| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor |
| license agreements. See the NOTICE file distributed with this work for additional |
| information regarding copyright ownership. The ASF licenses this file to |
| You under the Apache License, Version 2.0 (the "License"); you may not use |
| this file except in compliance with the License. You may obtain a copy of |
| the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required |
| by applicable law or agreed to in writing, software distributed under the |
| License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS |
| OF ANY KIND, either express or implied. See the License for the specific |
| language governing permissions and limitations under the License. --> |
| |
| <beans:beans xmlns="http://www.springframework.org/schema/security" |
| xmlns:beans="http://www.springframework.org/schema/beans" |
| xmlns:security="http://www.springframework.org/schema/security" |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd |
| http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> |
| |
| <!-- This XML is no longer being used, @see AtlasSecurityConfig for the equivalent java config --> |
| |
| <security:http pattern="/login.jsp" security="none" /> |
| <security:http pattern="/css/**" security="none" /> |
| <security:http pattern="/img/**" security="none" /> |
| <security:http pattern="/libs/**" security="none" /> |
| <security:http pattern="/js/**" security="none" /> |
| <security:http pattern="/ieerror.html" security="none" /> |
| <security:http pattern="/api/atlas/admin/status" security="none" /> |
| <security:http pattern="/api/atlas/admin/metrics" security="none" /> |
| |
| <security:http create-session="always" |
| entry-point-ref="entryPoint"> |
| <security:session-management |
| session-fixation-protection="newSession" /> |
| <intercept-url pattern="/**" access="isAuthenticated()" /> |
| <custom-filter ref="ssoAuthenticationFilter" after="BASIC_AUTH_FILTER" /> |
| |
| <security:custom-filter ref="krbAuthenticationFilter" after="SERVLET_API_SUPPORT_FILTER" /> |
| <security:custom-filter ref="CSRFPreventionFilter" after="REMEMBER_ME_FILTER" /> |
| |
| <form-login |
| login-page="/login.jsp" |
| login-processing-url="/j_spring_security_check" |
| authentication-success-handler-ref="atlasAuthenticationSuccessHandler" |
| authentication-failure-handler-ref="atlasAuthenticationFailureHandler" |
| username-parameter="j_username" |
| password-parameter="j_password" /> |
| |
| <security:logout logout-success-url="/login.jsp" delete-cookies="ATLASSESSIONID" |
| logout-url="/logout.html" /> |
| <http-basic /> |
| <headers disabled="true"/> |
| <csrf disabled="true"/> |
| <security:custom-filter position="LAST" ref="atlasAuthorizationFilter"/> |
| </security:http> |
| |
| <beans:bean id="krbAuthenticationFilter" class="org.apache.atlas.web.filters.AtlasAuthenticationFilter"> |
| </beans:bean> |
| |
| <beans:bean id="ssoAuthenticationFilter" class="org.apache.atlas.web.filters.AtlasKnoxSSOAuthenticationFilter"> |
| </beans:bean> |
| |
| <beans:bean id="CSRFPreventionFilter" class="org.apache.atlas.web.filters.AtlasCSRFPreventionFilter"> |
| </beans:bean> |
| |
| <beans:bean id="atlasAuthenticationSuccessHandler" |
| class="org.apache.atlas.web.security.AtlasAuthenticationSuccessHandler" /> |
| |
| <beans:bean id="atlasAuthenticationFailureHandler" |
| class="org.apache.atlas.web.security.AtlasAuthenticationFailureHandler" /> |
| |
| <beans:bean id="formAuthenticationEntryPoint" |
| class="org.apache.atlas.web.filters.AtlasAuthenticationEntryPoint"> |
| <beans:constructor-arg value="/login.jsp"/> |
| </beans:bean> |
| |
| <beans:bean id="authenticationEntryPoint" |
| class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint"> |
| <beans:property name="realmName" value="atlas.com" /> |
| </beans:bean> |
| |
| <beans:bean id="entryPoint" class="org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint"> |
| <beans:constructor-arg> |
| <beans:map> |
| <beans:entry key="hasHeader('User-Agent','Mozilla')" value-ref="formAuthenticationEntryPoint" /> |
| </beans:map> |
| </beans:constructor-arg> |
| <beans:property name="defaultEntryPoint" ref="authenticationEntryPoint"/> |
| </beans:bean> |
| |
| |
| <beans:bean id="atlasAuthenticationProvider" |
| class="org.apache.atlas.web.security.AtlasAuthenticationProvider"> |
| </beans:bean> |
| |
| <security:authentication-manager |
| alias="authenticationManager"> |
| <security:authentication-provider |
| ref="atlasAuthenticationProvider" /> |
| </security:authentication-manager> |
| |
| |
| <security:global-method-security |
| pre-post-annotations="enabled" /> |
| |
| <beans:bean id = "atlasAuthorizationFilter" class="org.apache.atlas.web.filters.AtlasAuthorizationFilter"/> |
| </beans:beans> |