method>
100             <http-method>POST</http-method>
101         </web-resource-collection>
102         <auth-constraint> 
103             <role-name>users</role-name> 
104         </auth-constraint>
105         <user-data-constraint>
106             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
107         </user-data-constraint>
108     </security-constraint>
109     
110     <security-role>
111       <role-name>user</role-name>
112     </security-role> 
113 -->
114
115 <!-- Uncomment if you want BASIC auth managed by the container -->
116 <!--
117     <login-config>
118       <auth-method>BASIC</auth-method>
119       <realm-name>IdP Password Authentication</realm-name>
120     </login-config>
121 -->
122
123 <!-- Uncomment if you want form-based auth managed by the container -->
124 <!--
125     <login-config>
126         <auth-method>FORM</auth-method>
127         <realm-name>IdP Password Authentication</realm-name>
128         <form-login-config>
129             <form-login-page>/login.jsp</form-login-page>
130             <form-error-page>/login-error.jsp</form-error-page>
131         </form-login-config>
132     </login-config>
133 -->
134
135 </web-app>