/
web.xml
112 lines (101 loc) · 4.11 KB
/
web.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
~ © 2023 iamfortress.net
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<display-name>Apache Fortress Demo</display-name>
<!-- SPRING config: -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>wicket.myproject</filter-name>
<filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
<init-param>
<param-name>applicationClassName</param-name>
<param-value>com.mycompany.WicketApplication</param-value>
</init-param>
</filter>
<!-- Enable Spring Security filter chain proxy: -->
<filter>
<filter-name>filterChainProxy</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>filterChainProxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- This mapping must follow filter chain proxy for spring security checks to work! -->
<filter-mapping>
<filter-name>wicket.myproject</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<!-- Begin JAVA EE Security configs: -->
<!-- Resources excepted from authentication -->
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/wicket/bookmarkable/com.mycompany.LogoutPage</url-pattern>
</web-resource-collection>
<!-- OMIT auth-constraint -->
</security-constraint>
<!-- All wicket resources (except logout page) requires authentication and this role: -->
<security-constraint>
<display-name>My Project Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/wicket/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with listed role may access this web app though there will be further restrictions later on inside Spring, Web app and DAO security layers -->
<role-name>DEMO2_USER</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MySecurityRealm</realm-name>
<form-login-config>
<form-login-page>/login/login.html</form-login-page>
<form-error-page>/login/error.html</form-error-page>
</form-login-config>
</login-config>
<!-- This role is required for all -->
<security-role>
<role-name>DEMO2_USER</role-name>
</security-role>
<!-- These security roles are declared in order to be used by Spring Security's FilterSecurityInterceptor - see applicationContext.xml -->
<security-role>
<role-name>ROLE_DEMO2_SUPER_USER</role-name>
</security-role>
<security-role>
<role-name>ROLE_PAGE1</role-name>
</security-role>
<security-role>
<role-name>ROLE_PAGE2</role-name>
</security-role>
<security-role>
<role-name>ROLE_PAGE3</role-name>
</security-role>
<!-- The following pages are not secured: -->
<error-page>
<error-code>403</error-code>
<location>/login/unauthorized.html</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/login/pagenotfound.html</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/login/unexpected.html</location>
</error-page>
</web-app>