]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - server/modules/org.argeo.jackrabbit.webapp/WEB-INF/security-filters.xml
1 <?xml version=
"1.0" encoding=
"UTF-8"?>
2 <beans xmlns=
"http://www.springframework.org/schema/beans"
3 xmlns:
sec=
"http://www.springframework.org/schema/security" xmlns:
xsi=
"http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:
aop=
"http://www.springframework.org/schema/aop"
6 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
7 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
11 <alias name=
"filterChainProxy" alias=
"springSecurityFilterChain" />
13 <bean id=
"filterChainProxy" class=
"org.springframework.security.util.FilterChainProxy">
14 <sec:filter-chain-map path-type=
"ant">
15 <sec:filter-chain pattern=
"/images/*" filters=
"none" />
16 <sec:filter-chain pattern=
"/**"
17 filters=
"securityContextFilter, logoutFilter, requestCacheFilter,
18 servletApiFilter, anonFilter, sessionMgmtFilter, exceptionTranslator, filterSecurityInterceptor" />
19 </sec:filter-chain-map>
23 <bean id=
"securityContextFilter"
24 class=
"org.springframework.security.web.context.SecurityContextPersistenceFilter">
25 <property name=
"securityContextRepository" ref=
"securityContextRepository" />
28 <bean id=
"securityContextRepository"
29 class=
"org.springframework.security.web.context.HttpSessionSecurityContextRepository" />
31 <bean id=
"logoutFilter"
32 class=
"org.springframework.security.web.authentication.logout.LogoutFilter">
33 <constructor-arg value=
"/logged_out.htm" />
37 class=
"org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
42 <!-- <bean id="formLoginFilter" -->
43 <!-- class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> -->
44 <!-- <property name="authenticationManager" ref="authenticationManager"
46 <!-- <property name="authenticationSuccessHandler"> -->
48 <!-- class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> -->
49 <!-- <property name="defaultTargetUrl" value="/index.jsp" /> -->
52 <!-- <property name="sessionAuthenticationStrategy"> -->
54 <!-- class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy"
59 <bean id=
"requestCacheFilter"
60 class=
"org.springframework.security.web.savedrequest.RequestCacheAwareFilter" />
62 <bean id=
"servletApiFilter"
63 class=
"org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter" />
66 class=
"org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
67 <property name=
"key" value=
"SomeUniqueKeyForThisApplication" />
68 <property name=
"userAttribute" value=
"anonymousUser,ROLE_ANONYMOUS" />
71 <bean id=
"sessionMgmtFilter"
72 class=
"org.springframework.security.web.session.SessionManagementFilter">
73 <constructor-arg ref=
"securityContextRepository" />
76 <bean id=
"exceptionTranslator"
77 class=
"org.springframework.security.web.access.ExceptionTranslationFilter">
78 <property name=
"authenticationEntryPoint">
80 class=
"org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
81 <property name=
"loginFormUrl" value=
"/login.htm" />
86 <bean id=
"filterSecurityInterceptor"
87 class=
"org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
88 <!-- <property name="securityMetadataSource"> -->
89 <!-- <sec:filter-security-metadata-source> -->
90 <!-- <sec:intercept-url pattern="/secure/extreme/*" -->
91 <!-- access="ROLE_SUPERVISOR" /> -->
92 <!-- <sec:intercept-url pattern="/secure/**" -->
93 <!-- access="IS_AUTHENTICATED_FULLY" /> -->
94 <!-- <sec:intercept-url pattern="/login.htm" -->
95 <!-- access="IS_AUTHENTICATED_ANONYMOUSLY" /> -->
96 <!-- <sec:intercept-url pattern="/**" access="ROLE_USER" /> -->
97 <!-- </sec:filter-security-metadata-source> -->
99 <property name=
"authenticationManager" ref=
"authenticationManager" />
100 <property name=
"accessDecisionManager" ref=
"accessDecisionManager" />
103 <!-- Access decision manager -->
104 <bean id=
"accessDecisionManager"
105 class=
"org.springframework.security.access.vote.AffirmativeBased">
106 <property name=
"decisionVoters">
108 <bean class=
"org.springframework.security.access.vote.RoleVoter" />
109 <bean class=
"org.springframework.security.access.vote.AuthenticatedVoter" />