]> git.argeo.org Git - lgpl/argeo-commons.git/blob - WEB-INF/security-filters.xml
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prepare next development cycle
[lgpl/argeo-commons.git] / WEB-INF / security-filters.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2 <beans xmlns="http://www.springframework.org/schema/beans"
3 xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:aop="http://www.springframework.org/schema/aop"
5 xsi:schemaLocation="
6 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
7 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
8
9 <bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
10 <sec:filter-chain-map path-type="ant">
11 <sec:filter-chain pattern="/**"
12 filters="httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,anonymousProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor" />
13 </sec:filter-chain-map>
14 </bean>
15
16 <!-- The actual authorization checks (called last, but first here for ease
17 of configuration) -->
18 <bean id="filterInvocationInterceptor" parent="filterInvocationInterceptorTemplate">
19 <property name="objectDefinitionSource">
20 <value>
21 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
22 PATTERN_TYPE_APACHE_ANT
23 /public/**=IS_AUTHENTICATED_ANONYMOUSLY
24 /*/*/*/**=ROLE_USER
25 /**=IS_AUTHENTICATED_ANONYMOUSLY
26 </value>
27 <!-- <value> -->
28 <!-- CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON -->
29 <!-- PATTERN_TYPE_APACHE_ANT -->
30 <!-- /config/**=ROLE_ADMINISTRATOR -->
31 <!-- /**=IS_AUTHENTICATED_ANONYMOUSLY -->
32 <!-- </value> -->
33 </property>
34 </bean>
35
36 <!-- Integrates the authentication information in the http sessions -->
37 <bean id="httpSessionContextIntegrationFilter"
38 class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
39 <property name="allowSessionCreation" value="true" />
40 </bean>
41
42 <!-- Processes logouts, removing both session informations and the remember-me
43 cookie from the browser -->
44 <bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
45 <constructor-arg value="/web/" />
46 <!-- URL redirected to after logout -->
47 <constructor-arg>
48 <list>
49 <ref bean="rememberMeServices" />
50 <bean
51 class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
52 </list>
53 </constructor-arg>
54 </bean>
55
56 <!-- Double check, this may not be necessary -->
57 <bean id="securityContextHolderAwareRequestFilter"
58 class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />
59
60 <!-- Use the remember me cookie to authenticate -->
61 <bean id="rememberMeProcessingFilter"
62 class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
63 <property name="authenticationManager" ref="authenticationManager" />
64 <property name="rememberMeServices" ref="rememberMeServices" />
65 </bean>
66
67 <bean id="rememberMeServices"
68 class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
69 <property name="userDetailsService" ref="userDetailsService" />
70 <property name="key" value="${argeo.security.systemKey}" />
71 </bean>
72
73 <!-- Basic authentication -->
74 <bean id="basicProcessingFilter"
75 class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
76 <property name="authenticationManager">
77 <ref bean="authenticationManager" />
78 </property>
79 <property name="authenticationEntryPoint">
80 <ref local="basicProcessingFilterEntryPoint" />
81 </property>
82 <property name="rememberMeServices" ref="rememberMeServices" />
83 </bean>
84
85 <!-- Activate basic auth when needed -->
86 <bean id="basicProcessingFilterEntryPoint"
87 class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
88 <property name="realmName">
89 <value>Argeo</value>
90 </property>
91 </bean>
92
93 <!-- If everything else failed, anonymous authentication -->
94 <bean id="anonymousProcessingFilter"
95 class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
96 <property name="key" value="${argeo.security.systemKey}" />
97 <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS" />
98 </bean>
99
100 <!-- Reacts to security related exceptions -->
101 <bean id="exceptionTranslationFilter"
102 class="org.springframework.security.ui.ExceptionTranslationFilter">
103 <property name="authenticationEntryPoint">
104 <ref bean="basicProcessingFilterEntryPoint" />
105 </property>
106 <property name="accessDeniedHandler">
107 <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
108 <property name="errorPage" value="/accessDenied.jsp" />
109 </bean>
110 </property>
111 </bean>
112
113 <!-- Template for authorization checks -->
114 <bean id="filterInvocationInterceptorTemplate" abstract="true"
115 class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
116 <property name="authenticationManager" ref="authenticationManager" />
117 <property name="accessDecisionManager">
118 <bean class="org.springframework.security.vote.AffirmativeBased">
119 <property name="allowIfAllAbstainDecisions" value="false" />
120 <property name="decisionVoters">
121 <list>
122 <bean class="org.springframework.security.vote.RoleVoter" />
123 <bean class="org.springframework.security.vote.AuthenticatedVoter" />
124 </list>
125 </property>
126 </bean>
127 </property>
128 </bean>
129 </beans>
Argeo Commons - Lightweight integration framework in pure Java/OSGi