added web ini for CAS

Author: jpcik

ui/ui.requestDefinition/src/main/resources/web-client.ini

@@ -0,0 +1,93 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# INI configuration is very powerful and flexible, while still remaining succinct.
+# Please http://shiro.apache.org/configuration.html and
+# http://shiro.apache.org/web.html for more.
+
+[main]
+
+casOauthClient=org.pac4j.oauth.client.CasOAuthWrapperClient
+casOauthClient.casOAuthUrl=https://localhost:8443/openiot-cas/oauth2.0
+casOauthClient.key=openiot-requestdefinition-app
+casOauthClient.secret=openiot-requestdefinition-app-secret
+
+# Sets the callbackUrl for each client in the list
+clients = org.pac4j.core.client.Clients
+clients.callbackUrl = http://localhost:8080/ui.requestDefinition/callback
+clients.clientsList = $casOauthClient
+
+clientsFilter = org.openiot.security.client.CasOAuthClientFilter
+clientsFilter.clients = $clients
+clientsFilter.failureUrl = /error.xhtml
+
+casOauthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
+casOauthRoles.client = $casOauthClient
+
+casOauthUsers = io.buji.pac4j.filter.ClientUserFilter
+casOauthUsers.client = $casOauthClient
+
+clientsRealm = org.openiot.security.client.CasOAuthClientRealm
+clientsRealm.permissionsURL = https://localhost:8443/openiot-cas/oauth2.0/permissions
+clientsRealm.defaultRoles = ROLE_USER
+clientsRealm.clients = $clients
+
+# Using a shiro native session manager instead of the Servlet container's sessions
+sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
+# 1,800,000 milliseconds = 30 seconds
+sessionManager.globalSessionTimeout=1800000
+securityManager.sessionManager = $sessionManager
+
+cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
+cacheManager.cacheManagerConfigFile=classpath:ehcache-sec-client.xml
+securityManager.cacheManager = $cacheManager
+
+authc.loginUrl = /login.xhtml
+
+#[users]
+# format: username = password, role1, role2, ..., roleN
+
+
+[roles]
+# format: roleName = permission1, permission2, ..., permissionN
+
+[urls]
+# The /login.jsp is not restricted to authenticated users (otherwise no one could log in!), but
+# the 'authc' filter must still be specified for it so it can process that url's
+# login submissions. It is 'smart' enough to allow those requests through as specified by the
+# shiro.loginUrl above.
+
+# NOTE: Order matters! The first match wins.
+
+/logout = logout
+/callback = clientsFilter
+/signup.xhtml = anon
+/index.* = authc
+/index = authc
+/home.* = authc
+/error.xhtml = anon
+#/roles.* = anon
+#/users.* = anon
+#/perms.* = anon
+/home = authc
+/javax.faces.*/** = anon
+/login.xhtml = anon
+/** = casOauthRoles[ROLE_USER]
+/?*/** = casOauthRoles[ROLE_USER]
+#/account/** = authc
+#/remoting/** = authc, roles[b2bClient], perms["remote:invoke:lan,wan"]