1 <?xml version=
"1.0" encoding=
"UTF-8"?>
2 <beans xmlns=
"http://www.springframework.org/schema/beans"
3 xmlns:
sec=
"http://www.springframework.org/schema/security" xmlns:
xsi=
"http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:
aop=
"http://www.springframework.org/schema/aop"
6 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
7 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
9 <bean id=
"filterChain.davex" parent=
"filterChain.template">
10 <sec:filter-chain-map path-type=
"ant">
11 <sec:filter-chain pattern=
"/*/*/*/**"
12 filters=
"session,x509,basic,exception,interceptor" />
13 <!-- For some reason the first level listing workspaces must be public -->
14 <sec:filter-chain pattern=
"/*/*/"
15 filters=
"anonymous,exception,interceptorPublic" />
16 </sec:filter-chain-map>
19 <bean id=
"filterChain.private" parent=
"filterChain.template">
20 <sec:filter-chain-map path-type=
"ant">
21 <sec:filter-chain pattern=
"/**"
22 filters=
"session,x509,basic,exception,interceptor" />
23 </sec:filter-chain-map>
26 <bean id=
"filterChain.public" parent=
"filterChain.template">
27 <sec:filter-chain-map path-type=
"ant">
28 <sec:filter-chain pattern=
"/**"
29 filters=
"anonymous,exception,interceptorPublic" />
30 </sec:filter-chain-map>
33 <bean id=
"filterChain.template" abstract=
"true"
34 class=
"org.springframework.security.util.FilterChainProxy">
35 <property name=
"matcher">
36 <bean class=
"org.springframework.security.util.AntUrlPathMatcher">
37 <!-- Do not convert to lower case -->
38 <constructor-arg value=
"false" />
43 <!-- The actual authorization checks (called last, but first here for ease
45 <bean id=
"interceptor" parent=
"filterInvocationInterceptorTemplate">
46 <property name=
"objectDefinitionSource">
48 PATTERN_TYPE_APACHE_ANT
49 /**=ROLE_USER,ROLE_ADMIN
53 <bean id=
"interceptorPublic" parent=
"filterInvocationInterceptorTemplate">
54 <property name=
"objectDefinitionSource">
56 PATTERN_TYPE_APACHE_ANT
57 /**=IS_AUTHENTICATED_ANONYMOUSLY
63 class=
"org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter">
64 <property name=
"authenticationManager" ref=
"authenticationManager" />
65 <property name=
"principalExtractor">
67 class=
"org.springframework.security.ui.preauth.x509.SubjectDnX509PrincipalExtractor">
68 <property name=
"subjectDnRegex" value=
"CN=(.*?)," />
73 <!-- Integrates the authentication information in the http sessions -->
75 class=
"org.springframework.security.context.HttpSessionContextIntegrationFilter">
76 <property name=
"allowSessionCreation" value=
"true" />
79 <!-- Processes logouts, removing both session informations and the remember-me
80 cookie from the browser -->
81 <!-- <bean id="logout" class="org.springframework.security.ui.logout.LogoutFilter"> -->
82 <!-- <constructor-arg value="/webdav/node/main" /> -->
83 <!-- <constructor-arg> -->
86 <!-- class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"
89 <!-- </constructor-arg> -->
92 <!-- Basic authentication -->
94 class=
"org.springframework.security.ui.basicauth.BasicProcessingFilter">
95 <property name=
"authenticationManager">
96 <ref bean=
"authenticationManager" />
98 <property name=
"authenticationEntryPoint">
99 <ref local=
"basicProcessingFilterEntryPoint" />
103 <!-- Activate basic auth when needed -->
104 <bean id=
"basicProcessingFilterEntryPoint"
105 class=
"org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
106 <property name=
"realmName">
107 <value>${argeo.server.realmName}
</value>
111 <!-- If everything else failed, anonymous authentication -->
113 class=
"org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
114 <property name=
"key" value=
"${argeo.security.systemKey}" />
115 <property name=
"userAttribute" value=
"anonymous,ROLE_ANONYMOUS" />
118 <!-- Reacts to security related exceptions -->
120 class=
"org.springframework.security.ui.ExceptionTranslationFilter">
121 <property name=
"authenticationEntryPoint">
122 <ref bean=
"basicProcessingFilterEntryPoint" />
124 <property name=
"accessDeniedHandler">
125 <bean class=
"org.springframework.security.ui.AccessDeniedHandlerImpl">
126 <!-- <property name="errorPage" value="/accessDenied.jsp" /> -->
131 <!-- Template for authorization checks -->
132 <bean id=
"filterInvocationInterceptorTemplate" abstract=
"true"
133 class=
"org.springframework.security.intercept.web.FilterSecurityInterceptor">
134 <property name=
"authenticationManager" ref=
"authenticationManager" />
135 <property name=
"accessDecisionManager">
136 <bean class=
"org.springframework.security.vote.AffirmativeBased">
137 <property name=
"allowIfAllAbstainDecisions" value=
"false" />
138 <property name=
"decisionVoters">
140 <bean class=
"org.springframework.security.vote.RoleVoter" />
141 <bean class=
"org.springframework.security.vote.AuthenticatedVoter" />