71 lines
3.1 KiB
XML
71 lines
3.1 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
- Application context containing authentication, channel
|
|
- security and web URI beans.
|
|
-
|
|
- Only used by "filter" artifact.
|
|
-
|
|
-->
|
|
|
|
<b:beans xmlns="http://www.springframework.org/schema/security"
|
|
xmlns:b="http://www.springframework.org/schema/beans"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
|
|
http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">
|
|
|
|
<global-method-security pre-post-annotations="enabled">
|
|
<expression-handler ref="expressionHandler"/>
|
|
</global-method-security>
|
|
|
|
<http request-matcher="ant" realm="Contacts Realm" use-expressions="false">
|
|
<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
|
|
<intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
|
|
<intercept-url pattern="/hello.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
|
|
<intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
|
|
<intercept-url pattern="/switchuser.jsp" access="ROLE_SUPERVISOR"/>
|
|
<intercept-url pattern="/login/impersonate" access="ROLE_SUPERVISOR"/>
|
|
<intercept-url pattern="/**" access="ROLE_USER"/>
|
|
|
|
<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1"/>
|
|
<http-basic/>
|
|
<logout logout-success-url="/index.jsp"/>
|
|
<remember-me />
|
|
<headers/>
|
|
<csrf/>
|
|
<custom-filter ref="switchUserProcessingFilter" position="SWITCH_USER_FILTER"/>
|
|
</http>
|
|
|
|
<b:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
|
|
|
|
<authentication-manager>
|
|
<authentication-provider>
|
|
<password-encoder ref="encoder"/>
|
|
<jdbc-user-service data-source-ref="dataSource"/>
|
|
</authentication-provider>
|
|
</authentication-manager>
|
|
|
|
<!-- Automatically receives AuthenticationEvent messages -->
|
|
<b:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
|
|
|
|
<!-- Filter used to switch the user context. Note: the switch and exit url must be secured
|
|
based on the role granted the ability to 'switch' to another user -->
|
|
<!-- In this example 'rod' has ROLE_SUPERVISOR that can switch to regular ROLE_USER(s) -->
|
|
<b:bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter" autowire="byType">
|
|
<b:property name="targetUrl" value="/secure/index.htm"/>
|
|
</b:bean>
|
|
|
|
<b:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
|
|
<b:property name="permissionEvaluator" ref="permissionEvaluator"/>
|
|
<b:property name="permissionCacheOptimizer">
|
|
<b:bean class="org.springframework.security.acls.AclPermissionCacheOptimizer">
|
|
<b:constructor-arg ref="aclService"/>
|
|
</b:bean>
|
|
</b:property>
|
|
</b:bean>
|
|
|
|
<b:bean id="permissionEvaluator" class="org.springframework.security.acls.AclPermissionEvaluator">
|
|
<b:constructor-arg ref="aclService"/>
|
|
</b:bean>
|
|
|
|
</b:beans>
|