1 <?xml version=
"1.0" encoding=
"UTF-8"?>
2 <beans xmlns=
"http://www.springframework.org/schema/beans"
3 xmlns:
sec=
"http://www.springframework.org/schema/security" xmlns:
xsi=
"http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:
aop=
"http://www.springframework.org/schema/aop"
6 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
7 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
9 <bean id=
"springSecurityFilterChain" class=
"org.springframework.security.util.FilterChainProxy">
10 <sec:filter-chain-map path-type=
"ant">
11 <sec:filter-chain pattern=
"/private"
12 filters=
"session,x509,basic,rememberMe,exception,interceptor" />
13 <sec:filter-chain pattern=
"/basicauth"
14 filters=
"session,x509,basic,exception,interceptor" />
15 <sec:filter-chain pattern=
"/clientauth"
16 filters=
"session,x509,exception,interceptor" />
17 <!-- <sec:filter-chain pattern="/node" filters="session,x509,exception,interceptor" /> -->
18 <sec:filter-chain pattern=
"/public"
19 filters=
"session,anonymous,exception,interceptorPublic" />
20 <sec:filter-chain pattern=
"/j_spring_security_logout"
21 filters=
"session,logout,exception" />
22 </sec:filter-chain-map>
25 <!-- The actual authorization checks (called last, but first here for ease
27 <bean id=
"interceptor" parent=
"filterInvocationInterceptorTemplate">
28 <property name=
"objectDefinitionSource">
30 PATTERN_TYPE_APACHE_ANT
31 /**=ROLE_USER,ROLE_ADMIN
35 <bean id=
"interceptorPublic" parent=
"filterInvocationInterceptorTemplate">
36 <property name=
"objectDefinitionSource">
38 PATTERN_TYPE_APACHE_ANT
39 /**=IS_AUTHENTICATED_ANONYMOUSLY
45 class=
"org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter">
46 <property name=
"authenticationManager" ref=
"authenticationManager" />
47 <property name=
"principalExtractor">
49 class=
"org.springframework.security.ui.preauth.x509.SubjectDnX509PrincipalExtractor">
50 <property name=
"subjectDnRegex" value=
"CN=(.*?)," />
55 <!-- Integrates the authentication information in the http sessions -->
57 class=
"org.springframework.security.context.HttpSessionContextIntegrationFilter">
58 <property name=
"allowSessionCreation" value=
"true" />
61 <!-- Processes logouts, removing both session informations and the remember-me
62 cookie from the browser -->
63 <bean id=
"logout" class=
"org.springframework.security.ui.logout.LogoutFilter">
64 <constructor-arg value=
"/logout" />
67 <ref bean=
"rememberMeServices" />
69 class=
"org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
74 <!-- Use the remember me cookie to authenticate -->
76 class=
"org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
77 <property name=
"authenticationManager" ref=
"authenticationManager" />
78 <property name=
"rememberMeServices" ref=
"rememberMeServices" />
81 <bean id=
"rememberMeServices"
82 class=
"org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
83 <property name=
"userDetailsService" ref=
"userDetailsService" />
84 <property name=
"key" value=
"${argeo.security.systemKey}" />
85 <property name=
"alwaysRemember" value=
"true" />
88 <!-- Basic authentication -->
90 class=
"org.springframework.security.ui.basicauth.BasicProcessingFilter">
91 <property name=
"authenticationManager">
92 <ref bean=
"authenticationManager" />
94 <property name=
"authenticationEntryPoint">
95 <ref local=
"basicProcessingFilterEntryPoint" />
97 <property name=
"rememberMeServices" ref=
"rememberMeServices" />
100 <!-- Activate basic auth when needed -->
101 <bean id=
"basicProcessingFilterEntryPoint"
102 class=
"org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
103 <property name=
"realmName">
104 <value>${argeo.server.realmName}
</value>
108 <!-- If everything else failed, anonymous authentication -->
110 class=
"org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
111 <property name=
"key" value=
"${argeo.security.systemKey}" />
112 <property name=
"userAttribute" value=
"anonymous,ROLE_ANONYMOUS" />
115 <!-- Reacts to security related exceptions -->
117 class=
"org.springframework.security.ui.ExceptionTranslationFilter">
118 <property name=
"authenticationEntryPoint">
119 <ref bean=
"basicProcessingFilterEntryPoint" />
121 <property name=
"accessDeniedHandler">
122 <bean class=
"org.springframework.security.ui.AccessDeniedHandlerImpl">
123 <property name=
"errorPage" value=
"/error" />
128 <!-- Template for authorization checks -->
129 <bean id=
"filterInvocationInterceptorTemplate" abstract=
"true"
130 class=
"org.springframework.security.intercept.web.FilterSecurityInterceptor">
131 <property name=
"authenticationManager" ref=
"authenticationManager" />
132 <property name=
"accessDecisionManager">
133 <bean class=
"org.springframework.security.vote.AffirmativeBased">
134 <property name=
"allowIfAllAbstainDecisions" value=
"false" />
135 <property name=
"decisionVoters">
137 <bean class=
"org.springframework.security.vote.RoleVoter" />
138 <bean class=
"org.springframework.security.vote.AuthenticatedVoter" />