]> git.argeo.org Git - lgpl/argeo-commons.git/blob - server/modules/org.argeo.jackrabbit.webapp/WEB-INF/security-filters.xml
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Use distribution 1.1.8-SNAPSHOT
[lgpl/argeo-commons.git] / server / modules / org.argeo.jackrabbit.webapp / WEB-INF / security-filters.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2 <beans xmlns="http://www.springframework.org/schema/beans"
3 xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:aop="http://www.springframework.org/schema/aop"
5 xsi:schemaLocation="
6 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
7 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
8
9 <bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
10 <sec:filter-chain-map path-type="ant">
11 <sec:filter-chain pattern="/webdav/**"
12 filters="session,basic,rememberMe,anonymous,exception,interceptor" />
13 <sec:filter-chain pattern="/remoting/**"
14 filters="session,basic,rememberMe,anonymous,exception,interceptor" />
15 <sec:filter-chain pattern="/public/**"
16 filters="session,anonymous,exception,interceptorPublic" />
17 <sec:filter-chain pattern="/pub/**"
18 filters="session,anonymous,exception,interceptorPublic" />
19 <sec:filter-chain pattern="/j_spring_security_logout"
20 filters="session,logout,exception" />
21 </sec:filter-chain-map>
22 </bean>
23
24 <!-- The actual authorization checks (called last, but first here for ease
25 of configuration) -->
26 <bean id="interceptor" parent="filterInvocationInterceptorTemplate">
27 <property name="objectDefinitionSource">
28 <value>
29 PATTERN_TYPE_APACHE_ANT
30 /*/*/*/**=ROLE_USER,ROLE_ADMIN
31 /**=ROLE_ANONYMOUS
32 </value>
33 </property>
34 </bean>
35 <bean id="interceptorPublic" parent="filterInvocationInterceptorTemplate">
36 <property name="objectDefinitionSource">
37 <value>
38 PATTERN_TYPE_APACHE_ANT
39 /**=IS_AUTHENTICATED_ANONYMOUSLY
40 </value>
41 </property>
42 </bean>
43
44 <!-- Integrates the authentication information in the http sessions -->
45 <bean id="session"
46 class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
47 <property name="allowSessionCreation" value="false" />
48 </bean>
49
50 <!-- Processes logouts, removing both session informations and the remember-me
51 cookie from the browser -->
52 <bean id="logout" class="org.springframework.security.ui.logout.LogoutFilter">
53 <constructor-arg value="/webdav/node/main" />
54 <!-- URL redirected to after logout -->
55 <constructor-arg>
56 <list>
57 <ref bean="rememberMeServices" />
58 <bean
59 class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
60 </list>
61 </constructor-arg>
62 </bean>
63
64 <!-- Use the remember me cookie to authenticate -->
65 <bean id="rememberMe"
66 class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
67 <property name="authenticationManager" ref="authenticationManager" />
68 <property name="rememberMeServices" ref="rememberMeServices" />
69 </bean>
70
71 <bean id="rememberMeServices"
72 class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
73 <property name="userDetailsService" ref="userDetailsService" />
74 <property name="key" value="${argeo.security.systemKey}" />
75 <property name="tokenValiditySeconds" value="${argeo.jcr.webapp.rememberMeValidity}" />
76 <property name="alwaysRemember" value="true" />
77 </bean>
78
79 <!-- Basic authentication -->
80 <bean id="basic"
81 class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
82 <property name="authenticationManager">
83 <ref bean="authenticationManager" />
84 </property>
85 <property name="authenticationEntryPoint">
86 <ref local="basicProcessingFilterEntryPoint" />
87 </property>
88 <property name="rememberMeServices" ref="rememberMeServices" />
89 </bean>
90
91 <!-- Activate basic auth when needed -->
92 <bean id="basicProcessingFilterEntryPoint"
93 class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
94 <property name="realmName">
95 <value>Argeo</value>
96 </property>
97 </bean>
98
99 <!-- If everything else failed, anonymous authentication -->
100 <bean id="anonymous"
101 class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
102 <property name="key" value="${argeo.security.systemKey}" />
103 <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS" />
104 </bean>
105
106 <!-- Reacts to security related exceptions -->
107 <bean id="exception"
108 class="org.springframework.security.ui.ExceptionTranslationFilter">
109 <property name="authenticationEntryPoint">
110 <ref bean="basicProcessingFilterEntryPoint" />
111 </property>
112 <property name="accessDeniedHandler">
113 <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
114 <property name="errorPage" value="/accessDenied.jsp" />
115 </bean>
116 </property>
117 </bean>
118
119 <!-- Template for authorization checks -->
120 <bean id="filterInvocationInterceptorTemplate" abstract="true"
121 class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
122 <property name="authenticationManager" ref="authenticationManager" />
123 <property name="accessDecisionManager">
124 <bean class="org.springframework.security.vote.AffirmativeBased">
125 <property name="allowIfAllAbstainDecisions" value="false" />
126 <property name="decisionVoters">
127 <list>
128 <bean class="org.springframework.security.vote.RoleVoter" />
129 <bean class="org.springframework.security.vote.AuthenticatedVoter" />
130 </list>
131 </property>
132 </bean>
133 </property>
134 </bean>
135 </beans>
Argeo Commons - Lightweight integration framework in pure Java/OSGi