]> git.argeo.org Git - lgpl/argeo-commons.git/blob - server/modules/org.argeo.jackrabbit.webapp/WEB-INF/security-filters.xml
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Introduce JCR proxys
[lgpl/argeo-commons.git] / server / modules / org.argeo.jackrabbit.webapp / WEB-INF / security-filters.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2 <beans xmlns="http://www.springframework.org/schema/beans"
3 xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:aop="http://www.springframework.org/schema/aop"
5 xsi:schemaLocation="
6 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
7 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
8
9 <bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
10 <sec:filter-chain-map path-type="ant">
11 <sec:filter-chain pattern="/**"
12 filters="httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,anonymousProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor" />
13 </sec:filter-chain-map>
14 </bean>
15
16 <!-- The actual authorization checks (called last, but first here for ease
17 of configuration) -->
18 <bean id="filterInvocationInterceptor" parent="filterInvocationInterceptorTemplate">
19 <property name="objectDefinitionSource">
20 <value>
21 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
22 PATTERN_TYPE_APACHE_ANT
23 /public/**=IS_AUTHENTICATED_ANONYMOUSLY
24 /**=ROLE_USER
25 </value>
26 <!-- <value> -->
27 <!-- CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON -->
28 <!-- PATTERN_TYPE_APACHE_ANT -->
29 <!-- /config/**=ROLE_ADMINISTRATOR -->
30 <!-- /**=IS_AUTHENTICATED_ANONYMOUSLY -->
31 <!-- </value> -->
32 </property>
33 </bean>
34
35 <!-- Integrates the authentication information in the http sessions -->
36 <bean id="httpSessionContextIntegrationFilter"
37 class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
38 <property name="allowSessionCreation" value="true" />
39 </bean>
40
41 <!-- Processes logouts, removing both session informations and the remember-me
42 cookie from the browser -->
43 <bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
44 <constructor-arg value="/web/" />
45 <!-- URL redirected to after logout -->
46 <constructor-arg>
47 <list>
48 <ref bean="rememberMeServices" />
49 <bean
50 class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
51 </list>
52 </constructor-arg>
53 </bean>
54
55 <!-- Double check, this may not be necessary -->
56 <bean id="securityContextHolderAwareRequestFilter"
57 class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />
58
59 <!-- Use the remember me cookie to authenticate -->
60 <bean id="rememberMeProcessingFilter"
61 class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
62 <property name="authenticationManager" ref="authenticationManager" />
63 <property name="rememberMeServices" ref="rememberMeServices" />
64 </bean>
65
66 <bean id="rememberMeServices"
67 class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
68 <property name="userDetailsService" ref="userDetailsService" />
69 <property name="key" value="${argeo.security.systemKey}" />
70 </bean>
71
72 <!-- Basic authentication -->
73 <bean id="basicProcessingFilter"
74 class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
75 <property name="authenticationManager">
76 <ref bean="authenticationManager" />
77 </property>
78 <property name="authenticationEntryPoint">
79 <ref local="basicProcessingFilterEntryPoint" />
80 </property>
81 <property name="rememberMeServices" ref="rememberMeServices" />
82 </bean>
83
84 <!-- Activate basic auth when needed -->
85 <bean id="basicProcessingFilterEntryPoint"
86 class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
87 <property name="realmName">
88 <value>Argeo</value>
89 </property>
90 </bean>
91
92 <!-- If everything else failed, anonymous authentication -->
93 <bean id="anonymousProcessingFilter"
94 class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
95 <property name="key" value="${argeo.security.systemKey}" />
96 <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS" />
97 </bean>
98
99 <!-- Reacts to security related exceptions -->
100 <bean id="exceptionTranslationFilter"
101 class="org.springframework.security.ui.ExceptionTranslationFilter">
102 <property name="authenticationEntryPoint">
103 <ref bean="basicProcessingFilterEntryPoint" />
104 </property>
105 <property name="accessDeniedHandler">
106 <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
107 <property name="errorPage" value="/accessDenied.jsp" />
108 </bean>
109 </property>
110 </bean>
111
112 <!-- Template for authorization checks -->
113 <bean id="filterInvocationInterceptorTemplate" abstract="true"
114 class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
115 <property name="authenticationManager" ref="authenticationManager" />
116 <property name="accessDecisionManager">
117 <bean class="org.springframework.security.vote.AffirmativeBased">
118 <property name="allowIfAllAbstainDecisions" value="false" />
119 <property name="decisionVoters">
120 <list>
121 <bean class="org.springframework.security.vote.RoleVoter" />
122 <bean class="org.springframework.security.vote.AuthenticatedVoter" />
123 </list>
124 </property>
125 </bean>
126 </property>
127 </bean>
128 </beans>
Argeo Commons - Lightweight integration framework in pure Java/OSGi