]> git.argeo.org Git - lgpl/argeo-commons.git/blob - WEB-INF/security-filters.xml
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prepare next development cycle
[lgpl/argeo-commons.git] / WEB-INF / security-filters.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2 <beans xmlns="http://www.springframework.org/schema/beans"
3 xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:aop="http://www.springframework.org/schema/aop"
5 xsi:schemaLocation="
6 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
7 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
8
9 <bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
10 <sec:filter-chain-map path-type="ant">
11 <sec:filter-chain pattern="/webdav/**"
12 filters="session,x509,basic,exception,interceptor" />
13 <!-- For some reason the first level listing workspaces must be public -->
14 <sec:filter-chain pattern="/remoting/*/"
15 filters="anonymous,exception,interceptorPublic" />
16 <sec:filter-chain pattern="/remoting/*/**"
17 filters="session,x509,basic,exception,interceptor" />
18 <sec:filter-chain pattern="/public/**"
19 filters="anonymous,exception,interceptorPublic" />
20 <sec:filter-chain pattern="/pub/**"
21 filters="anonymous,exception,interceptorPublic" />
22 <sec:filter-chain pattern="/j_spring_security_logout"
23 filters="logout,exception" />
24 </sec:filter-chain-map>
25 </bean>
26
27 <!-- The actual authorization checks (called last, but first here for ease
28 of configuration) -->
29 <bean id="interceptor" parent="filterInvocationInterceptorTemplate">
30 <property name="objectDefinitionSource">
31 <value>
32 PATTERN_TYPE_APACHE_ANT
33 /**=ROLE_USER,ROLE_ADMIN
34 </value>
35 </property>
36 </bean>
37 <bean id="interceptorPublic" parent="filterInvocationInterceptorTemplate">
38 <property name="objectDefinitionSource">
39 <value>
40 PATTERN_TYPE_APACHE_ANT
41 /**=IS_AUTHENTICATED_ANONYMOUSLY
42 </value>
43 </property>
44 </bean>
45
46 <bean id="x509"
47 class="org.springframework.security.ui.preauth.x509.X509PreAuthenticatedProcessingFilter">
48 <property name="authenticationManager" ref="authenticationManager" />
49 <property name="principalExtractor">
50 <bean
51 class="org.springframework.security.ui.preauth.x509.SubjectDnX509PrincipalExtractor">
52 <property name="subjectDnRegex" value="CN=(.*?)," />
53 </bean>
54 </property>
55 </bean>
56
57 <!-- Integrates the authentication information in the http sessions -->
58 <bean id="session"
59 class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
60 <property name="allowSessionCreation" value="false" />
61 </bean>
62
63 <!-- Processes logouts, removing both session informations and the remember-me
64 cookie from the browser -->
65 <bean id="logout" class="org.springframework.security.ui.logout.LogoutFilter">
66 <constructor-arg value="/webdav/node/main" />
67 <!-- URL redirected to after logout -->
68 <constructor-arg>
69 <list>
70 <!-- <ref bean="rememberMeServices" /> -->
71 <bean
72 class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
73 </list>
74 </constructor-arg>
75 </bean>
76
77 <!-- Use the remember me cookie to authenticate
78 <bean id="rememberMe"
79 class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
80 <property name="authenticationManager" ref="authenticationManager" />
81 <property name="rememberMeServices" ref="rememberMeServices" />
82 </bean>
83
84 <bean id="rememberMeServices"
85 class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
86 <property name="userDetailsService" ref="userDetailsService" />
87 <property name="key" value="${argeo.security.systemKey}" />
88 <property name="tokenValiditySeconds" value="${argeo.jcr.webapp.rememberMeValidity}" />
89 <property name="alwaysRemember" value="true" />
90 </bean>
91 -->
92
93 <!-- Basic authentication -->
94 <bean id="basic"
95 class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
96 <property name="authenticationManager">
97 <ref bean="authenticationManager" />
98 </property>
99 <property name="authenticationEntryPoint">
100 <ref local="basicProcessingFilterEntryPoint" />
101 </property>
102 <!-- <property name="rememberMeServices" ref="rememberMeServices" /> -->
103 </bean>
104
105 <!-- Activate basic auth when needed -->
106 <bean id="basicProcessingFilterEntryPoint"
107 class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
108 <property name="realmName">
109 <value>${argeo.server.realmName}</value>
110 </property>
111 </bean>
112
113 <!-- If everything else failed, anonymous authentication -->
114 <bean id="anonymous"
115 class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
116 <property name="key" value="${argeo.security.systemKey}" />
117 <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS" />
118 </bean>
119
120 <!-- Reacts to security related exceptions -->
121 <bean id="exception"
122 class="org.springframework.security.ui.ExceptionTranslationFilter">
123 <property name="authenticationEntryPoint">
124 <ref bean="basicProcessingFilterEntryPoint" />
125 </property>
126 <property name="accessDeniedHandler">
127 <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
128 <property name="errorPage" value="/accessDenied.jsp" />
129 </bean>
130 </property>
131 </bean>
132
133 <!-- Template for authorization checks -->
134 <bean id="filterInvocationInterceptorTemplate" abstract="true"
135 class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
136 <property name="authenticationManager" ref="authenticationManager" />
137 <property name="accessDecisionManager">
138 <bean class="org.springframework.security.vote.AffirmativeBased">
139 <property name="allowIfAllAbstainDecisions" value="false" />
140 <property name="decisionVoters">
141 <list>
142 <bean class="org.springframework.security.vote.RoleVoter" />
143 <bean class="org.springframework.security.vote.AuthenticatedVoter" />
144 </list>
145 </property>
146 </bean>
147 </property>
148 </bean>
149 </beans>
Argeo Commons - Lightweight integration framework in pure Java/OSGi