samples/spring-hibernate/WEB-INF/applicationContext.xml - jsecurity - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!--
   ~ Licensed to the Apache Software Foundation (ASF) under one
   ~ or more contributor license agreements.  See the NOTICE file
   ~ distributed with this work for additional information
   ~ regarding copyright ownership.  The ASF licenses this file
   ~ to you under the Apache License, Version 2.0 (the
   ~ "License"); you may not use this file except in compliance
   ~ with the License.  You may obtain a copy of the License at
   ~
   ~     http://www.apache.org/licenses/LICENSE-2.0
   ~
   ~ Unless required by applicable law or agreed to in writing,
   ~ software distributed under the License is distributed on an
   ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
   ~ KIND, either express or implied.  See the License for the
   ~ specific language governing permissions and limitations
   ~ under the License.
   -->
 <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:aop="http://www.springframework.org/schema/aop"
        xmlns:tx="http://www.springframework.org/schema/tx"
        xmlns:util="http://www.springframework.org/schema/util"
        xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">

   <!-- Sample RDBMS data source that would exist in any application.  Sample is just using an in-memory HSQLDB
 instance.  Change to your application's settings for a real app. -->
   <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
     <property name="driverClassName" value="org.hsqldb.jdbcDriver"/>
     <property name="url" value="jdbc:hsqldb:mem:jsecurity-spring-hibernate"/>
     <property name="username" value="sa"/>
   </bean>

   <!-- Hibernate SessionFactory -->
   <bean id="hibernateSessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
     <property name="dataSource" ref="dataSource"/>
     <!-- Because we're using an in-memory database for demo purposes (which is lost every time the app
 shuts down), we have to ensure that the HSQLDB DDL is run each time the app starts.  The
 DDL is auto-generated based on the *.hbm.xml mapping definitions below. -->
     <property name="schemaUpdate" value="true"/>
     <property name="mappingResources">
       <list>
         <value>Person.hbm.xml</value>
         <value>Role.hbm.xml</value>
         <value>User.hbm.xml</value>
       </list>
     </property>
     <property name="hibernateProperties">
       <props>
         <prop key="hibernate.dialect">org.hibernate.dialect.HSQLDialect</prop>
         <prop key="hibernate.cache.provider_class">org.hibernate.cache.EhCacheProvider</prop>
         <!-- <prop key="hibernate.show_sql">true</prop> -->
       </props>
     </property>
     <property name="eventListeners">
       <map>
         <entry key="merge">
           <bean class="org.springframework.orm.hibernate3.support.IdTransferringMergeEventListener"/>
         </entry>
       </map>
     </property>
   </bean>

   <bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager">
     <property name="sessionFactory" ref="hibernateSessionFactory"/>
   </bean>
   <tx:annotation-driven/>

   <!-- Populates the sample database with sample users and roles. This would probably not exist
       in a real application: - ->
  <bean id="bootstrapDataPopulator" class="org.jsecurity.samples.spring.BootstrapDataPopulator">
      <property name="dataSource" ref="dataSource"/>
  </bean> -->

   <!-- The sample app's User DAO for User CRUD operations.  Used by the JSecurity Realm
 to query for Users during login and access control checks, but would be used in other places in a
 'real' application too (e.g. UserManager/UserService, etc). -->
   <bean id="userDAO" class="org.jsecurity.samples.sprhib.party.eis.HibernateUserDAO">
     <property name="sessionFactory" ref="hibernateSessionFactory"/>
   </bean>


   <!-- =========================================================
  JSecurity Core Components - Not Spring-pecific, just Spring-configured
  ========================================================= -->
   <!-- JSecurity's main business-tier object for web-enabled applications
 (use org.jsecurity.mgt.DefaultSecurityManager instead when there is no web environment)-->
   <bean id="securityManager" class="org.jsecurity.web.DefaultWebSecurityManager">
     <!-- Single realm app (realm configured next, below).  If you have multiple realms, use the 'realms'
   property instead. -->
     <property name="realm" ref="realm"/>
     <!-- Uncomment this next property if you want heterogenous session access or clusterable/distributable
       sessions.  The default value is 'http' which uses the Servlet container's HttpSession as the underlying
       Session implementation.
  <property name="sessionMode" value="jsecurity"/> -->
   </bean>

   <!-- Used our sample DefaultRealm which uses our Hibernate UserDAO: -->
   <bean id="realm" class="org.jsecurity.samples.sprhib.security.DefaultRealm">
     <property name="userDAO" ref="userDAO"/>

   </bean>


   <!-- =========================================================
  JSecurity Spring-specific integration
  ========================================================= -->
   <!-- Post processor that automatically invokes init() and destroy() methods
 for Spring-configured JSecurity objects so you don't have to
 1) specify an init-method and destroy-method attributes for every bean
  definition and
 2) even know which JSecurity objects require these methods to be
  called. -->
   <bean id="lifecycleBeanPostProcessor" class="org.jsecurity.spring.LifecycleBeanPostProcessor"/>

   <!-- Enable JSecurity Annotations for Spring-configured beans.  Only run after
 the lifecycleBeanProcessor has run: -->
   <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
         depends-on="lifecycleBeanPostProcessor"/>
   <bean class="org.jsecurity.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
     <property name="securityManager" ref="securityManager"/>
   </bean>
   <!-- Secure Spring remoting:  Ensure any Spring Remoting method invocations can be associated
 with a Subject for security checks. -->
   <bean id="secureRemoteInvocationExecutor" class="org.jsecurity.spring.remoting.SecureRemoteInvocationExecutor">
     <property name="securityManager" ref="securityManager"/>
   </bean>

 </beans>
	<?xml version="1.0" encoding="UTF-8"?>
	<!--
	~ Licensed to the Apache Software Foundation (ASF) under one
	~ or more contributor license agreements. See the NOTICE file
	~ distributed with this work for additional information
	~ regarding copyright ownership. The ASF licenses this file
	~ to you under the Apache License, Version 2.0 (the
	~ "License"); you may not use this file except in compliance
	~ with the License. You may obtain a copy of the License at
	~
	~ http://www.apache.org/licenses/LICENSE-2.0
	~
	~ Unless required by applicable law or agreed to in writing,
	~ software distributed under the License is distributed on an
	~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	~ KIND, either express or implied. See the License for the
	~ specific language governing permissions and limitations
	~ under the License.
	-->
	<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:aop="http://www.springframework.org/schema/aop"
	xmlns:tx="http://www.springframework.org/schema/tx"
	xmlns:util="http://www.springframework.org/schema/util"
	xsi:schemaLocation="
	http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
	http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
	http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd
	http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">

	<!-- Sample RDBMS data source that would exist in any application. Sample is just using an in-memory HSQLDB
	instance. Change to your application's settings for a real app. -->
	<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
	<property name="driverClassName" value="org.hsqldb.jdbcDriver"/>
	<property name="url" value="jdbc:hsqldb:mem:jsecurity-spring-hibernate"/>
	<property name="username" value="sa"/>
	</bean>

	<!-- Hibernate SessionFactory -->
	<bean id="hibernateSessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
	<property name="dataSource" ref="dataSource"/>
	<!-- Because we're using an in-memory database for demo purposes (which is lost every time the app
	shuts down), we have to ensure that the HSQLDB DDL is run each time the app starts. The
	DDL is auto-generated based on the *.hbm.xml mapping definitions below. -->
	<property name="schemaUpdate" value="true"/>
	<property name="mappingResources">
	<list>
	<value>Person.hbm.xml</value>
	<value>Role.hbm.xml</value>
	<value>User.hbm.xml</value>
	</list>
	</property>
	<property name="hibernateProperties">
	<props>
	<prop key="hibernate.dialect">org.hibernate.dialect.HSQLDialect</prop>
	<prop key="hibernate.cache.provider_class">org.hibernate.cache.EhCacheProvider</prop>
	<!-- <prop key="hibernate.show_sql">true</prop> -->
	</props>
	</property>
	<property name="eventListeners">
	<map>
	<entry key="merge">
	<bean class="org.springframework.orm.hibernate3.support.IdTransferringMergeEventListener"/>
	</entry>
	</map>
	</property>
	</bean>

	<bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager">
	<property name="sessionFactory" ref="hibernateSessionFactory"/>
	</bean>
	<tx:annotation-driven/>

	<!-- Populates the sample database with sample users and roles. This would probably not exist
	in a real application: - ->
	<bean id="bootstrapDataPopulator" class="org.jsecurity.samples.spring.BootstrapDataPopulator">
	<property name="dataSource" ref="dataSource"/>
	</bean> -->

	<!-- The sample app's User DAO for User CRUD operations. Used by the JSecurity Realm
	to query for Users during login and access control checks, but would be used in other places in a
	'real' application too (e.g. UserManager/UserService, etc). -->
	<bean id="userDAO" class="org.jsecurity.samples.sprhib.party.eis.HibernateUserDAO">
	<property name="sessionFactory" ref="hibernateSessionFactory"/>
	</bean>


	<!-- =========================================================
	JSecurity Core Components - Not Spring-pecific, just Spring-configured
	========================================================= -->
	<!-- JSecurity's main business-tier object for web-enabled applications
	(use org.jsecurity.mgt.DefaultSecurityManager instead when there is no web environment)-->
	<bean id="securityManager" class="org.jsecurity.web.DefaultWebSecurityManager">
	<!-- Single realm app (realm configured next, below). If you have multiple realms, use the 'realms'
	property instead. -->
	<property name="realm" ref="realm"/>
	<!-- Uncomment this next property if you want heterogenous session access or clusterable/distributable
	sessions. The default value is 'http' which uses the Servlet container's HttpSession as the underlying
	Session implementation.
	<property name="sessionMode" value="jsecurity"/> -->
	</bean>

	<!-- Used our sample DefaultRealm which uses our Hibernate UserDAO: -->
	<bean id="realm" class="org.jsecurity.samples.sprhib.security.DefaultRealm">
	<property name="userDAO" ref="userDAO"/>

	</bean>


	<!-- =========================================================
	JSecurity Spring-specific integration
	========================================================= -->
	<!-- Post processor that automatically invokes init() and destroy() methods
	for Spring-configured JSecurity objects so you don't have to
	1) specify an init-method and destroy-method attributes for every bean
	definition and
	2) even know which JSecurity objects require these methods to be
	called. -->
	<bean id="lifecycleBeanPostProcessor" class="org.jsecurity.spring.LifecycleBeanPostProcessor"/>

	<!-- Enable JSecurity Annotations for Spring-configured beans. Only run after
	the lifecycleBeanProcessor has run: -->
	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
	depends-on="lifecycleBeanPostProcessor"/>
	<bean class="org.jsecurity.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
	<property name="securityManager" ref="securityManager"/>
	</bean>
	<!-- Secure Spring remoting: Ensure any Spring Remoting method invocations can be associated
	with a Subject for security checks. -->
	<bean id="secureRemoteInvocationExecutor" class="org.jsecurity.spring.remoting.SecureRemoteInvocationExecutor">
	<property name="securityManager" ref="securityManager"/>
	</bean>

	</beans>