]> git.argeo.org Git - lgpl/argeo-commons.git/blob - server/modules/org.argeo.jackrabbit.webapp/WEB-INF/security-filters.xml
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Change RAP URL
[lgpl/argeo-commons.git] / server / modules / org.argeo.jackrabbit.webapp / WEB-INF / security-filters.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2 <beans xmlns="http://www.springframework.org/schema/beans"
3 xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:aop="http://www.springframework.org/schema/aop"
5 xsi:schemaLocation="
6 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
7 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
8
9 <bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
10 <sec:filter-chain-map path-type="ant">
11 <sec:filter-chain pattern="/webdav/**"
12 filters="session,x509,basic,exception,interceptor" />
13 <!-- For some reason the first level listing workspaces must be public -->
14 <sec:filter-chain pattern="/remoting/*/"
15 filters="anonymous,exception,interceptorPublic" />
16 <sec:filter-chain pattern="/remoting/*/**"
17 filters="session,x509,basic,exception,interceptor" />
18 <sec:filter-chain pattern="/public/**"
19 filters="anonymous,exception,interceptorPublic" />
20 <sec:filter-chain pattern="/pub/**"
21 filters="anonymous,exception,interceptorPublic" />
22 <sec:filter-chain pattern="/j_spring_security_logout"
23 filters="logout,exception" />
24 </sec:filter-chain-map>
25 <property name="matcher">
26 <bean class="org.springframework.security.util.AntUrlPathMatcher">
27 <!-- Do not convert to lower case -->
28 <constructor-arg value="false" />
29 </bean>
30 </property>
31 </bean>
32
33 <!-- The actual authorization checks (called last, but first here for ease
34 of configuration) -->
35 <bean id="interceptor" parent="filterInvocationInterceptorTemplate">
36 <property name="objectDefinitionSource">
37 <value>
38 PATTERN_TYPE_APACHE_ANT
39 /**=ROLE_USER,ROLE_ADMIN
40 </value>
41 </property>
42 </bean>
43 <bean id="interceptorPublic" parent="filterInvocationInterceptorTemplate">
44 <property name="objectDefinitionSource">
45 <value>
46 PATTERN_TYPE_APACHE_ANT
47 /**=IS_AUTHENTICATED_ANONYMOUSLY
48 </value>
49 </property>
50 </bean>
51
52 <bean id="x509"
53 class="org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter">
54 <property name="authenticationManager" ref="authenticationManager" />
55 <property name="principalExtractor">
56 <bean
57 class="org.springframework.security.ui.preauth.x509.SubjectDnX509PrincipalExtractor">
58 <property name="subjectDnRegex" value="CN=(.*?)," />
59 </bean>
60 </property>
61 </bean>
62
63 <!-- Integrates the authentication information in the http sessions -->
64 <bean id="session"
65 class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
66 <property name="allowSessionCreation" value="true" />
67 </bean>
68
69 <!-- Processes logouts, removing both session informations and the remember-me
70 cookie from the browser -->
71 <bean id="logout" class="org.springframework.security.ui.logout.LogoutFilter">
72 <constructor-arg value="/webdav/node/main" />
73 <!-- URL redirected to after logout -->
74 <constructor-arg>
75 <list>
76 <!-- <ref bean="rememberMeServices" /> -->
77 <bean
78 class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
79 </list>
80 </constructor-arg>
81 </bean>
82
83 <!-- Use the remember me cookie to authenticate <bean id="rememberMe" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
84 <property name="authenticationManager" ref="authenticationManager" /> <property
85 name="rememberMeServices" ref="rememberMeServices" /> </bean> <bean id="rememberMeServices"
86 class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
87 <property name="userDetailsService" ref="userDetailsService" /> <property
88 name="key" value="${argeo.security.systemKey}" /> <property name="tokenValiditySeconds"
89 value="${argeo.jcr.webapp.rememberMeValidity}" /> <property name="alwaysRemember"
90 value="true" /> </bean> -->
91
92 <!-- Basic authentication -->
93 <bean id="basic"
94 class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
95 <property name="authenticationManager">
96 <ref bean="authenticationManager" />
97 </property>
98 <property name="authenticationEntryPoint">
99 <ref local="basicProcessingFilterEntryPoint" />
100 </property>
101 <!-- <property name="rememberMeServices" ref="rememberMeServices" /> -->
102 </bean>
103
104 <!-- Activate basic auth when needed -->
105 <bean id="basicProcessingFilterEntryPoint"
106 class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
107 <property name="realmName">
108 <value>${argeo.server.realmName}</value>
109 </property>
110 </bean>
111
112 <!-- If everything else failed, anonymous authentication -->
113 <bean id="anonymous"
114 class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
115 <property name="key" value="${argeo.security.systemKey}" />
116 <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS" />
117 </bean>
118
119 <!-- Reacts to security related exceptions -->
120 <bean id="exception"
121 class="org.springframework.security.ui.ExceptionTranslationFilter">
122 <property name="authenticationEntryPoint">
123 <ref bean="basicProcessingFilterEntryPoint" />
124 </property>
125 <property name="accessDeniedHandler">
126 <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
127 <property name="errorPage" value="/accessDenied.jsp" />
128 </bean>
129 </property>
130 </bean>
131
132 <!-- Template for authorization checks -->
133 <bean id="filterInvocationInterceptorTemplate" abstract="true"
134 class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
135 <property name="authenticationManager" ref="authenticationManager" />
136 <property name="accessDecisionManager">
137 <bean class="org.springframework.security.vote.AffirmativeBased">
138 <property name="allowIfAllAbstainDecisions" value="false" />
139 <property name="decisionVoters">
140 <list>
141 <bean class="org.springframework.security.vote.RoleVoter" />
142 <bean class="org.springframework.security.vote.AuthenticatedVoter" />
143 </list>
144 </property>
145 </bean>
146 </property>
147 </bean>
148 </beans>
Argeo Commons - Lightweight integration framework in pure Java/OSGi