| <?xml version="1.0"?> |
| <!-- |
| ~ Licensed to the Apache Software Foundation (ASF) under one or more |
| ~ contributor license agreements. See the NOTICE file distributed with |
| ~ this work for additional information regarding copyright ownership. |
| ~ The ASF licenses this file to You under the Apache License, Version 2.0 |
| ~ (the "License"); you may not use this file except in compliance with |
| ~ the License. You may obtain a copy of the License at |
| ~ |
| ~ http://www.apache.org/licenses/LICENSE-2.0 |
| ~ |
| ~ Unless required by applicable law or agreed to in writing, software |
| ~ distributed under the License is distributed on an "AS IS" BASIS, |
| ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| ~ See the License for the specific language governing permissions and |
| ~ limitations under the License. |
| --> |
| |
| <beans xmlns="http://www.springframework.org/schema/beans" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:scr="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans |
| http://www.springframework.org/schema/beans/spring-beans-3.1.xsd |
| http://www.springframework.org/schema/security |
| http://www.springframework.org/schema/security/spring-security-3.1.xsd |
| http://www.springframework.org/schema/tx |
| http://www.springframework.org/schema/tx/spring-tx-3.1.xsd"> |
| |
| <scr:http auto-config="true" use-expressions="true"> |
| <!-- Support HTTP Basic Auth--> |
| <scr:http-basic entry-point-ref="unauthorisedEntryPoint"/> |
| <scr:intercept-url pattern="/rest/entities" method="POST" access="hasRole('ROLE_ADMIN')" /> |
| <scr:intercept-url pattern="/rest/entities/delete" method="POST" access="hasRole('ROLE_ADMIN')" /> |
| <scr:intercept-url pattern="/rest/module/*" method="DELETE" access="hasRole('ROLE_ADMIN')" /> |
| <scr:intercept-url pattern="/rest/module/*" method="POST" access="hasRole('ROLE_ADMIN')" /> |
| <scr:intercept-url pattern="/rest/list" method="POST" access="hasRole('ROLE_ADMIN')" /> |
| <scr:intercept-url pattern="/rest/status" method="GET" access="permitAll" /> |
| <scr:intercept-url pattern="/rest/*" access="isAuthenticated()" /> |
| <scr:logout logout-url="/logout" invalidate-session="true" delete-cookies="JSESSIONID" success-handler-ref="logoutSuccessHandler"/> |
| <scr:session-management session-fixation-protection="newSession"/> |
| </scr:http> |
| |
| <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" /> |
| <bean id="logoutSuccessHandler" class="org.apache.eagle.service.security.auth.LogoutSuccessHandlerImpl" /> |
| <bean id="unauthorisedEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" /> |
| |
| <beans profile="default"> |
| <bean id="ldapUserAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> |
| <constructor-arg> |
| <bean class="org.springframework.security.ldap.authentication.BindAuthenticator"> |
| <constructor-arg ref="ldapSource" /> |
| <property name="userSearch"> |
| <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> |
| <constructor-arg index="0" value="${ldap.user.searchBase}" /> |
| <constructor-arg index="1" value="${ldap.user.searchPattern}" /> |
| <constructor-arg index="2" ref="ldapSource" /> |
| </bean> |
| </property> |
| </bean> |
| </constructor-arg> |
| <constructor-arg> |
| <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator"> |
| <constructor-arg index="0" ref="ldapSource" /> |
| <constructor-arg index="1" value="${ldap.user.groupSearchBase}" /> |
| <property name="groupSearchFilter" value="uniqueMember={0}"/> |
| <property name="convertToUpperCase" value="true" /> |
| <property name="rolePrefix" value="ROLE_" /> |
| </bean> |
| </constructor-arg> |
| </bean> |
| |
| <scr:authentication-manager alias="authenticationManager"> |
| <!-- do user ldap auth --> |
| <scr:authentication-provider ref="ldapUserAuthProvider"></scr:authentication-provider> |
| </scr:authentication-manager> |
| |
| <bean id="ldapSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> |
| <constructor-arg value="${ldap.server}" /> |
| <property name="userDn" value="${ldap.username}" /> |
| <property name="password" value="${ldap.password}" /> |
| </bean> |
| </beans> |
| |
| <beans profile="sandbox,testing"> |
| <scr:authentication-manager alias="authenticationManager"> |
| <scr:authentication-provider> |
| <scr:user-service> |
| <!-- user admin has role ADMIN, user eagle has role USER, both have password "secret" --> |
| <scr:user name="eagle" password="$2a$10$TwALMRHpSetDaeTurg9rj.DnIdOde4fkQGBSPG3fVqtH.G5ZH8sQK" authorities="ROLE_USER" /> |
| <scr:user name="admin" password="$2a$10$TwALMRHpSetDaeTurg9rj.DnIdOde4fkQGBSPG3fVqtH.G5ZH8sQK" authorities="ROLE_ADMIN" /> |
| </scr:user-service> |
| <scr:password-encoder ref="passwordEncoder" /> |
| </scr:authentication-provider> |
| </scr:authentication-manager> |
| </beans> |
| </beans> |