/
applicationContext-security.xml
96 lines (86 loc) · 4.09 KB
/
applicationContext-security.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- HTTP security configurations -->
<http auto-config="true" use-expressions="true">
<form-login
login-processing-url="/resources/j_spring_security_check"
login-page="/login"
authentication-failure-url="/login?login_error=t" />
<logout logout-url="/resources/j_spring_security_logout" />
<!-- Configure these elements to secure URIs in your application -->
<intercept-url pattern="/coursecatalogs/**" method="DELETE"
access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/coursecatalogs/**"
access="hasAnyRole('ROLE_ADMIN', 'ROLE_STUDENT')" />
<intercept-url pattern="/coursedetails/**" method="POST"
access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/coursedetails/**" method="PUT"
access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/coursedetails/**" method="GET"
access="permitAll" />
<intercept-url pattern="/coursedetails/**" method="DELETE"
access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/coursedetails/**"
access="hasAnyRole('ROLE_ADMIN','ROLE_STUDENT')" />
<intercept-url pattern="/**" access="permitAll" />
</http>
<!--
Uncomment the LDAP server authentication provider configuration
below and comment other authentication providers
to authenticate against OpenDS LDAP repository.
-->
<!--
<ldap-server id="ldapServer"
url="ldap://localhost:389"
manager-dn="cn=Directory Manager"
manager-password="test123"
/>
<authentication-manager alias="authenticationManager">
<ldap-authentication-provider
server-ref="ldapServer"
user-dn-pattern="uid={0},dc=coursemanager,dc=org"
user-search-filter="(uid={0})"
user-search-base="dc=coursemanager,dc=org"
group-search-base="dc=coursemanager,dc=org"
group-role-attribute="dc=coursemanager,dc=org"
/>
</authentication-manager>
-->
<!-- Configure Authentication mechanism -->
<authentication-manager alias="authenticationManager">
<!-- SHA-256 values can be produced using 'echo -n your_desired_password | sha256sum' (using normal *nix environments) -->
<authentication-provider>
<password-encoder hash="sha-256" />
<!--
Uncomment the JDBC authentication provider configuration
below and comment other authentication providers
to authenticate against a relational database.
-->
<!--
<jdbc-user-service data-source-ref="inMemoryTestDataSource"
users-by-username-query="
SELECT username, password, enabled
FROM security_principals WHERE username = ?"
authorities-by-username-query="
SELECT p.username, a.authority
FROM security_principals p, security_authorities a, security_role_assignments ra
WHERE p.username = ra.username
AND a.roleId = ra.roleId
AND p.username = ?"
/>
-->
<user-service>
<!-- user id/password = admin/admin -->
<user name="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" authorities="ROLE_ADMIN"/>
<!-- user id/password = student/student -->
<user name="student" password="264c8c381bf16c982a4e59b0dd4c6f7808c51a05f64c35db42cc78a2a72875bb" authorities="ROLE_STUDENT"/>
</user-service>
</authentication-provider>
</authentication-manager>
<beans:bean id="loggerListener"
class="org.springframework.security.authentication.event.LoggerListener" />
</beans:beans>