Google Git
Sign in
apache / directory-fortress-commander / c7ac6ab160f14a98d7d06a5168d439ad8f98d934 / . / src / main / resources / applicationContext.xml
blob: ae31ea1c298a4cc6ba8ea73d1da185a8de0e7e5e [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
~
~ Copyright 1998-2014 The OpenLDAP Foundation.
~ All rights reserved.
~
~ Redistribution and use in source and binary forms, with or without
~ modification, are permitted only as authorized by the OpenLDAP
~ Public License.
~
~ A copy of this license is available in the file LICENSE in the
~ top-level directory of the distribution or, alternatively, at
~ <http://www.OpenLDAP.org/license.html>.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- Housekeeping -->
<bean id="baseURL" class="java.lang.String">
<constructor-arg value="${scheme}://${host}:${port}${rootPath}"/>
</bean>
<bean id="site" class="java.lang.String">
<constructor-arg value="${project.parent.url}"/>
</bean>
<bean id="license" class="java.lang.String">
<constructor-arg value="${licenseUrl}"/>
</bean>
<bean id="HOME" class="java.lang.String">
<constructor-arg value="HOME"/>
</bean>
<!-- These Fortress Manager beans are used as api for RBAC/IAM domain model -->
<bean id="reviewMgr" class="org.openldap.fortress.ReviewMgrFactory" scope="prototype"
factory-method="createInstance">
<constructor-arg value="HOME"/>
</bean>
<bean id="adminMgr" class="org.openldap.fortress.AdminMgrFactory" scope="prototype"
factory-method="createInstance">
<constructor-arg value="HOME"/>
</bean>
<bean id="accessMgr" class="org.openldap.fortress.AccessMgrFactory" scope="prototype"
factory-method="createInstance">
<constructor-arg value="HOME"/>
</bean>
<bean id="delReviewMgr" class="org.openldap.fortress.DelReviewMgrFactory" scope="prototype"
factory-method="createInstance">
<constructor-arg value="HOME"/>
</bean>
<bean id="delAdminMgr" class="org.openldap.fortress.DelAdminMgrFactory" scope="prototype"
factory-method="createInstance">
<constructor-arg value="HOME"/>
</bean>
<bean id="delAccessMgr" class="org.openldap.fortress.DelAccessMgrFactory" scope="prototype"
factory-method="createInstance">
<constructor-arg value="HOME"/>
</bean>
<bean id="auditMgr" class="org.openldap.fortress.AuditMgrFactory" scope="prototype"
factory-method="createInstance">
<constructor-arg value="HOME"/>
</bean>
<bean id="pwPolicyMgr" class="org.openldap.fortress.PwPolicyMgrFactory" scope="prototype"
factory-method="createInstance">
<constructor-arg value="HOME"/>
</bean>
<bean id="groupMgr" class="org.openldap.fortress.ldap.group.GroupMgrFactory" scope="prototype"
factory-method="createInstance">
<constructor-arg value="HOME"/>
</bean>
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="targetObject">
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="targetClass" value="java.lang.System"/>
<property name="targetMethod" value="getProperties"/>
</bean>
</property>
<property name="targetMethod" value="putAll"/>
<property name="arguments">
<util:properties>
<prop key="version">1.0-RC37</prop>
</util:properties>
</property>
</bean>
<!-- Inject spring context into wicket pages -->
<bean id="wicketApplication" class="org.openldap.commander.ApplicationContext"></bean>
<!-- setup spring security using preauthenticated (java ee) strategy -->
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/**" filters="sif,j2eePreAuthFilter,logoutFilter,etf,fsi"/>
</sec:filter-chain-map>
</bean>
<bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref='preAuthenticatedAuthenticationProvider'/>
</sec:authentication-manager>
<bean id="preAuthenticatedAuthenticationProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/>
</bean>
<bean id="preAuthenticatedUserDetailsService"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
<bean id="j2eePreAuthFilter"
class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationDetailsSource">
<bean class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
<property name="mappableRolesRetriever">
<bean class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever"/>
</property>
<property name="userRoles2GrantedAuthoritiesMapper">
<bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">
<property name="convertAttributeToUpperCase" value="true"/>
</bean>
</property>
</bean>
</property>
</bean>
<bean id="preAuthenticatedProcessingFilterEntryPoint"
class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="/"/>
<constructor-arg>
<list>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
<bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/>
<bean id="etf" class="org.springframework.security.web.access.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="preAuthenticatedProcessingFilterEntryPoint"/>
</bean>
<bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
</list>
</property>
</bean>
<bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
<property name="securityMetadataSource">
<sec:filter-invocation-definition-source>
<!-- before spring interceptor recognizes these roles, the j2ee preauthentication filter requires prior declaration in web.xml -->
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.userpage"
access="ROLE_RBAC_ADMIN,ROLE_USERS"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.rolepage"
access="ROLE_RBAC_ADMIN,ROLE_ROLES"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.permpage"
access="ROLE_RBAC_ADMIN,ROLE_PERMS"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.sdstaticpage"
access="ROLE_RBAC_ADMIN,ROLE_SSDS"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.sddynamicpage"
access="ROLE_RBAC_ADMIN,ROLE_DSDS"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.pwpolicypage"
access="ROLE_RBAC_ADMIN,ROLE_POLICIES"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.objectpage"
access="ROLE_RBAC_ADMIN,ROLE_PERMOBJS"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.ouuserpage"
access="ROLE_RBAC_ADMIN,ROLE_USEROUS"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.oupermpage"
access="ROLE_RBAC_ADMIN,ROLE_PERMOUS"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.roleadminpage"
access="ROLE_RBAC_ADMIN,ROLE_ADMINROLES"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.objectadminpage"
access="ROLE_RBAC_ADMIN,ROLE_ADMINOBJS"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.permadminpage"
access="ROLE_RBAC_ADMIN,ROLE_ADMINPERMS"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.auditauthzpage"
access="ROLE_RBAC_ADMIN,ROLE_AUDIT_AUTHZS"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.auditmodpage"
access="ROLE_RBAC_ADMIN,ROLE_AUDIT_MODS"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.auditbindpage"
access="ROLE_RBAC_ADMIN,ROLE_AUDIT_BINDS"/>
<sec:intercept-url pattern="/wicket/bookmarkable/org.openldap.commander.grouppage"
access="ROLE_RBAC_ADMIN,ROLE_GROUPS"/>
</sec:filter-invocation-definition-source>
</property>
</bean>
<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/>
<bean id="securityContextHolderAwareRequestFilter"
class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"/>
</beans>