]> git.argeo.org Git - lgpl/argeo-commons.git/blob - server/modules/org.argeo.server.rap.webapp/WEB-INF/security-filters.xml
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Make HTTP realm name configurable
[lgpl/argeo-commons.git] / server / modules / org.argeo.server.rap.webapp / WEB-INF / security-filters.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2 <beans xmlns="http://www.springframework.org/schema/beans"
3 xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:aop="http://www.springframework.org/schema/aop"
5 xsi:schemaLocation="
6 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
7 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
8
9 <bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
10 <sec:filter-chain-map path-type="ant">
11 <sec:filter-chain pattern="/ui"
12 filters="session,basic,rememberMe,exception,interceptor" />
13 <sec:filter-chain pattern="/basicauth"
14 filters="session,basic,exception,interceptor" />
15 <sec:filter-chain pattern="/node" filters="session" />
16 <sec:filter-chain pattern="/public"
17 filters="session,anonymous,exception,interceptorPublic" />
18 <sec:filter-chain pattern="/j_spring_security_logout"
19 filters="session,logout,exception" />
20 </sec:filter-chain-map>
21 </bean>
22
23 <!-- The actual authorization checks (called last, but first here for ease
24 of configuration) -->
25 <bean id="interceptor" parent="filterInvocationInterceptorTemplate">
26 <property name="objectDefinitionSource">
27 <value>
28 PATTERN_TYPE_APACHE_ANT
29 /**=ROLE_USER,ROLE_ADMIN
30 </value>
31 </property>
32 </bean>
33 <bean id="interceptorPublic" parent="filterInvocationInterceptorTemplate">
34 <property name="objectDefinitionSource">
35 <value>
36 PATTERN_TYPE_APACHE_ANT
37 /**=IS_AUTHENTICATED_ANONYMOUSLY
38 </value>
39 </property>
40 </bean>
41
42 <!-- Integrates the authentication information in the http sessions -->
43 <bean id="session"
44 class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
45 <property name="allowSessionCreation" value="true" />
46 </bean>
47
48 <!-- Processes logouts, removing both session informations and the remember-me
49 cookie from the browser -->
50 <bean id="logout" class="org.springframework.security.ui.logout.LogoutFilter">
51 <constructor-arg value="/logout" />
52 <constructor-arg>
53 <list>
54 <ref bean="rememberMeServices" />
55 <bean
56 class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
57 </list>
58 </constructor-arg>
59 </bean>
60
61 <!-- Use the remember me cookie to authenticate -->
62 <bean id="rememberMe"
63 class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
64 <property name="authenticationManager" ref="authenticationManager" />
65 <property name="rememberMeServices" ref="rememberMeServices" />
66 </bean>
67
68 <bean id="rememberMeServices"
69 class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
70 <property name="userDetailsService" ref="userDetailsService" />
71 <property name="key" value="${argeo.security.systemKey}" />
72 <property name="alwaysRemember" value="true" />
73 </bean>
74
75 <!-- Basic authentication -->
76 <bean id="basic"
77 class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
78 <property name="authenticationManager">
79 <ref bean="authenticationManager" />
80 </property>
81 <property name="authenticationEntryPoint">
82 <ref local="basicProcessingFilterEntryPoint" />
83 </property>
84 <property name="rememberMeServices" ref="rememberMeServices" />
85 </bean>
86
87 <!-- Activate basic auth when needed -->
88 <bean id="basicProcessingFilterEntryPoint"
89 class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
90 <property name="realmName">
91 <value>${argeo.server.realmName}</value>
92 </property>
93 </bean>
94
95 <!-- If everything else failed, anonymous authentication -->
96 <bean id="anonymous"
97 class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
98 <property name="key" value="${argeo.security.systemKey}" />
99 <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS" />
100 </bean>
101
102 <!-- Reacts to security related exceptions -->
103 <bean id="exception"
104 class="org.springframework.security.ui.ExceptionTranslationFilter">
105 <property name="authenticationEntryPoint">
106 <ref bean="basicProcessingFilterEntryPoint" />
107 </property>
108 <property name="accessDeniedHandler">
109 <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
110 <property name="errorPage" value="/error" />
111 </bean>
112 </property>
113 </bean>
114
115 <!-- Template for authorization checks -->
116 <bean id="filterInvocationInterceptorTemplate" abstract="true"
117 class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
118 <property name="authenticationManager" ref="authenticationManager" />
119 <property name="accessDecisionManager">
120 <bean class="org.springframework.security.vote.AffirmativeBased">
121 <property name="allowIfAllAbstainDecisions" value="false" />
122 <property name="decisionVoters">
123 <list>
124 <bean class="org.springframework.security.vote.RoleVoter" />
125 <bean class="org.springframework.security.vote.AuthenticatedVoter" />
126 </list>
127 </property>
128 </bean>
129 </property>
130 </bean>
131 </beans>
Argeo Commons - Lightweight integration framework in pure Java/OSGi