| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| ~ Licensed to the Apache Software Foundation (ASF) under one |
| ~ or more contributor license agreements. See the NOTICE file |
| ~ distributed with this work for additional information |
| ~ regarding copyright ownership. The ASF licenses this file |
| ~ to you under the Apache License, Version 2.0 (the |
| ~ "License"); you may not use this file except in compliance |
| ~ with the License. You may obtain a copy of the License at |
| ~ |
| ~ http://www.apache.org/licenses/LICENSE-2.0 |
| ~ |
| ~ Unless required by applicable law or agreed to in writing, |
| ~ software distributed under the License is distributed on an |
| ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| ~ KIND, either express or implied. See the License for the |
| ~ specific language governing permissions and limitations |
| ~ under the License. |
| --> |
| <beans xmlns="http://www.springframework.org/schema/beans" |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xmlns:aop="http://www.springframework.org/schema/aop" |
| xmlns:tx="http://www.springframework.org/schema/tx" |
| xmlns:util="http://www.springframework.org/schema/util" |
| xsi:schemaLocation=" |
| http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd |
| http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd |
| http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd |
| http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd"> |
| |
| <!-- Sample RDBMS data source that would exist in any application. Sample is just using an in-memory HSQLDB |
| instance. Change to your application's settings for a real app. --> |
| <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> |
| <property name="driverClassName" value="org.hsqldb.jdbcDriver"/> |
| <property name="url" value="jdbc:hsqldb:mem:jsecurity-spring-hibernate"/> |
| <property name="username" value="sa"/> |
| </bean> |
| |
| <!-- Hibernate SessionFactory --> |
| <bean id="hibernateSessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean"> |
| <property name="dataSource" ref="dataSource"/> |
| <!-- Because we're using an in-memory database for demo purposes (which is lost every time the app |
| shuts down), we have to ensure that the HSQLDB DDL is run each time the app starts. The |
| DDL is auto-generated based on the *.hbm.xml mapping definitions below. --> |
| <property name="schemaUpdate" value="true"/> |
| <property name="mappingResources"> |
| <list> |
| <value>Person.hbm.xml</value> |
| <value>Role.hbm.xml</value> |
| <value>User.hbm.xml</value> |
| </list> |
| </property> |
| <property name="hibernateProperties"> |
| <props> |
| <prop key="hibernate.dialect">org.hibernate.dialect.HSQLDialect</prop> |
| <prop key="hibernate.cache.provider_class">org.hibernate.cache.EhCacheProvider</prop> |
| <!-- <prop key="hibernate.show_sql">true</prop> --> |
| </props> |
| </property> |
| <property name="eventListeners"> |
| <map> |
| <entry key="merge"> |
| <bean class="org.springframework.orm.hibernate3.support.IdTransferringMergeEventListener"/> |
| </entry> |
| </map> |
| </property> |
| </bean> |
| |
| <bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager"> |
| <property name="sessionFactory" ref="hibernateSessionFactory"/> |
| </bean> |
| <tx:annotation-driven/> |
| |
| <!-- Populates the sample database with sample users and roles. This would probably not exist |
| in a real application: - -> |
| <bean id="bootstrapDataPopulator" class="org.jsecurity.samples.spring.BootstrapDataPopulator"> |
| <property name="dataSource" ref="dataSource"/> |
| </bean> --> |
| |
| <!-- The sample app's User DAO for User CRUD operations. Used by the JSecurity Realm |
| to query for Users during login and access control checks, but would be used in other places in a |
| 'real' application too (e.g. UserManager/UserService, etc). --> |
| <bean id="userDAO" class="org.jsecurity.samples.sprhib.party.eis.HibernateUserDAO"> |
| <property name="sessionFactory" ref="hibernateSessionFactory"/> |
| </bean> |
| |
| |
| <!-- ========================================================= |
| JSecurity Core Components - Not Spring-pecific, just Spring-configured |
| ========================================================= --> |
| <!-- JSecurity's main business-tier object for web-enabled applications |
| (use org.jsecurity.mgt.DefaultSecurityManager instead when there is no web environment)--> |
| <bean id="securityManager" class="org.jsecurity.web.DefaultWebSecurityManager"> |
| <!-- Single realm app (realm configured next, below). If you have multiple realms, use the 'realms' |
| property instead. --> |
| <property name="realm" ref="realm"/> |
| <!-- Uncomment this next property if you want heterogenous session access or clusterable/distributable |
| sessions. The default value is 'http' which uses the Servlet container's HttpSession as the underlying |
| Session implementation. |
| <property name="sessionMode" value="jsecurity"/> --> |
| </bean> |
| |
| <!-- Used our sample DefaultRealm which uses our Hibernate UserDAO: --> |
| <bean id="realm" class="org.jsecurity.samples.sprhib.security.DefaultRealm"> |
| <property name="userDAO" ref="userDAO"/> |
| |
| </bean> |
| |
| |
| <!-- ========================================================= |
| JSecurity Spring-specific integration |
| ========================================================= --> |
| <!-- Post processor that automatically invokes init() and destroy() methods |
| for Spring-configured JSecurity objects so you don't have to |
| 1) specify an init-method and destroy-method attributes for every bean |
| definition and |
| 2) even know which JSecurity objects require these methods to be |
| called. --> |
| <bean id="lifecycleBeanPostProcessor" class="org.jsecurity.spring.LifecycleBeanPostProcessor"/> |
| |
| <!-- Enable JSecurity Annotations for Spring-configured beans. Only run after |
| the lifecycleBeanProcessor has run: --> |
| <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" |
| depends-on="lifecycleBeanPostProcessor"/> |
| <bean class="org.jsecurity.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> |
| <property name="securityManager" ref="securityManager"/> |
| </bean> |
| <!-- Secure Spring remoting: Ensure any Spring Remoting method invocations can be associated |
| with a Subject for security checks. --> |
| <bean id="secureRemoteInvocationExecutor" class="org.jsecurity.spring.remoting.SecureRemoteInvocationExecutor"> |
| <property name="securityManager" ref="securityManager"/> |
| </bean> |
| |
| </beans> |