samples/spring/src/main/webapp/WEB-INF/applicationContext.xml - jsecurity - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!--
   ~ Licensed to the Apache Software Foundation (ASF) under one
   ~ or more contributor license agreements.  See the NOTICE file
   ~ distributed with this work for additional information
   ~ regarding copyright ownership.  The ASF licenses this file
   ~ to you under the Apache License, Version 2.0 (the
   ~ "License"); you may not use this file except in compliance
   ~ with the License.  You may obtain a copy of the License at
   ~
   ~     http://www.apache.org/licenses/LICENSE-2.0
   ~
   ~ Unless required by applicable law or agreed to in writing,
   ~ software distributed under the License is distributed on an
   ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
   ~ KIND, either express or implied.  See the License for the
   ~ specific language governing permissions and limitations
   ~ under the License.
   -->
 <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

 <beans>

     <!-- Sample RDBMS data source that would exist in any application - not Apache Ki related. -->
     <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
         <property name="driverClassName" value="org.hsqldb.jdbcDriver"/>
         <property name="url" value="jdbc:hsqldb:mem:ki-spring"/>
         <property name="username" value="sa"/>
     </bean>
     <!-- Populates the sample database with sample users and roles. -->
     <bean id="bootstrapDataPopulator" class="org.apache.ki.samples.spring.BootstrapDataPopulator">
         <property name="dataSource" ref="dataSource"/>
     </bean>

     <!-- Simulated business-tier "Manager", not Apache Ki related, just an example -->
     <bean id="sampleManager" class="org.apache.ki.samples.spring.DefaultSampleManager"/>

     <!-- =========================================================
          Apache Ki Core Components - Not Spring Specific
          ========================================================= -->
     <!-- Apache Ki's main business-tier object for web-enabled applications
          (use DefaultSecurityManager instead when there is no web environment)-->
     <bean id="securityManager" class="org.apache.ki.web.DefaultWebSecurityManager">
         <!-- Single realm app.  If you have multiple realms, use the 'realms' property instead. -->
         <property name="realm" ref="jdbcRealm"/>
         <property name="sessionMode" value="ki"/>
     </bean>

     <!-- Used by the SecurityManager to access security data (users, roles, etc).
          Many other realm implementations can be used too (PropertiesRealm,
          LdapRealm, etc. -->
     <bean id="jdbcRealm" class="org.apache.ki.realm.jdbc.JdbcRealm">
         <property name="dataSource" ref="dataSource"/>
         <property name="credentialsMatcher">
             <!-- The 'bootstrapDataPopulator' Sha256 hashes the password
                  (using the username as the salt) then base64 encodes it: -->
             <bean class="org.apache.ki.authc.credential.Sha256CredentialsMatcher">
                 <!-- true means hex encoded, false means base64 encoded -->
                 <property name="storedCredentialsHexEncoded" value="false"/>
                 <!-- We salt the password using the username, the most common practice: -->
                 <property name="hashSalted" value="true"/>
             </bean>
         </property>
     </bean>

     <!-- =========================================================
          Apache Ki Spring-specific integration
          ========================================================= -->
     <!-- Post processor that automatically invokes init() and destroy() methods
          for Spring-configured Apache Ki objects so you don't have to
          1) specify an init-method and destroy-method attributes for every bean
             definition and
          2) even know which Apache Ki objects require these methods to be
             called. -->
     <bean id="lifecycleBeanPostProcessor" class="org.apache.ki.spring.LifecycleBeanPostProcessor"/>

     <!-- Enable Apache Ki Annotations for Spring-configured beans.  Only run after
          the lifecycleBeanProcessor has run: -->
     <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
           depends-on="lifecycleBeanPostProcessor"/>
     <bean class="org.apache.ki.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
         <property name="securityManager" ref="securityManager"/>
     </bean>

     <!-- Secure Spring remoting:  Ensure any Spring Remoting method invocations can be associated
          with a Subject for security checks. -->
     <bean id="secureRemoteInvocationExecutor" class="org.apache.ki.spring.remoting.SecureRemoteInvocationExecutor">
         <property name="securityManager" ref="securityManager"/>
     </bean>

 </beans>
	<?xml version="1.0" encoding="UTF-8"?>
	<!--
	~ Licensed to the Apache Software Foundation (ASF) under one
	~ or more contributor license agreements. See the NOTICE file
	~ distributed with this work for additional information
	~ regarding copyright ownership. The ASF licenses this file
	~ to you under the Apache License, Version 2.0 (the
	~ "License"); you may not use this file except in compliance
	~ with the License. You may obtain a copy of the License at
	~
	~ http://www.apache.org/licenses/LICENSE-2.0
	~
	~ Unless required by applicable law or agreed to in writing,
	~ software distributed under the License is distributed on an
	~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	~ KIND, either express or implied. See the License for the
	~ specific language governing permissions and limitations
	~ under the License.
	-->
	<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

	<beans>

	<!-- Sample RDBMS data source that would exist in any application - not Apache Ki related. -->
	<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
	<property name="driverClassName" value="org.hsqldb.jdbcDriver"/>
	<property name="url" value="jdbc:hsqldb:mem:ki-spring"/>
	<property name="username" value="sa"/>
	</bean>
	<!-- Populates the sample database with sample users and roles. -->
	<bean id="bootstrapDataPopulator" class="org.apache.ki.samples.spring.BootstrapDataPopulator">
	<property name="dataSource" ref="dataSource"/>
	</bean>

	<!-- Simulated business-tier "Manager", not Apache Ki related, just an example -->
	<bean id="sampleManager" class="org.apache.ki.samples.spring.DefaultSampleManager"/>

	<!-- =========================================================
	Apache Ki Core Components - Not Spring Specific
	========================================================= -->
	<!-- Apache Ki's main business-tier object for web-enabled applications
	(use DefaultSecurityManager instead when there is no web environment)-->
	<bean id="securityManager" class="org.apache.ki.web.DefaultWebSecurityManager">
	<!-- Single realm app. If you have multiple realms, use the 'realms' property instead. -->
	<property name="realm" ref="jdbcRealm"/>
	<property name="sessionMode" value="ki"/>
	</bean>

	<!-- Used by the SecurityManager to access security data (users, roles, etc).
	Many other realm implementations can be used too (PropertiesRealm,
	LdapRealm, etc. -->
	<bean id="jdbcRealm" class="org.apache.ki.realm.jdbc.JdbcRealm">
	<property name="dataSource" ref="dataSource"/>
	<property name="credentialsMatcher">
	<!-- The 'bootstrapDataPopulator' Sha256 hashes the password
	(using the username as the salt) then base64 encodes it: -->
	<bean class="org.apache.ki.authc.credential.Sha256CredentialsMatcher">
	<!-- true means hex encoded, false means base64 encoded -->
	<property name="storedCredentialsHexEncoded" value="false"/>
	<!-- We salt the password using the username, the most common practice: -->
	<property name="hashSalted" value="true"/>
	</bean>
	</property>
	</bean>

	<!-- =========================================================
	Apache Ki Spring-specific integration
	========================================================= -->
	<!-- Post processor that automatically invokes init() and destroy() methods
	for Spring-configured Apache Ki objects so you don't have to
	1) specify an init-method and destroy-method attributes for every bean
	definition and
	2) even know which Apache Ki objects require these methods to be
	called. -->
	<bean id="lifecycleBeanPostProcessor" class="org.apache.ki.spring.LifecycleBeanPostProcessor"/>

	<!-- Enable Apache Ki Annotations for Spring-configured beans. Only run after
	the lifecycleBeanProcessor has run: -->
	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
	depends-on="lifecycleBeanPostProcessor"/>
	<bean class="org.apache.ki.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
	<property name="securityManager" ref="securityManager"/>
	</bean>

	<!-- Secure Spring remoting: Ensure any Spring Remoting method invocations can be associated
	with a Subject for security checks. -->
	<bean id="secureRemoteInvocationExecutor" class="org.apache.ki.spring.remoting.SecureRemoteInvocationExecutor">
	<property name="securityManager" ref="securityManager"/>
	</bean>

	</beans>