Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
342 lines (281 sloc) 16.3 KB
<?xml version="1.0" encoding="UTF-8"?>
<!--
[y] hybris Platform
Copyright (c) 2000-2016 SAP SE or an SAP affiliate company.
All rights reserved.
This software is the confidential and proprietary information of SAP
("Confidential Information"). You shall not disclose such Confidential
Information and shall use it only in accordance with the terms of the
license agreement you entered into with SAP.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
">
<context:annotation-config/>
<security:http pattern="/_ui/**" security="none" />
<!--Security config for checkout - it has its own login page-->
<security:http disable-url-rewriting="true" pattern="/checkout/**" use-expressions="true">
<security:anonymous username="anonymous" granted-authority="ROLE_ANONYMOUS" />
<security:access-denied-handler error-page="/login"/>
<security:session-management session-authentication-strategy-ref="fixation" />
<!-- RememberMe -->
<security:remember-me key="extacceleratorstorefront" services-ref="rememberMeServices" authentication-success-handler-ref="rememberMeSuccessHandler" />
<security:intercept-url pattern="/**" requires-channel="https" />
<security:form-login
login-processing-url="/checkout/j_spring_security_check"
login-page="/login/checkout"
authentication-failure-handler-ref="loginCheckoutAuthenticationFailureHandler"
authentication-success-handler-ref="loginCheckoutGuidAuthenticationSuccessHandler" />
<security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
<security:port-mappings>
<security:port-mapping http="#{configurationService.configuration.getProperty('tomcat.http.port')}"
https="#{configurationService.configuration.getProperty('tomcat.ssl.port')}" />
<security:port-mapping http="80" https="443" />
<!--security:port-mapping http="#{configurationService.configuration.getProperty('proxy.http.port')}"
https="#{configurationService.configuration.getProperty('proxy.ssl.port')}" /-->
</security:port-mappings>
<security:request-cache ref="httpSessionRequestCache" />
</security:http>
<!-- Ignores url(s) that match paths specified in the set -->
<bean id="excludeUrlRequestMatcher" class="de.hybris.platform.storefront.security.ExcludeUrlRequestMatcher">
<property name="excludeUrlSet" ref="excludeUrlSet"/>
<property name="pathMatcher" ref="defaultPathMatcher"/>
</bean>
<!-- The set of url(s) to exclude from the 'Default security config'-->
<bean id="excludeUrlSet" class="java.util.HashSet" />
<!-- Path matcher to use, AntPathMatcher is the default -->
<alias name="antPathMatcher" alias="defaultPathMatcher" />
<bean id="antPathMatcher" class="org.springframework.util.AntPathMatcher" />
<!-- Default security config -->
<security:http disable-url-rewriting="true" request-matcher-ref="excludeUrlRequestMatcher" use-expressions="true">
<security:anonymous username="anonymous" granted-authority="ROLE_ANONYMOUS" />
<security:access-denied-handler error-page="/login"/>
<security:session-management session-authentication-strategy-ref="fixation" />
<!-- RememberMe -->
<security:remember-me key="extacceleratorstorefront" services-ref="rememberMeServices" authentication-success-handler-ref="rememberMeSuccessHandler" />
<!-- SSL / AUTHENTICATED pages -->
<security:intercept-url pattern="/my-account/addressform" access="hasAnyRole('ROLE_ANONYMOUS','ROLE_CUSTOMERGROUP')" requires-channel="https" />
<security:intercept-url pattern="/checkout/multi/billingaddressform" access="hasAnyRole('ROLE_ANONYMOUS','ROLE_CUSTOMERGROUP')" requires-channel="https" />
<security:intercept-url pattern="/my-account*" access="hasRole('ROLE_CUSTOMERGROUP')" requires-channel="https" />
<security:intercept-url pattern="/my-account/**" access="hasRole('ROLE_CUSTOMERGROUP')" requires-channel="https" />
<security:intercept-url pattern="/**" requires-channel="https" /> <!-- Everything should be secure -->
<!-- aditya -->
<security:intercept-url pattern="/auth/**" access="permitAll"/>
<security:custom-filter ref="socialAuthenticationFilter" before="PRE_AUTH_FILTER" />
<security:form-login
login-page="/login"
authentication-failure-handler-ref="loginAuthenticationFailureHandler"
authentication-success-handler-ref="loginGuidAuthenticationSuccessHandler" />
<security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
<security:port-mappings>
<security:port-mapping http="#{configurationService.configuration.getProperty('tomcat.http.port')}"
https="#{configurationService.configuration.getProperty('tomcat.ssl.port')}" />
<security:port-mapping http="80" https="443" />
<!--security:port-mapping http="#{configurationService.configuration.getProperty('proxy.http.port')}"
https="#{configurationService.configuration.getProperty('proxy.ssl.port')}" /-->
</security:port-mappings>
<security:request-cache ref="httpSessionRequestCache" />
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="acceleratorAuthenticationProvider" />
<security:authentication-provider ref="socialAuthenticationProvider"/>
</security:authentication-manager>
<!-- aditya -->
<bean id="socialAuthenticationFilter" class="org.springframework.social.security.SocialAuthenticationFilter">
<constructor-arg index="0" ref="authenticationManager"/>
<constructor-arg index="1" ref="userIdSource"/>
<constructor-arg index="2" ref="usersConnectionRepository"/>
<constructor-arg index="3" ref="connectionFactoryLocator"/>
<!-- Sets the url of the registration form. -->
<property name="signupUrl" value="/user/register"/>
</bean>
<!-- aditya -->
<bean id="socialAuthenticationProvider" class="org.springframework.social.security.SocialAuthenticationProvider">
<constructor-arg index="0" ref="usersConnectionRepository"/>
<constructor-arg index="1" ref="socialUserDetailsService"/>
</bean>
<!-- aditya -->
<bean id="socialUserDetailsService" class="de.hybris.platform.storefront.SimpleSocialUserDetailsService">
<constructor-arg index="0" ref="userDetailsService"/>
</bean>
<!-- aditya -->
<bean id="userDetailsService" class="de.hybris.platform.commerceservices.spring.security.OriginalUidUserDetailsService" autowire="constructor"/>
<!-- aditya -->
<bean id="userIdSource" class="org.springframework.social.security.AuthenticationNameUserIdSource"/>
<!-- aditya -->
<bean id="connectController" class="org.springframework.social.connect.web.ConnectController"
autowire="constructor"/>
<bean id="acceleratorAuthenticationProvider" parent="abstractAcceleratorAuthenticationProvider"
class="de.hybris.platform.storefront.security.AcceleratorAuthenticationProvider">
<property name="adminGroup" value="ROLE_ADMINGROUP"/>
</bean>
<bean id="coreUserDetailsService" class="de.hybris.platform.spring.security.CoreUserDetailsService" />
<bean id="guidCookieStrategy" class="de.hybris.platform.storefront.security.impl.DefaultGUIDCookieStrategy"
>
<property name="cookieGenerator" ref="guidCookieGenerator" />
</bean>
<alias name="defaultGuestCheckoutCartCleanStrategy" alias="guestCheckoutCartCleanStrategy"/>
<bean id="defaultGuestCheckoutCartCleanStrategy" class="de.hybris.platform.storefront.security.impl.DefaultGuestCheckoutCartCleanStrategy">
<property name="checkoutURLPattern" value="#{configurationService.configuration.getProperty('extacceleratorstorefront.checkout.url.pattern')}" />
<property name="checkoutCustomerStrategy" ref="checkoutCustomerStrategy" />
<property name="cartService" ref="cartService" />
<property name="sessionService" ref="sessionService"/>
<property name="userService" ref="userService"/>
</bean>
<alias name="defaultGuidCookieGenerator" alias="guidCookieGenerator"/>
<bean id="defaultGuidCookieGenerator" class="de.hybris.platform.storefront.security.cookie.EnhancedCookieGenerator" >
<property name="cookieSecure" value="true" />
<property name="cookieName" value="acceleratorSecureGUID" />
<property name="httpOnly" value="true"/>
</bean>
<bean id="autoLoginStrategy" class="de.hybris.platform.storefront.security.impl.DefaultAutoLoginStrategy" >
<property name="authenticationManager" ref="authenticationManager" />
<property name="customerFacade" ref="customerFacade" />
<property name="guidCookieStrategy" ref="guidCookieStrategy"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>
<bean id="httpSessionRequestCache" class="de.hybris.platform.storefront.security.impl.WebHttpSessionRequestCache">
<property name="requestMatcher" ref="excludeRedirectUrlRequestMatcher" />
<property name="sessionService" ref="sessionService"/>
</bean>
<!-- <bean id="excludeRedirectUrlRequestMatcher" class="org.springframework.security.web.util.RegexRequestMatcher">
<constructor-arg name="pattern" value=".*/guest/.*|.*/orderConfirmation/.*|.*/login|.*/login/checkout" />
<constructor-arg name="httpMethod">
<null />
</constructor-arg>
</bean> -->
<!-- Ignores url(s) that match paths specified in the set -->
<bean id="excludeRedirectUrlRequestMatcher" class="de.hybris.platform.storefront.security.ExcludeUrlRequestMatcher">
<property name="excludeUrlSet">
<set>
<value>.*/guest/.*</value>
<value>.*/orderConfirmation/.*</value>
<value>.*/login</value>
<value>.*/login/checkout</value>
</set>
</property>
<property name="pathMatcher" ref="defaultPathMatcher" />
</bean>
<bean id="redirectStrategy" class="org.springframework.security.web.DefaultRedirectStrategy" />
<!-- Login Success Handlers -->
<bean id="loginGuidAuthenticationSuccessHandler" class="de.hybris.platform.storefront.security.GUIDAuthenticationSuccessHandler" >
<property name="authenticationSuccessHandler" ref="loginAuthenticationSuccessHandler" />
<property name="guidCookieStrategy" ref="guidCookieStrategy" />
</bean>
<bean id="loginAuthenticationSuccessHandler" class="de.hybris.platform.acceleratorstorefrontcommons.security.StorefrontAuthenticationSuccessHandler" >
<property name="customerFacade" ref="customerFacade" />
<property name="defaultTargetUrl" value="#{'responsive' == '${commerceservices.default.desktop.ui.experience}' ? '/' : '/my-account'}"/>
<property name="useReferer" value="true"/>
<property name="requestCache" ref="httpSessionRequestCache" />
<property name="uiExperienceService" ref="uiExperienceService"/>
<property name="cartFacade" ref="cartFacade"/>
<property name="cartRestorationStrategy" ref="cartRestorationStrategy"/>
<property name="forceDefaultTargetForUiExperienceLevel">
<map key-type="de.hybris.platform.commerceservices.enums.UiExperienceLevel" value-type="java.lang.Boolean">
<entry key="DESKTOP" value="false"/>
<entry key="MOBILE" value="false"/>
</map>
</property>
<property name="bruteForceAttackCounter" ref="bruteForceAttackCounter" />
<property name="restrictedPages">
<list>
<value>/login</value>
</list>
</property>
<property name="listRedirectUrlsForceDefaultTarget">
<list></list>
</property>
</bean>
<bean id="loginCheckoutGuidAuthenticationSuccessHandler" class="de.hybris.platform.storefront.security.GUIDAuthenticationSuccessHandler" >
<property name="authenticationSuccessHandler" ref="loginCheckoutAuthenticationSuccessHandler" />
<property name="guidCookieStrategy" ref="guidCookieStrategy" />
</bean>
<bean id="loginCheckoutAuthenticationSuccessHandler" class="de.hybris.platform.acceleratorstorefrontcommons.security.StorefrontAuthenticationSuccessHandler" >
<property name="customerFacade" ref="customerFacade" />
<property name="defaultTargetUrl" value="/checkout"/>
<property name="uiExperienceService" ref="uiExperienceService"/>
<property name="cartFacade" ref="cartFacade"/>
<property name="cartRestorationStrategy" ref="cartRestorationStrategy"/>
<property name="forceDefaultTargetForUiExperienceLevel">
<map key-type="de.hybris.platform.commerceservices.enums.UiExperienceLevel" value-type="java.lang.Boolean">
<entry key="DESKTOP" value="true"/>
<entry key="MOBILE" value="true"/>
</map>
</property>
<property name="bruteForceAttackCounter" ref="bruteForceAttackCounter" />
<property name="redirectStrategy" ref="commerceRedirectStrategy"/>
<property name="restrictedPages">
<list>
<value>/login/checkout</value>
</list>
</property>
<property name="listRedirectUrlsForceDefaultTarget">
<list></list>
</property>
</bean>
<alias name="defaultCommerceRedirectStrategy" alias="commerceRedirectStrategy"/>
<bean name="defaultCommerceRedirectStrategy" class="de.hybris.platform.storefront.security.impl.DefaultCommerceRedirectStrategy" parent="redirectStrategy">
<property name="checkoutFlowFacade" ref="checkoutFlowFacade"/>
<property name="expressTargetUrl" value="/checkout/multi/express"/>
</bean>
<bean id="loginAuthenticationFailureHandler" class="de.hybris.platform.storefront.security.LoginAuthenticationFailureHandler" >
<property name="bruteForceAttackCounter" ref="bruteForceAttackCounter" />
<property name="defaultFailureUrl" value="/login?error=true"/>
</bean>
<bean id="loginCheckoutAuthenticationFailureHandler" class="de.hybris.platform.storefront.security.LoginAuthenticationFailureHandler" >
<property name="bruteForceAttackCounter" ref="bruteForceAttackCounter" />
<property name="defaultFailureUrl" value="/login/checkout?error=true"/>
</bean>
<!-- Logout Success Handler -->
<bean id="logoutSuccessHandler" class="de.hybris.platform.acceleratorstorefrontcommons.security.StorefrontLogoutSuccessHandler" >
<property name="defaultTargetUrl" value="/?logout=true"/>
<property name="guidCookieStrategy" ref="guidCookieStrategy"/>
<property name="useReferer" value="true"/>
<property name="restrictedPages">
<list>
<value>/my-account</value>
<value>/checkout</value>
</list>
</property>
</bean>
<!-- Remember Me -->
<bean id="rememberMeSuccessHandler" class="de.hybris.platform.storefront.security.RememberMeAuthenticationSuccessHandler">
<property name="guidCookieStrategy" ref="guidCookieStrategy" />
<property name="defaultTargetUrl" value="#{'responsive' == '${commerceservices.default.desktop.ui.experience}' ? '/' : '/my-account'}"/>
<property name="restrictedPages">
<list>
<value>/login</value>
</list>
</property>
<property name="listRedirectUrlsForceDefaultTarget">
<list></list>
</property>
</bean>
<alias name="defaultRememberMeServices" alias="rememberMeServices"/>
<bean id="defaultRememberMeServices" class="de.hybris.platform.storefront.security.AcceleratorRememberMeServices" >
<property name="userDetailsService" ref="originalUidUserDetailsService" />
<property name="key" value="extacceleratorstorefront" />
<property name="cookieName" value="extacceleratorstorefrontRememberMe" />
<property name="alwaysRemember" value="false" />
<property name="userService" ref="userService"/>
<property name="useSecureCookie" value="true"/>
<property name="customerFacade" ref="customerFacade"/>
<property name="checkoutCustomerStrategy" ref="checkoutCustomerStrategy"/>
<property name="urlEncoderService" ref="urlEncoderService"/>
<property name="storeSessionFacade" ref="storeSessionFacade"/>
<property name="commonI18NService" ref="commonI18NService"/>
<property name="secureTokenService" ref="secureTokenService"/>
<property name ="tokenValiditySeconds" value="#{configurationService.configuration.getProperty('security.rememberme.cookie.validity')}"/>
</bean>
<bean id="rememberMeAuthenticationProvider" class="org.springframework.security.authentication.RememberMeAuthenticationProvider" >
<property name="key" value="extacceleratorstorefront"/>
</bean>
</beans>
You can’t perform that action at this time.