1 <?xml version=
"1.0" encoding=
"UTF-8"?>
2 <beans xmlns=
"http://www.springframework.org/schema/beans"
3 xmlns:
sec=
"http://www.springframework.org/schema/security" xmlns:
xsi=
"http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:
aop=
"http://www.springframework.org/schema/aop"
6 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
7 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
9 <bean id=
"springSecurityFilterChain" class=
"org.springframework.security.util.FilterChainProxy">
10 <sec:filter-chain-map path-type=
"ant">
11 <sec:filter-chain pattern=
"/webdav/**"
12 filters=
"session,x509,basic,exception,interceptor" />
13 <!-- For some reason the first level listing workspaces must be public -->
14 <sec:filter-chain pattern=
"/remoting/*/"
15 filters=
"anonymous,exception,interceptorPublic" />
16 <sec:filter-chain pattern=
"/remoting/*/**"
17 filters=
"session,x509,basic,exception,interceptor" />
18 <sec:filter-chain pattern=
"/public/**"
19 filters=
"anonymous,exception,interceptorPublic" />
20 <sec:filter-chain pattern=
"/pub/**"
21 filters=
"anonymous,exception,interceptorPublic" />
22 <sec:filter-chain pattern=
"/j_spring_security_logout"
23 filters=
"logout,exception" />
24 </sec:filter-chain-map>
25 <property name=
"matcher">
26 <bean class=
"org.springframework.security.util.AntUrlPathMatcher">
27 <!-- Do not convert to lower case -->
28 <constructor-arg value=
"false" />
33 <!-- The actual authorization checks (called last, but first here for ease
35 <bean id=
"interceptor" parent=
"filterInvocationInterceptorTemplate">
36 <property name=
"objectDefinitionSource">
38 PATTERN_TYPE_APACHE_ANT
39 /**=ROLE_USER,ROLE_ADMIN
43 <bean id=
"interceptorPublic" parent=
"filterInvocationInterceptorTemplate">
44 <property name=
"objectDefinitionSource">
46 PATTERN_TYPE_APACHE_ANT
47 /**=IS_AUTHENTICATED_ANONYMOUSLY
53 class=
"org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter">
54 <property name=
"authenticationManager" ref=
"authenticationManager" />
55 <property name=
"principalExtractor">
57 class=
"org.springframework.security.ui.preauth.x509.SubjectDnX509PrincipalExtractor">
58 <property name=
"subjectDnRegex" value=
"CN=(.*?)," />
63 <!-- Integrates the authentication information in the http sessions -->
65 class=
"org.springframework.security.context.HttpSessionContextIntegrationFilter">
66 <property name=
"allowSessionCreation" value=
"true" />
69 <!-- Processes logouts, removing both session informations and the remember-me
70 cookie from the browser -->
71 <bean id=
"logout" class=
"org.springframework.security.ui.logout.LogoutFilter">
72 <constructor-arg value=
"/webdav/node/main" />
73 <!-- URL redirected to after logout -->
76 <!-- <ref bean="rememberMeServices" /> -->
78 class=
"org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
83 <!-- Use the remember me cookie to authenticate <bean id="rememberMe" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
84 <property name="authenticationManager" ref="authenticationManager" /> <property
85 name="rememberMeServices" ref="rememberMeServices" /> </bean> <bean id="rememberMeServices"
86 class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
87 <property name="userDetailsService" ref="userDetailsService" /> <property
88 name="key" value="${argeo.security.systemKey}" /> <property name="tokenValiditySeconds"
89 value="${argeo.jcr.webapp.rememberMeValidity}" /> <property name="alwaysRemember"
90 value="true" /> </bean> -->
92 <!-- Basic authentication -->
94 class=
"org.springframework.security.ui.basicauth.BasicProcessingFilter">
95 <property name=
"authenticationManager">
96 <ref bean=
"authenticationManager" />
98 <property name=
"authenticationEntryPoint">
99 <ref local=
"basicProcessingFilterEntryPoint" />
101 <!-- <property name="rememberMeServices" ref="rememberMeServices" /> -->
104 <!-- Activate basic auth when needed -->
105 <bean id=
"basicProcessingFilterEntryPoint"
106 class=
"org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
107 <property name=
"realmName">
108 <value>${argeo.server.realmName}
</value>
112 <!-- If everything else failed, anonymous authentication -->
114 class=
"org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
115 <property name=
"key" value=
"${argeo.security.systemKey}" />
116 <property name=
"userAttribute" value=
"anonymous,ROLE_ANONYMOUS" />
119 <!-- Reacts to security related exceptions -->
121 class=
"org.springframework.security.ui.ExceptionTranslationFilter">
122 <property name=
"authenticationEntryPoint">
123 <ref bean=
"basicProcessingFilterEntryPoint" />
125 <property name=
"accessDeniedHandler">
126 <bean class=
"org.springframework.security.ui.AccessDeniedHandlerImpl">
127 <property name=
"errorPage" value=
"/accessDenied.jsp" />
132 <!-- Template for authorization checks -->
133 <bean id=
"filterInvocationInterceptorTemplate" abstract=
"true"
134 class=
"org.springframework.security.intercept.web.FilterSecurityInterceptor">
135 <property name=
"authenticationManager" ref=
"authenticationManager" />
136 <property name=
"accessDecisionManager">
137 <bean class=
"org.springframework.security.vote.AffirmativeBased">
138 <property name=
"allowIfAllAbstainDecisions" value=
"false" />
139 <property name=
"decisionVoters">
141 <bean class=
"org.springframework.security.vote.RoleVoter" />
142 <bean class=
"org.springframework.security.vote.AuthenticatedVoter" />