-
Notifications
You must be signed in to change notification settings - Fork 39
/
applicationContext-security.xml
132 lines (116 loc) · 5.85 KB
/
applicationContext-security.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
<!--
Document : applicationContext-security.xml
Created on :
Author :
Copyright 2010 University of California at Berkeley
Description:
spring security namespace for CS service layer
ref: http://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<!--
debugging tips : enable following categories in
$JBOSS_HOME/server/cspace/conf/jboss-log4j.xml to priority DEBUG
org.apache.catalina.core
org.springframework.security
-->
<bean id="springSecurityFilterChain"
class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/**"
filters="securityContextPersistenceFilter,basicAuthenticationFilter,logoutFilter,exTranslationFilter,filterInvocationInterceptor"/>
</sec:filter-chain-map>
</bean>
<bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<property name='securityContextRepository'>
<bean class='org.springframework.security.web.context.HttpSessionSecurityContextRepository'>
<property name='allowSessionCreation' value='true' />
</bean>
</property>
</bean>
<bean id="basicAuthenticationFilter"
class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint"/>
</bean>
<bean id="basicAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
<property name="realmName" value="org.collectionspace.services"/>
</bean>
<bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="/"/>
<constructor-arg>
<list>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
<bean id="exTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint"/>
</bean>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="jaasAuthenticationProvider" user-service-ref="userDetailsService"/>
</sec:authentication-manager>
<bean id="jaasAuthenticationProvider"
class="org.springframework.security.authentication.jaas.JaasAuthenticationProvider">
<property name="loginContextName">
<value>cspace</value> <!-- value should be same as in application-policy in JBoss login-config.xml -->
</property>
<property name="loginConfig">
<value>/WEB-INF/login.conf</value> <!-- filler, not used at runtime -->
</property>
<property name="callbackHandlers">
<list>
<bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler"/>
<bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler"/>
</list>
</property>
<property name="authorityGranters">
<list>
<bean class="org.collectionspace.authentication.spring.CSpaceAuthorityGranter"/>
</list>
</property>
</bean>
<bean id="userDetailsService"
class="org.collectionspace.authentication.spring.CSpaceUserDetailsService">
</bean>
<bean id="filterInvocationInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
<!--property name="securityMetadataSource" ref="cspaceMetadataSource"/-->
<property name="securityMetadataSource">
<sec:filter-security-metadata-source>
<sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED"/>
</sec:filter-security-metadata-source>
</property>
</bean>
<bean id="httpRequestAccessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
<ref bean="authenticatedVoter"/>
</list>
</property>
</bean>
<bean id="authenticatedVoter"
class="org.springframework.security.access.vote.AuthenticatedVoter"/>
<bean id="roleVoter"
class="org.springframework.security.access.vote.RoleVoter"/>
<!--bean id="cspaceMetadataSource" class="org.collectionspace.services.authorization.spring.CSpaceSecurityMetadataSource">
<property name="urlProperties">
<util:properties location="classpath:urls.properties" />
</property>
</bean-->
</beans>