1 <?xml version=
"1.0" encoding=
"UTF-8"?>
2 <beans xmlns=
"http://www.springframework.org/schema/beans"
3 xmlns:
sec=
"http://www.springframework.org/schema/security" xmlns:
xsi=
"http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:
aop=
"http://www.springframework.org/schema/aop"
6 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
7 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
9 <bean id=
"springSecurityFilterChain" class=
"org.springframework.security.util.FilterChainProxy">
10 <sec:filter-chain-map path-type=
"ant">
11 <sec:filter-chain pattern=
"/**"
12 filters=
"httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,anonymousProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor" />
13 </sec:filter-chain-map>
16 <!-- The actual authorization checks (called last, but first here for ease
18 <bean id=
"filterInvocationInterceptor" parent=
"filterInvocationInterceptorTemplate">
19 <property name=
"objectDefinitionSource">
21 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
22 PATTERN_TYPE_APACHE_ANT
23 /public/**=IS_AUTHENTICATED_ANONYMOUSLY
25 /**=IS_AUTHENTICATED_ANONYMOUSLY
28 <!-- CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON -->
29 <!-- PATTERN_TYPE_APACHE_ANT -->
30 <!-- /config/**=ROLE_ADMINISTRATOR -->
31 <!-- /**=IS_AUTHENTICATED_ANONYMOUSLY -->
36 <!-- Integrates the authentication information in the http sessions -->
37 <bean id=
"httpSessionContextIntegrationFilter"
38 class=
"org.springframework.security.context.HttpSessionContextIntegrationFilter">
39 <property name=
"allowSessionCreation" value=
"true" />
42 <!-- Processes logouts, removing both session informations and the remember-me
43 cookie from the browser -->
44 <bean id=
"logoutFilter" class=
"org.springframework.security.ui.logout.LogoutFilter">
45 <constructor-arg value=
"/web/" />
46 <!-- URL redirected to after logout -->
49 <ref bean=
"rememberMeServices" />
51 class=
"org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
56 <!-- Double check, this may not be necessary -->
57 <bean id=
"securityContextHolderAwareRequestFilter"
58 class=
"org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />
60 <!-- Use the remember me cookie to authenticate -->
61 <bean id=
"rememberMeProcessingFilter"
62 class=
"org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
63 <property name=
"authenticationManager" ref=
"authenticationManager" />
64 <property name=
"rememberMeServices" ref=
"rememberMeServices" />
67 <bean id=
"rememberMeServices"
68 class=
"org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
69 <property name=
"userDetailsService" ref=
"userDetailsService" />
70 <property name=
"key" value=
"${argeo.security.systemKey}" />
73 <!-- Basic authentication -->
74 <bean id=
"basicProcessingFilter"
75 class=
"org.springframework.security.ui.basicauth.BasicProcessingFilter">
76 <property name=
"authenticationManager">
77 <ref bean=
"authenticationManager" />
79 <property name=
"authenticationEntryPoint">
80 <ref local=
"basicProcessingFilterEntryPoint" />
82 <property name=
"rememberMeServices" ref=
"rememberMeServices" />
85 <!-- Activate basic auth when needed -->
86 <bean id=
"basicProcessingFilterEntryPoint"
87 class=
"org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
88 <property name=
"realmName">
93 <!-- If everything else failed, anonymous authentication -->
94 <bean id=
"anonymousProcessingFilter"
95 class=
"org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
96 <property name=
"key" value=
"${argeo.security.systemKey}" />
97 <property name=
"userAttribute" value=
"anonymous,ROLE_ANONYMOUS" />
100 <!-- Reacts to security related exceptions -->
101 <bean id=
"exceptionTranslationFilter"
102 class=
"org.springframework.security.ui.ExceptionTranslationFilter">
103 <property name=
"authenticationEntryPoint">
104 <ref bean=
"basicProcessingFilterEntryPoint" />
106 <property name=
"accessDeniedHandler">
107 <bean class=
"org.springframework.security.ui.AccessDeniedHandlerImpl">
108 <property name=
"errorPage" value=
"/accessDenied.jsp" />
113 <!-- Template for authorization checks -->
114 <bean id=
"filterInvocationInterceptorTemplate" abstract=
"true"
115 class=
"org.springframework.security.intercept.web.FilterSecurityInterceptor">
116 <property name=
"authenticationManager" ref=
"authenticationManager" />
117 <property name=
"accessDecisionManager">
118 <bean class=
"org.springframework.security.vote.AffirmativeBased">
119 <property name=
"allowIfAllAbstainDecisions" value=
"false" />
120 <property name=
"decisionVoters">
122 <bean class=
"org.springframework.security.vote.RoleVoter" />
123 <bean class=
"org.springframework.security.vote.AuthenticatedVoter" />