]> git.argeo.org Git - lgpl/argeo-commons.git/blob - WEB-INF/security-filters.xml
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prepare next development cycle
[lgpl/argeo-commons.git] / WEB-INF / security-filters.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2 <beans xmlns="http://www.springframework.org/schema/beans"
3 xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:aop="http://www.springframework.org/schema/aop"
5 xsi:schemaLocation="
6 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
7 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
8
9 <bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
10 <sec:filter-chain-map path-type="ant">
11 <sec:filter-chain pattern="/webdav/**"
12 filters="session,x509,basic,rememberMe,exception,interceptor" />
13 <sec:filter-chain pattern="/remoting/**"
14 filters="x509,basic,anonymous,exception,interceptor" />
15 <sec:filter-chain pattern="/public/**"
16 filters="anonymous,exception,interceptorPublic" />
17 <sec:filter-chain pattern="/pub/**"
18 filters="anonymous,exception,interceptorPublic" />
19 <sec:filter-chain pattern="/j_spring_security_logout"
20 filters="logout,exception" />
21 </sec:filter-chain-map>
22 </bean>
23
24 <!-- The actual authorization checks (called last, but first here for ease
25 of configuration) -->
26 <bean id="interceptor" parent="filterInvocationInterceptorTemplate">
27 <property name="objectDefinitionSource">
28 <value>
29 PATTERN_TYPE_APACHE_ANT
30 /*/*/*/**=ROLE_USER,ROLE_ADMIN
31 </value>
32 </property>
33 </bean>
34 <bean id="interceptorPublic" parent="filterInvocationInterceptorTemplate">
35 <property name="objectDefinitionSource">
36 <value>
37 PATTERN_TYPE_APACHE_ANT
38 /**=IS_AUTHENTICATED_ANONYMOUSLY
39 </value>
40 </property>
41 </bean>
42
43 <bean id="x509"
44 class="org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter">
45 <property name="authenticationManager" ref="authenticationManager" />
46 <property name="principalExtractor">
47 <bean
48 class="org.springframework.security.ui.preauth.x509.SubjectDnX509PrincipalExtractor">
49 <property name="subjectDnRegex" value="CN=(.*?)," />
50 </bean>
51 </property>
52 </bean>
53
54 <!-- Integrates the authentication information in the http sessions -->
55 <bean id="session"
56 class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
57 <property name="allowSessionCreation" value="false" />
58 </bean>
59
60 <!-- Processes logouts, removing both session informations and the remember-me
61 cookie from the browser -->
62 <bean id="logout" class="org.springframework.security.ui.logout.LogoutFilter">
63 <constructor-arg value="/webdav/node/main" />
64 <!-- URL redirected to after logout -->
65 <constructor-arg>
66 <list>
67 <ref bean="rememberMeServices" />
68 <bean
69 class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
70 </list>
71 </constructor-arg>
72 </bean>
73
74 <!-- Use the remember me cookie to authenticate -->
75 <bean id="rememberMe"
76 class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
77 <property name="authenticationManager" ref="authenticationManager" />
78 <property name="rememberMeServices" ref="rememberMeServices" />
79 </bean>
80
81 <bean id="rememberMeServices"
82 class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
83 <property name="userDetailsService" ref="userDetailsService" />
84 <property name="key" value="${argeo.security.systemKey}" />
85 <property name="tokenValiditySeconds" value="${argeo.jcr.webapp.rememberMeValidity}" />
86 <property name="alwaysRemember" value="true" />
87 </bean>
88
89 <!-- Basic authentication -->
90 <bean id="basic"
91 class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
92 <property name="authenticationManager">
93 <ref bean="authenticationManager" />
94 </property>
95 <property name="authenticationEntryPoint">
96 <ref local="basicProcessingFilterEntryPoint" />
97 </property>
98 <property name="rememberMeServices" ref="rememberMeServices" />
99 </bean>
100
101 <!-- Activate basic auth when needed -->
102 <bean id="basicProcessingFilterEntryPoint"
103 class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
104 <property name="realmName">
105 <value>Argeo</value>
106 </property>
107 </bean>
108
109 <!-- If everything else failed, anonymous authentication -->
110 <bean id="anonymous"
111 class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
112 <property name="key" value="${argeo.security.systemKey}" />
113 <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS" />
114 </bean>
115
116 <!-- Reacts to security related exceptions -->
117 <bean id="exception"
118 class="org.springframework.security.ui.ExceptionTranslationFilter">
119 <property name="authenticationEntryPoint">
120 <ref bean="basicProcessingFilterEntryPoint" />
121 </property>
122 <property name="accessDeniedHandler">
123 <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
124 <property name="errorPage" value="/accessDenied.jsp" />
125 </bean>
126 </property>
127 </bean>
128
129 <!-- Template for authorization checks -->
130 <bean id="filterInvocationInterceptorTemplate" abstract="true"
131 class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
132 <property name="authenticationManager" ref="authenticationManager" />
133 <property name="accessDecisionManager">
134 <bean class="org.springframework.security.vote.AffirmativeBased">
135 <property name="allowIfAllAbstainDecisions" value="false" />
136 <property name="decisionVoters">
137 <list>
138 <bean class="org.springframework.security.vote.RoleVoter" />
139 <bean class="org.springframework.security.vote.AuthenticatedVoter" />
140 </list>
141 </property>
142 </bean>
143 </property>
144 </bean>
145 </beans>
Argeo Commons - Lightweight integration framework in pure Java/OSGi