modules/org.argeo.slc.server.repo.webapp/WEB-INF/security.xml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <beans xmlns="http://www.springframework.org/schema/beans"
   3         xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   4         xmlns:aop="http://www.springframework.org/schema/aop"
   5         xsi:schemaLocation="
   6        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
   7        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
   8
   9         <bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
  10                 <sec:filter-chain-map path-type="ant">
  11                         <sec:filter-chain pattern="/**"
  12                                 filters="httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,anonymousProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor" />
  13                 </sec:filter-chain-map>
  14         </bean>
  15
  16         <!-- The actual authorization checks (called last, but first here for ease
  17                 of configuration) -->
  18         <bean id="filterInvocationInterceptor" parent="filterInvocationInterceptorTemplate">
  19                 <property name="objectDefinitionSource">
  20                         <value>
  21                                 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
  22                                 PATTERN_TYPE_APACHE_ANT
  23                                 /public/**=IS_AUTHENTICATED_ANONYMOUSLY
  24                                 /**=ROLE_USER
  25                         </value>
  26                         <!-- <value> -->
  27                         <!-- CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON -->
  28                         <!-- PATTERN_TYPE_APACHE_ANT -->
  29                         <!-- /config/**=ROLE_ADMINISTRATOR -->
  30                         <!-- /**=IS_AUTHENTICATED_ANONYMOUSLY -->
  31                         <!-- </value> -->
  32                 </property>
  33         </bean>
  34
  35         <!-- Integrates the authentication information in the http sessions -->
  36         <bean id="httpSessionContextIntegrationFilter"
  37                 class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
  38                 <property name="allowSessionCreation" value="true" />
  39         </bean>
  40
  41         <!-- Processes logouts, removing both session informations and the remember-me
  42                 cookie from the browser -->
  43         <bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
  44                 <constructor-arg value="/web/" />
  45                 <!-- URL redirected to after logout -->
  46                 <constructor-arg>
  47                         <list>
  48                                 <bean
  49                                         class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
  50                         </list>
  51                 </constructor-arg>
  52         </bean>
  53
  54         <!-- Double check, this may not be necessary -->
  55         <bean id="securityContextHolderAwareRequestFilter"
  56                 class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />
  57
  58         <!-- Basic authentication -->
  59         <bean id="basicProcessingFilter"
  60                 class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
  61                 <property name="authenticationManager">
  62                         <ref bean="authenticationManager" />
  63                 </property>
  64                 <property name="authenticationEntryPoint">
  65                         <ref local="basicProcessingFilterEntryPoint" />
  66                 </property>
  67         </bean>
  68
  69         <!-- Activate basic auth when needed -->
  70         <bean id="basicProcessingFilterEntryPoint"
  71                 class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
  72                 <property name="realmName">
  73                         <value>Argeo Repository</value>
  74                 </property>
  75         </bean>
  76
  77         <!-- If everything else failed, anonymous authentication -->
  78         <bean id="anonymousProcessingFilter"
  79                 class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
  80                 <property name="key" value="${argeo.security.systemKey}" />
  81                 <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS" />
  82         </bean>
  83
  84         <!-- Reacts to security related exceptions -->
  85         <bean id="exceptionTranslationFilter"
  86                 class="org.springframework.security.ui.ExceptionTranslationFilter">
  87                 <property name="authenticationEntryPoint">
  88                         <ref bean="basicProcessingFilterEntryPoint" />
  89                 </property>
  90                 <property name="accessDeniedHandler">
  91                         <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
  92                                 <property name="errorPage" value="/accessDenied.jsp" />
  93                         </bean>
  94                 </property>
  95         </bean>
  96
  97         <!-- Template for authorization checks -->
  98         <bean id="filterInvocationInterceptorTemplate" abstract="true"
  99                 class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
 100                 <property name="authenticationManager" ref="authenticationManager" />
 101                 <property name="accessDecisionManager">
 102                         <bean class="org.springframework.security.vote.AffirmativeBased">
 103                                 <property name="allowIfAllAbstainDecisions" value="false" />
 104                                 <property name="decisionVoters">
 105                                         <list>
 106                                                 <bean class="org.springframework.security.vote.RoleVoter" />
 107                                                 <bean class="org.springframework.security.vote.AuthenticatedVoter" />
 108                                         </list>
 109                                 </property>
 110                         </bean>
 111                 </property>
 112         </bean>
 113 </beans>