| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <beans:beans xmlns="http://www.springframework.org/schema/security" |
| xmlns:beans="http://www.springframework.org/schema/beans" |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xmlns:security="http://www.springframework.org/schema/security" |
| xmlns:util="http://www.springframework.org/schema/util" |
| xmlns:oauth="http://www.springframework.org/schema/security/oauth2" |
| xsi:schemaLocation="http://www.springframework.org/schema/beans |
| http://www.springframework.org/schema/beans/spring-beans-4.3.xsd |
| http://www.springframework.org/schema/security |
| http://www.springframework.org/schema/security/spring-security-4.2.xsd |
| http://www.springframework.org/schema/util |
| http://www.springframework.org/schema/util/spring-util-4.3.xsd |
| http://www.springframework.org/schema/security/oauth2 |
| http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd"> |
| |
| <security:http pattern="/login.jsp" security="none" /> |
| <security:http pattern="/styles/**" security="none" /> |
| <security:http pattern="/fonts/**" security="none" /> |
| <security:http pattern="/scripts/prelogin/XAPrelogin.js" security="none" /> |
| <security:http pattern="/libs/bower/jquery/js/jquery-3.4.1.js" security="none" /> |
| <security:http pattern="/images/ranger_logo.png" security="none" /> |
| <security:http pattern="/images/favicon.ico" security="none"/> |
| <security:http pattern="/service/assets/policyList/*" security="none"/> |
| <security:http pattern="/service/assets/resources/grant" security="none"/> |
| <security:http pattern="/service/assets/resources/revoke" security="none"/> |
| <security:http pattern="/service/plugins/policies/download/*" security="none"/> |
| <security:http pattern="/service/plugins/services/grant/*" security="none"/> |
| <security:http pattern="/service/plugins/services/revoke/*" security="none"/> |
| <security:http pattern="/service/tags/download/*" security="none"/> |
| <security:http pattern="/service/roles/download/*" security="none"/> |
| <security:http pattern="/service/metrics/status" security="none" /> |
| <security:http disable-url-rewriting="true" use-expressions="true" create-session="always" entry-point-ref="authenticationProcessingFilterEntryPoint"> |
| <csrf disabled="true"/> |
| <security:headers> |
| <security:frame-options/> |
| <security:cache-control/> |
| <security:content-type-options/> |
| <security:xss-protection/> |
| <security:hsts/> |
| <security:content-security-policy policy-directives="default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline';font-src 'self'"/> |
| </security:headers> |
| <security:session-management session-fixation-protection="newSession" /> |
| <intercept-url pattern="/**" access="isAuthenticated()"/> |
| <custom-filter ref="ssoAuthenticationFilter" after="BASIC_AUTH_FILTER" /> |
| <security:custom-filter ref="krbAuthenticationFilter" after="SERVLET_API_SUPPORT_FILTER" /> |
| <security:custom-filter ref="CSRFPreventionFilter" after="REMEMBER_ME_FILTER" /> |
| <security:custom-filter position="FORM_LOGIN_FILTER" ref="customUsernamePasswordAuthenticationFilter"/> |
| <security:custom-filter position="LAST" ref="userContextFormationFilter"/> |
| |
| <security:access-denied-handler error-page="/login.jsp"/> |
| <security:logout delete-cookies="RANGERADMINSESSIONID,xa_rmc" logout-url="/logout" success-handler-ref="customLogoutSuccessHandler" /> |
| <http-basic entry-point-ref="authenticationProcessingFilterEntryPoint"/> |
| </security:http> |
| |
| <beans:bean id="customAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> |
| <beans:constructor-arg> |
| <beans:list> |
| <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" /> |
| <beans:bean class="org.springframework.security.access.vote.RoleVoter" /> |
| </beans:list> |
| </beans:constructor-arg> |
| </beans:bean> |
| |
| <beans:bean id="customUsernamePasswordAuthenticationFilter" class="org.apache.ranger.security.web.filter.RangerUsernamePasswordAuthenticationFilter"> |
| <beans:property name="authenticationManager" ref="authenticationManager"/> |
| <beans:property name="authenticationSuccessHandler" ref="ajaxAuthSuccessHandler"/> |
| <beans:property name="authenticationFailureHandler" ref="ajaxAuthFailureHandler"/> |
| </beans:bean> |
| |
| <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.apache.ranger.security.web.authentication.RangerAuthenticationEntryPoint"> |
| <beans:constructor-arg value="/login.jsp"/> |
| </beans:bean> |
| |
| <beans:bean id="ajaxAuthSuccessHandler" class="org.apache.ranger.security.web.authentication.RangerAuthSuccessHandler"> |
| <beans:property name="defaultTargetUrl" value="/dashboard.jsp"/> |
| </beans:bean> |
| |
| <beans:bean id="ajaxAuthFailureHandler" class="org.apache.ranger.security.web.authentication.RangerAuthFailureHandler"> |
| <beans:property name="defaultFailureUrl" value="/login.jsp"/> |
| </beans:bean> |
| |
| <beans:bean id="customLogoutSuccessHandler" class="org.apache.ranger.security.web.authentication.CustomLogoutSuccessHandler"> |
| </beans:bean> |
| |
| <beans:bean id="krbAuthenticationFilter" class="org.apache.ranger.security.web.filter.RangerKRBAuthenticationFilter"> |
| </beans:bean> |
| |
| <beans:bean id="CSRFPreventionFilter" class="org.apache.ranger.security.web.filter.RangerCSRFPreventionFilter"> |
| </beans:bean> |
| |
| <beans:bean id="ssoAuthenticationFilter" class="org.apache.ranger.security.web.filter.RangerSSOAuthenticationFilter"> |
| </beans:bean> |
| |
| <beans:bean id="userContextFormationFilter" class="org.apache.ranger.security.web.filter.RangerSecurityContextFormationFilter"/> |
| |
| <security:jdbc-user-service id="userService" data-source-ref="defaultDataSource" |
| users-by-username-query="select LOGIN_ID,PASSWORD,STATUS from x_portal_user where LOGIN_ID=?" |
| group-authorities-by-username-query="" |
| authorities-by-username-query="SELECT usr.LOGIN_ID,usr_role.USER_ROLE FROM x_portal_user usr,x_portal_user_role usr_role |
| WHERE usr.LOGIN_ID=? |
| AND usr_role.USER_ID = usr.ID" |
| /> |
| <beans:bean id="customAuthenticationProvider" class="org.apache.ranger.security.handler.RangerAuthenticationProvider" > |
| <beans:property name="rangerAuthenticationMethod" value="${ranger.authentication.method}" /> |
| </beans:bean> |
| |
| <security:authentication-manager alias="authenticationManager"> |
| <security:authentication-provider ref="customAuthenticationProvider"/> |
| </security:authentication-manager> |
| <security:global-method-security pre-post-annotations="enabled" /> |
| <beans:bean id="securityEventListener" class ="org.apache.ranger.security.listener.SpringEventListener"/> |
| </beans:beans> |