http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
- <bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
+ <bean id="filterChain.davex" parent="filterChain.template">
+ <sec:filter-chain-map path-type="ant">
+ <sec:filter-chain pattern="/*/*/*/**"
+ filters="session,x509,basic,exception,interceptor" />
+ <!-- For some reason the first level listing workspaces must be public -->
+ <sec:filter-chain pattern="/*/*/"
+ filters="anonymous,exception,interceptorPublic" />
+ </sec:filter-chain-map>
+ </bean>
+
+ <bean id="filterChain.private" parent="filterChain.template">
+ <sec:filter-chain-map path-type="ant">
+ <sec:filter-chain pattern="/**"
+ filters="session,x509,basic,exception,interceptor" />
+ </sec:filter-chain-map>
+ </bean>
+
+ <bean id="filterChain.public" parent="filterChain.template">
<sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/**"
- filters="httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,anonymousProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor" />
+ filters="anonymous,exception,interceptorPublic" />
</sec:filter-chain-map>
</bean>
+ <bean id="filterChain.template" abstract="true"
+ class="org.springframework.security.util.FilterChainProxy">
+ <property name="matcher">
+ <bean class="org.springframework.security.util.AntUrlPathMatcher">
+ <!-- Do not convert to lower case -->
+ <constructor-arg value="false" />
+ </bean>
+ </property>
+ </bean>
+
<!-- The actual authorization checks (called last, but first here for ease
of configuration) -->
- <bean id="filterInvocationInterceptor" parent="filterInvocationInterceptorTemplate">
+ <bean id="interceptor" parent="filterInvocationInterceptorTemplate">
+ <property name="objectDefinitionSource">
+ <value>
+ PATTERN_TYPE_APACHE_ANT
+ /**=ROLE_USER,ROLE_ADMIN
+ </value>
+ </property>
+ </bean>
+ <bean id="interceptorPublic" parent="filterInvocationInterceptorTemplate">
<property name="objectDefinitionSource">
<value>
- CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
- /public/**=IS_AUTHENTICATED_ANONYMOUSLY
- /*/*/*/**=ROLE_USER
/**=IS_AUTHENTICATED_ANONYMOUSLY
</value>
- <!-- <value> -->
- <!-- CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON -->
- <!-- PATTERN_TYPE_APACHE_ANT -->
- <!-- /config/**=ROLE_ADMINISTRATOR -->
- <!-- /**=IS_AUTHENTICATED_ANONYMOUSLY -->
- <!-- </value> -->
+ </property>
+ </bean>
+
+ <bean id="x509"
+ class="org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter">
+ <property name="authenticationManager" ref="authenticationManager" />
+ <property name="principalExtractor">
+ <bean
+ class="org.springframework.security.ui.preauth.x509.SubjectDnX509PrincipalExtractor">
+ <property name="subjectDnRegex" value="CN=(.*?)," />
+ </bean>
</property>
</bean>
<!-- Integrates the authentication information in the http sessions -->
- <bean id="httpSessionContextIntegrationFilter"
+ <bean id="session"
class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
<property name="allowSessionCreation" value="true" />
</bean>
<!-- Processes logouts, removing both session informations and the remember-me
cookie from the browser -->
- <bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
- <constructor-arg value="/web/" />
- <!-- URL redirected to after logout -->
- <constructor-arg>
- <list>
- <ref bean="rememberMeServices" />
- <bean
- class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
- </list>
- </constructor-arg>
- </bean>
-
- <!-- Double check, this may not be necessary -->
- <bean id="securityContextHolderAwareRequestFilter"
- class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />
-
- <!-- Use the remember me cookie to authenticate -->
- <bean id="rememberMeProcessingFilter"
- class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
- <property name="authenticationManager" ref="authenticationManager" />
- <property name="rememberMeServices" ref="rememberMeServices" />
- </bean>
-
- <bean id="rememberMeServices"
- class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
- <property name="userDetailsService" ref="userDetailsService" />
- <property name="key" value="${argeo.security.systemKey}" />
- </bean>
+ <!-- <bean id="logout" class="org.springframework.security.ui.logout.LogoutFilter"> -->
+ <!-- <constructor-arg value="/webdav/node/main" /> -->
+ <!-- <constructor-arg> -->
+ <!-- <list> -->
+ <!-- <bean -->
+ <!-- class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"
+ /> -->
+ <!-- </list> -->
+ <!-- </constructor-arg> -->
+ <!-- </bean> -->
<!-- Basic authentication -->
- <bean id="basicProcessingFilter"
+ <bean id="basic"
class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
<property name="authenticationEntryPoint">
<ref local="basicProcessingFilterEntryPoint" />
</property>
- <property name="rememberMeServices" ref="rememberMeServices" />
</bean>
<!-- Activate basic auth when needed -->
<bean id="basicProcessingFilterEntryPoint"
class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName">
- <value>Argeo</value>
+ <value>${argeo.server.realmName}</value>
</property>
</bean>
<!-- If everything else failed, anonymous authentication -->
- <bean id="anonymousProcessingFilter"
+ <bean id="anonymous"
class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="${argeo.security.systemKey}" />
<property name="userAttribute" value="anonymous,ROLE_ANONYMOUS" />
</bean>
<!-- Reacts to security related exceptions -->
- <bean id="exceptionTranslationFilter"
+ <bean id="exception"
class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref bean="basicProcessingFilterEntryPoint" />
</property>
<property name="accessDeniedHandler">
<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
- <property name="errorPage" value="/accessDenied.jsp" />
+ <!-- <property name="errorPage" value="/accessDenied.jsp" /> -->
</bean>
</property>
</bean>