| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor |
| license agreements. See the NOTICE file distributed with this work for additional |
| information regarding copyright ownership. The ASF licenses this file to |
| You under the Apache License, Version 2.0 (the "License"); you may not use |
| this file except in compliance with the License. You may obtain a copy of |
| the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required |
| by applicable law or agreed to in writing, software distributed under the |
| License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS |
| OF ANY KIND, either express or implied. See the License for the specific |
| language governing permissions and limitations under the License. --> |
| |
| <beans:beans xmlns="http://www.springframework.org/schema/security" |
| xmlns:beans="http://www.springframework.org/schema/beans" |
| xmlns:security="http://www.springframework.org/schema/security" |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xmlns:context="http://www.springframework.org/schema/context" |
| xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd |
| http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> |
| |
| <security:http pattern="/login.jsp" security="none" /> |
| <security:http pattern="/css/**" security="none" /> |
| <security:http pattern="/img/**" security="none" /> |
| <security:http pattern="/libs/**" security="none" /> |
| <security:http pattern="/js/**" security="none" /> |
| <security:http pattern="/ieerror.html" security="none" /> |
| <security:http pattern="/api/atlas/admin/status" security="none" /> |
| <security:http pattern="/api/atlas/admin/metrics" security="none" /> |
| |
| <security:http create-session="always" |
| entry-point-ref="entryPoint"> |
| <security:session-management |
| session-fixation-protection="newSession" /> |
| <intercept-url pattern="/**" access="isAuthenticated()" /> |
| <custom-filter ref="ssoAuthenticationFilter" after="BASIC_AUTH_FILTER" /> |
| |
| <security:custom-filter ref="krbAuthenticationFilter" after="SERVLET_API_SUPPORT_FILTER" /> |
| <security:custom-filter ref="csrfPreventionFilter" after="REMEMBER_ME_FILTER" /> |
| |
| <form-login |
| login-page="/login.jsp" |
| login-processing-url="/j_spring_security_check" |
| authentication-success-handler-ref="atlasAuthenticationSuccessHandler" |
| authentication-failure-handler-ref="atlasAuthenticationFailureHandler" |
| username-parameter="j_username" |
| password-parameter="j_password" /> |
| |
| <security:logout logout-success-url="/login.jsp" delete-cookies="ATLASSESSIONID" |
| logout-url="/logout.html" /> |
| <http-basic /> |
| <headers disabled="true"/> |
| <csrf disabled="true"/> |
| <security:custom-filter position="LAST" ref="atlasAuthorizationFilter"/> |
| </security:http> |
| |
| <beans:bean id="userDAO" class="org.apache.atlas.web.dao.UserDao" init-method="init"/> |
| <beans:bean id="userDetailsService" class="org.apache.atlas.web.service.UserService"> |
| <beans:constructor-arg ref="userDAO"/> |
| </beans:bean> |
| <beans:bean id="atlasLDAPProvider" class="org.apache.atlas.web.security.AtlasLdapAuthenticationProvider"/> |
| <beans:bean id="atlasFileProvider" class="org.apache.atlas.web.security.AtlasFileAuthenticationProvider"> |
| <beans:constructor-arg ref="userDetailsService"/> |
| </beans:bean> |
| <beans:bean id="atlasADProvider" class="org.apache.atlas.web.security.AtlasADAuthenticationProvider"/> |
| <beans:bean id="atlasPamProvider" class="org.apache.atlas.web.security.AtlasPamAuthenticationProvider"/> |
| <beans:bean id="atlasAuthenticationProvider" class="org.apache.atlas.web.security.AtlasAuthenticationProvider"> |
| <beans:constructor-arg index="0" ref="atlasLDAPProvider"/> |
| <beans:constructor-arg index="1" ref="atlasFileProvider"/> |
| <beans:constructor-arg index="2" ref="atlasADProvider"/> |
| <beans:constructor-arg index="3" ref="atlasPamProvider"/> |
| </beans:bean> |
| |
| <beans:bean id="krbAuthenticationFilter" class="org.apache.atlas.web.filters.AtlasAuthenticationFilter"> |
| </beans:bean> |
| |
| <beans:bean id="ssoAuthenticationFilter" class="org.apache.atlas.web.filters.AtlasKnoxSSOAuthenticationFilter"> |
| <beans:constructor-arg name="authenticationProvider" ref="atlasAuthenticationProvider"/> |
| </beans:bean> |
| |
| <beans:bean id="csrfPreventionFilter" class="org.apache.atlas.web.filters.AtlasCSRFPreventionFilter"> |
| </beans:bean> |
| |
| <beans:bean id="atlasAuthenticationSuccessHandler" |
| class="org.apache.atlas.web.security.AtlasAuthenticationSuccessHandler" /> |
| |
| <beans:bean id="atlasAuthenticationFailureHandler" |
| class="org.apache.atlas.web.security.AtlasAuthenticationFailureHandler" /> |
| |
| <beans:bean id="formAuthenticationEntryPoint" |
| class="org.apache.atlas.web.filters.AtlasAuthenticationEntryPoint"> |
| <beans:constructor-arg value="/login.jsp"/> |
| </beans:bean> |
| |
| <beans:bean id="authenticationEntryPoint" |
| class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint"> |
| <beans:property name="realmName" value="atlas.com" /> |
| </beans:bean> |
| |
| <beans:bean id="entryPoint" class="org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint"> |
| <beans:constructor-arg> |
| <beans:map> |
| <beans:entry key="hasHeader('User-Agent','Mozilla')" value-ref="formAuthenticationEntryPoint" /> |
| </beans:map> |
| </beans:constructor-arg> |
| <beans:property name="defaultEntryPoint" ref="authenticationEntryPoint"/> |
| </beans:bean> |
| |
| |
| <security:authentication-manager |
| alias="authenticationManager"> |
| <security:authentication-provider |
| ref="atlasAuthenticationProvider" /> |
| </security:authentication-manager> |
| |
| <security:global-method-security pre-post-annotations="enabled" /> |
| |
| <beans:bean id = "atlasAuthorizationFilter" class="org.apache.atlas.web.filters.AtlasAuthorizationFilter"/> |
| </beans:beans> |