| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <!-- |
| - Sample namespace-based configuration |
| - |
| --> |
| |
| <beans xmlns="http://www.springframework.org/schema/beans" |
| xmlns:sec="http://www.springframework.org/schema/security" |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd |
| http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> |
| |
| <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy"> |
| <sec:filter-chain-map path-type="ant"> |
| <sec:filter-chain pattern="/**" filters="sif,j2eePreAuthFilter,logoutFilter,etf,fsi"/> |
| </sec:filter-chain-map> |
| </bean> |
| |
| <bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/> |
| |
| <sec:authentication-manager alias="authenticationManager"> |
| <sec:authentication-provider ref='preAuthenticatedAuthenticationProvider'/> |
| </sec:authentication-manager> |
| |
| <bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider"> |
| <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/> |
| </bean> |
| |
| <!-- |
| <bean id="preAuthenticatedUserDetailsService" |
| class="org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/> |
| --> |
| <bean id="preAuthenticatedUserDetailsService" |
| class="org.apache.cxf.fediz.spring.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService"/> |
| |
| <!--<bean id="j2eePreAuthFilter" class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">--> |
| <bean id="j2eePreAuthFilter" class="org.apache.cxf.fediz.spring.preauth.FederationPreAuthenticatedProcessingFilter"> |
| <property name="authenticationManager" ref="authenticationManager"/> |
| <property name="authenticationDetailsSource"> |
| <bean class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"> |
| <property name="mappableRolesRetriever"> |
| <bean class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever" /> |
| </property> |
| <property name="userRoles2GrantedAuthoritiesMapper"> |
| <bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper"> |
| <property name="convertAttributeToUpperCase" value="true"/> |
| </bean> |
| </property> |
| </bean> |
| </property> |
| </bean> |
| |
| <bean id="preAuthenticatedProcessingFilterEntryPoint" |
| class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/> |
| |
| <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> |
| <constructor-arg value="/"/> |
| <constructor-arg> |
| <list> |
| <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/> |
| </list> |
| </constructor-arg> |
| </bean> |
| |
| <bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/> |
| |
| <bean id="etf" class="org.springframework.security.web.access.ExceptionTranslationFilter"> |
| <property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/> |
| </bean> |
| |
| <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> |
| <property name="allowIfAllAbstainDecisions" value="false"/> |
| <property name="decisionVoters"> |
| <list> |
| <ref bean="roleVoter"/> |
| </list> |
| </property> |
| </bean> |
| |
| <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> |
| <property name="authenticationManager" ref="authenticationManager"/> |
| <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/> |
| <property name="securityMetadataSource"> |
| <sec:filter-invocation-definition-source> |
| <sec:intercept-url pattern="/secure/manager/**" access="ROLE_MANAGER"/> |
| <sec:intercept-url pattern="/secure/admin/**" access="ROLE_ADMIN"/> |
| <sec:intercept-url pattern="/secure/user/**" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER"/> |
| <sec:intercept-url pattern="/secure/fedservlet" access="ROLE_USER,ROLE_ADMIN,ROLE_MANAGER,ROLE_AUTHENTICATED,ROLE_SECRETARY"/> |
| </sec:filter-invocation-definition-source> |
| </property> |
| </bean> |
| |
| <bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/> |
| |
| <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"/> |
| |
| </beans> |