| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. The ASF licenses this file to You |
| under the Apache License, Version 2.0 (the "License"); you may not |
| use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. For additional information regarding |
| copyright in this work, please see the NOTICE file in the top level |
| directory of this distribution. |
| --> |
| <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" |
| "http://www.springframework.org/dtd/spring-beans.dtd"> |
| |
| <beans> |
| |
| <!-- ======================== FILTER CHAIN ======================= --> |
| <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> |
| <property name="filterInvocationDefinitionSource"> |
| <value> |
| CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON |
| PATTERN_TYPE_APACHE_ANT |
| /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,rememberMeProcessingFilter,channelProcessingFilter,remoteUserFilter,anonymousProcessingFilter,securityEnforcementFilter |
| </value> |
| </property> |
| </bean> |
| |
| <!-- ======================== AUTHENTICATION ======================= --> |
| |
| <!-- Note the order that entries are placed against the objectDefinitionSource is critical. |
| The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL. |
| Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last --> |
| <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> |
| <property name="authenticationManager" ref="authenticationManager"/> |
| <property name="accessDecisionManager" ref="accessDecisionManager"/> |
| <property name="objectDefinitionSource"> |
| <value> |
| PATTERN_TYPE_APACHE_ANT |
| /editor/**=admin,editor |
| /admin/**=admin |
| /rewrite-status*=admin |
| /login-redirect.jsp=admin,editor |
| </value> |
| </property> |
| </bean> |
| |
| <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> |
| <property name="providers"> |
| <list> |
| <ref local="daoAuthenticationProvider"/> |
| <ref local="anonymousAuthenticationProvider"/> |
| <!-- rememberMeAuthenticationProvider added programmatically --> |
| </list> |
| </property> |
| </bean> |
| |
| <!-- Log failed authentication attempts to commons-logging --> |
| <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/> |
| |
| <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> |
| <property name="userDetailsService" ref="jdbcAuthenticationDao"/> |
| <property name="userCache" ref="userCache"/> |
| </bean> |
| |
| <!-- Read users from database --> |
| <bean id="jdbcAuthenticationDao" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl"> |
| <property name="dataSource"> |
| <bean class="org.springframework.jndi.JndiObjectFactoryBean"> |
| <property name="jndiName" value="java:comp/env/jdbc/rollerdb"/> |
| </bean> |
| </property> |
| <property name="usersByUsernameQuery"> |
| <value>SELECT username,passphrase,isenabled FROM rolleruser WHERE username = ?</value> |
| </property> |
| <property name="authoritiesByUsernameQuery"> |
| <value>SELECT username,rolename FROM userrole WHERE username = ?</value> |
| </property> |
| </bean> |
| |
| <bean id="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache"> |
| <property name="cache"> |
| <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean"> |
| <property name="cacheManager"> |
| <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/> |
| </property> |
| <property name="cacheName" value="userCache"/> |
| </bean> |
| </property> |
| </bean> |
| |
| <bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"> |
| <property name="key" value="anonymous"/> |
| </bean> |
| |
| <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"> |
| <property name="rolePrefix" value=""/> |
| </bean> |
| |
| <bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> |
| <property name="allowIfAllAbstainDecisions" value="false"/> |
| <property name="decisionVoters"> |
| <list> |
| <ref local="roleVoter"/> |
| </list> |
| </property> |
| </bean> |
| |
| <!-- ===================== HTTP REQUEST SECURITY ==================== --> |
| <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/> |
| |
| <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> |
| <property name="authenticationManager" ref="authenticationManager"/> |
| <property name="authenticationFailureUrl" value="/login.jsp?error=true"/> |
| <property name="defaultTargetUrl" value="/"/> |
| <property name="filterProcessesUrl" value="/j_security_check"/> |
| <property name="rememberMeServices" ref="rememberMeServices"/> |
| </bean> |
| |
| <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter"> |
| <property name="key" value="anonymous"/> |
| <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS"/> |
| </bean> |
| |
| <bean id="securityEnforcementFilter" class="org.acegisecurity.intercept.web.SecurityEnforcementFilter"> |
| <property name="filterSecurityInterceptor" ref="filterInvocationInterceptor"/> |
| <property name="authenticationEntryPoint" ref="authenticationProcessingFilterEntryPoint"/> |
| </bean> |
| |
| <bean id="remoteUserFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> |
| |
| <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> |
| <property name="loginFormUrl" value="/login.jsp"/> |
| <property name="forceHttps" value="false"/> |
| </bean> |
| |
| <!-- ===================== REMEMBER ME ==================== --> |
| <bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter"> |
| <property name="rememberMeServices" ref="rememberMeServices"/> |
| </bean> |
| |
| <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> |
| <property name="userDetailsService" ref="jdbcAuthenticationDao"/> |
| <property name="key" value="rollerlovesacegi"/> |
| <property name="parameter" value="rememberMe"/> |
| </bean> |
| |
| <bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"> |
| <property name="key" value="rollerlovesacegi"/> |
| </bean> |
| |
| <!-- ===================== SSL SWITCHING ==================== --> |
| <bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter"> |
| <property name="channelDecisionManager" ref="channelDecisionManager"/> |
| <property name="filterInvocationDefinitionSource"> |
| <value> |
| PATTERN_TYPE_APACHE_ANT |
| </value> |
| </property> |
| </bean> |
| |
| <bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl"> |
| <property name="channelProcessors"> |
| <list> |
| <bean class="org.acegisecurity.securechannel.SecureChannelProcessor"/> |
| <bean class="org.acegisecurity.securechannel.InsecureChannelProcessor"/> |
| </list> |
| </property> |
| </bean> |
| </beans> |