]> git.argeo.org Git - lgpl/argeo-commons.git/blob - security-filters.xml
projects / lgpl / argeo-commons.git / blob


52238a7de8600c38aae33781d6066d4bbb1217dd
[lgpl/argeo-commons.git] / security-filters.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2 <beans xmlns="http://www.springframework.org/schema/beans"
3 xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:aop="http://www.springframework.org/schema/aop"
5 xsi:schemaLocation="
6 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
7 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
8
9 <bean id="filterChain.davex" parent="filterChain.template">
10 <sec:filter-chain-map path-type="ant">
11 <sec:filter-chain pattern="/*/*/*/**"
12 filters="session,x509,basic,exception,interceptor" />
13 <!-- For some reason the first level listing workspaces must be public -->
14 <sec:filter-chain pattern="/*/*/"
15 filters="anonymous,exception,interceptorPublic" />
16 </sec:filter-chain-map>
17 </bean>
18
19 <bean id="filterChain.private" parent="filterChain.template">
20 <sec:filter-chain-map path-type="ant">
21 <sec:filter-chain pattern="/**"
22 filters="session,x509,basic,exception,interceptor" />
23 </sec:filter-chain-map>
24 </bean>
25
26 <bean id="filterChain.public" parent="filterChain.template">
27 <sec:filter-chain-map path-type="ant">
28 <sec:filter-chain pattern="/**"
29 filters="anonymous,exception,interceptorPublic" />
30 </sec:filter-chain-map>
31 </bean>
32
33 <bean id="filterChain.template" abstract="true"
34 class="org.springframework.security.util.FilterChainProxy">
35 <property name="matcher">
36 <bean class="org.springframework.security.util.AntUrlPathMatcher">
37 <!-- Do not convert to lower case -->
38 <constructor-arg value="false" />
39 </bean>
40 </property>
41 </bean>
42
43 <!-- The actual authorization checks (called last, but first here for ease
44 of configuration) -->
45 <bean id="interceptor" parent="filterInvocationInterceptorTemplate">
46 <property name="objectDefinitionSource">
47 <value>
48 PATTERN_TYPE_APACHE_ANT
49 /**=ROLE_USER,ROLE_ADMIN
50 </value>
51 </property>
52 </bean>
53 <bean id="interceptorPublic" parent="filterInvocationInterceptorTemplate">
54 <property name="objectDefinitionSource">
55 <value>
56 PATTERN_TYPE_APACHE_ANT
57 /**=IS_AUTHENTICATED_ANONYMOUSLY
58 </value>
59 </property>
60 </bean>
61
62 <bean id="x509"
63 class="org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter">
64 <property name="authenticationManager" ref="authenticationManager" />
65 <property name="principalExtractor">
66 <bean
67 class="org.springframework.security.ui.preauth.x509.SubjectDnX509PrincipalExtractor">
68 <property name="subjectDnRegex" value="CN=(.*?)," />
69 </bean>
70 </property>
71 </bean>
72
73 <!-- Integrates the authentication information in the http sessions -->
74 <bean id="session"
75 class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
76 <property name="allowSessionCreation" value="true" />
77 </bean>
78
79 <!-- Processes logouts, removing both session informations and the remember-me
80 cookie from the browser -->
81 <!-- <bean id="logout" class="org.springframework.security.ui.logout.LogoutFilter"> -->
82 <!-- <constructor-arg value="/webdav/node/main" /> -->
83 <!-- <constructor-arg> -->
84 <!-- <list> -->
85 <!-- <bean -->
86 <!-- class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"
87 /> -->
88 <!-- </list> -->
89 <!-- </constructor-arg> -->
90 <!-- </bean> -->
91
92 <!-- Basic authentication -->
93 <bean id="basic"
94 class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
95 <property name="authenticationManager">
96 <ref bean="authenticationManager" />
97 </property>
98 <property name="authenticationEntryPoint">
99 <ref local="basicProcessingFilterEntryPoint" />
100 </property>
101 </bean>
102
103 <!-- Activate basic auth when needed -->
104 <bean id="basicProcessingFilterEntryPoint"
105 class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
106 <property name="realmName">
107 <value>${argeo.server.realmName}</value>
108 </property>
109 </bean>
110
111 <!-- If everything else failed, anonymous authentication -->
112 <bean id="anonymous"
113 class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
114 <property name="key" value="${argeo.security.systemKey}" />
115 <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS" />
116 </bean>
117
118 <!-- Reacts to security related exceptions -->
119 <bean id="exception"
120 class="org.springframework.security.ui.ExceptionTranslationFilter">
121 <property name="authenticationEntryPoint">
122 <ref bean="basicProcessingFilterEntryPoint" />
123 </property>
124 <property name="accessDeniedHandler">
125 <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
126 <!-- <property name="errorPage" value="/accessDenied.jsp" /> -->
127 </bean>
128 </property>
129 </bean>
130
131 <!-- Template for authorization checks -->
132 <bean id="filterInvocationInterceptorTemplate" abstract="true"
133 class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
134 <property name="authenticationManager" ref="authenticationManager" />
135 <property name="accessDecisionManager">
136 <bean class="org.springframework.security.vote.AffirmativeBased">
137 <property name="allowIfAllAbstainDecisions" value="false" />
138 <property name="decisionVoters">
139 <list>
140 <bean class="org.springframework.security.vote.RoleVoter" />
141 <bean class="org.springframework.security.vote.AuthenticatedVoter" />
142 </list>
143 </property>
144 </bean>
145 </property>
146 </bean>
147 </beans>
Argeo Commons - Lightweight integration framework in pure Java/OSGi