-
Notifications
You must be signed in to change notification settings - Fork 14
/
sec-system.xml
134 lines (115 loc) · 5.27 KB
/
sec-system.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
<?xml version="1.0" encoding="UTF-8"?>
<!--
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright 2008 Glencoe Software, Inc.. All rights reserved.
# Use is subject to license terms supplied in LICENSE.txt
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Written by: Josh Moore, josh at glencoesoftware.com
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<description>
sec-system.xml defines the interceptors for all methods which need
authentication and authorization as well as the core security system
classes.
</description>
<!-- Disabled the security system holder for the moment -->
<alias name="basicSecuritySystem" alias="securitySystem"/>
<bean id="securitySystemHolder" class="ome.security.SecuritySystemHolder">
<constructor-arg ref="basicSecuritySystem"/>
<constructor-arg ref="sharingSecuritySystem"/>
</bean>
<bean id="sharingSecuritySystem" class="ome.security.sharing.SharingSecuritySystem">
<constructor-arg ref="basicSecuritySystem"/>
</bean>
<bean id="basicSecuritySystem" class="ome.security.basic.BasicSecuritySystem">
<constructor-arg ref="omeroInterceptor"/>
<constructor-arg ref="systemTypes"/>
<constructor-arg ref="currentDetails"/>
<constructor-arg ref="sessionManager"/>
<constructor-arg ref="sessionProvider"/>
<constructor-arg ref="eventProvider"/>
<constructor-arg ref="roles"/>
<constructor-arg ref="internalServiceFactory"/>
<constructor-arg ref="tokenHolder"/>
<constructor-arg>
<list>
<ref bean="securityFilterHolder"/>
<ref bean="&LightAdminPrivilegesSecurityFilter"/> <!-- filter is a factory -->
</list>
</constructor-arg>
<constructor-arg ref="policyService"/>
<constructor-arg ref="aclVoter"/>
</bean>
<bean id="basicSecuritySystemSubstituter" class="ome.services.util.BeanInstantiationSubstituter">
<constructor-arg ref="readOnlyStatus"/>
<constructor-arg value="basicSecuritySystem"/>
<constructor-arg value="ome.security.basic.BasicSecuritySystemReadOnly"/>
<property name="isWriteDb" value="true"/> <!-- see SessionProviderInDb.isReadOnly -->
</bean>
<bean id="securityWiring" class="ome.security.basic.BasicSecurityWiring"
lazy-init="true">
<property name="principalHolder" ref="principalHolder"/>
<property name="methodSecurity" ref="methodSecurity"/>
</bean>
<bean id="eventHandler" class="ome.security.basic.EventHandler">
<description>
Scope: private
</description>
<constructor-arg ref="simpleSqlAction"/>
<constructor-arg ref="basicSecuritySystem"/>
<constructor-arg ref="omeroSessionFactory"/>
<constructor-arg ref="transactionAttributeSource"/>
<constructor-arg ref="readOnlyStatus"/>
</bean>
<!-- These might should be moved to a third security tier -->
<bean id="eventListeners" class="ome.security.basic.EventListenersFactoryBean">
<description>
Used by hibernate.xml during the creation of SessionFactory.
</description>
<constructor-arg ref="aclVoter"/>
<constructor-arg ref="currentDetails"/>
<constructor-arg ref="tokenHolder"/>
<constructor-arg ref="omeroInterceptor"/>
<property name="debugAll" value="false"/>
</bean>
<bean id="omeroInterceptor" class="ome.security.basic.OmeroInterceptor" depends-on="adminPrivilegesCleanup">
<description>
Scope: private
</description>
<constructor-arg ref="roles"/>
<constructor-arg ref="systemTypes"/>
<constructor-arg ref="currentDetails"/>
<constructor-arg ref="tokenHolder"/>
<constructor-arg ref="extendedMetadata"/>
<constructor-arg ref="delegatingStats"/>
<constructor-arg ref="adminPrivileges"/>
<constructor-arg ref="simpleSqlAction"/>
<constructor-arg ref="sqlQueryTransformer"/>
<constructor-arg ref="managedRepoUuids"/>
<constructor-arg ref="scriptRepoUuids"/>
</bean>
<bean id="adminPrivilegesCleanup" class="ome.security.basic.LightAdminPrivilegesCleanup">
<constructor-arg ref="simpleSqlAction"/>
<constructor-arg value="10"></constructor-arg> <!-- seconds, matching cron expression below -->
</bean>
<bean id="adminPrivilegesCleanupTrigger" class="org.springframework.scheduling.quartz.CronTriggerFactoryBean">
<property name="jobDetail" ref="adminPrivilegesCleanupRun"/>
<property name="cronExpression" value="*/10 * * * * ?"/>
</bean>
<bean id="adminPrivilegesCleanupRun" class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean">
<property name="targetObject" ref="adminPrivilegesCleanup"/>
<property name="targetMethod" value="run"/>
<property name="concurrent" value="false"/>
</bean>
<bean id="adminPrivilegesCleanupTriggerGuard" class="ome.services.util.BeanInstantiationGuard">
<constructor-arg ref="readOnlyStatus"/>
<constructor-arg value="adminPrivilegesCleanupTrigger"/>
<property name="isWriteDb" value="true"/>
</bean>
</beans>