SEC-2915: XML spaces->tabs
This commit is contained in:
@@ -6,59 +6,59 @@
|
||||
-->
|
||||
|
||||
<beans:beans xmlns="http://www.springframework.org/schema/security"
|
||||
xmlns:beans="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
|
||||
xmlns:beans="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
|
||||
|
||||
<debug />
|
||||
<debug />
|
||||
|
||||
<global-method-security pre-post-annotations="enabled" />
|
||||
<global-method-security pre-post-annotations="enabled" />
|
||||
|
||||
<http pattern="/static/**" security="none"/>
|
||||
<http pattern="/loggedout.jsp" security="none"/>
|
||||
<http pattern="/static/**" security="none"/>
|
||||
<http pattern="/loggedout.jsp" security="none"/>
|
||||
|
||||
<http>
|
||||
<intercept-url pattern="/secure/extreme/**" access="hasRole('supervisor')"/>
|
||||
<intercept-url pattern="/secure/**" access="isAuthenticated()" />
|
||||
<!--
|
||||
Allow all other requests. In a real application you should
|
||||
adopt a whitelisting approach where access is not allowed by default
|
||||
-->
|
||||
<intercept-url pattern="/**" access="permitAll" />
|
||||
<form-login />
|
||||
<logout logout-success-url="/loggedout.jsp" delete-cookies="JSESSIONID"/>
|
||||
<remember-me />
|
||||
<http>
|
||||
<intercept-url pattern="/secure/extreme/**" access="hasRole('supervisor')"/>
|
||||
<intercept-url pattern="/secure/**" access="isAuthenticated()" />
|
||||
<!--
|
||||
Allow all other requests. In a real application you should
|
||||
adopt a whitelisting approach where access is not allowed by default
|
||||
-->
|
||||
<intercept-url pattern="/**" access="permitAll" />
|
||||
<form-login />
|
||||
<logout logout-success-url="/loggedout.jsp" delete-cookies="JSESSIONID"/>
|
||||
<remember-me />
|
||||
<!--
|
||||
Uncomment to enable X509 client authentication support
|
||||
<x509 />
|
||||
Uncomment to enable X509 client authentication support
|
||||
<x509 />
|
||||
-->
|
||||
<!-- Uncomment to limit the number of sessions a user can have -->
|
||||
<session-management invalid-session-url="/timeout.jsp">
|
||||
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
|
||||
</session-management>
|
||||
<!-- Uncomment to limit the number of sessions a user can have -->
|
||||
<session-management invalid-session-url="/timeout.jsp">
|
||||
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
|
||||
</session-management>
|
||||
|
||||
</http>
|
||||
</http>
|
||||
|
||||
<!--
|
||||
Usernames/Passwords are
|
||||
rod/koala
|
||||
dianne/emu
|
||||
scott/wombat
|
||||
peter/opal
|
||||
-->
|
||||
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
|
||||
<!--
|
||||
Usernames/Passwords are
|
||||
rod/koala
|
||||
dianne/emu
|
||||
scott/wombat
|
||||
peter/opal
|
||||
-->
|
||||
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
|
||||
|
||||
<authentication-manager>
|
||||
<authentication-provider>
|
||||
<password-encoder ref="encoder"/>
|
||||
<user-service>
|
||||
<user name="rod" password="$2a$10$75pBjapg4Nl8Pzd.3JRnUe7PDJmk9qBGwNEJDAlA3V.dEJxcDKn5O" authorities="supervisor, user, teller" />
|
||||
<user name="dianne" password="$2a$04$bCMEyxrdF/7sgfUiUJ6Ose2vh9DAMaVBldS1Bw2fhi1jgutZrr9zm" authorities="user,teller" />
|
||||
<user name="scott" password="$2a$06$eChwvzAu3TSexnC3ynw4LOSw1qiEbtNItNeYv5uI40w1i3paoSfLu" authorities="user" />
|
||||
<user name="peter" password="$2a$04$8.H8bCMROLF4CIgd7IpeQ.tcBXLP5w8iplO0n.kCIkISwrIgX28Ii" authorities="user" />
|
||||
</user-service>
|
||||
</authentication-provider>
|
||||
</authentication-manager>
|
||||
<authentication-manager>
|
||||
<authentication-provider>
|
||||
<password-encoder ref="encoder"/>
|
||||
<user-service>
|
||||
<user name="rod" password="$2a$10$75pBjapg4Nl8Pzd.3JRnUe7PDJmk9qBGwNEJDAlA3V.dEJxcDKn5O" authorities="supervisor, user, teller" />
|
||||
<user name="dianne" password="$2a$04$bCMEyxrdF/7sgfUiUJ6Ose2vh9DAMaVBldS1Bw2fhi1jgutZrr9zm" authorities="user,teller" />
|
||||
<user name="scott" password="$2a$06$eChwvzAu3TSexnC3ynw4LOSw1qiEbtNItNeYv5uI40w1i3paoSfLu" authorities="user" />
|
||||
<user name="peter" password="$2a$04$8.H8bCMROLF4CIgd7IpeQ.tcBXLP5w8iplO0n.kCIkISwrIgX28Ii" authorities="user" />
|
||||
</user-service>
|
||||
</authentication-provider>
|
||||
</authentication-manager>
|
||||
|
||||
</beans:beans>
|
||||
|
||||
@@ -5,69 +5,69 @@
|
||||
-->
|
||||
|
||||
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
|
||||
|
||||
<display-name>Spring Security Tutorial Application</display-name>
|
||||
<display-name>Spring Security Tutorial Application</display-name>
|
||||
|
||||
<!--
|
||||
- Location of the XML file that defines the root application context
|
||||
- Applied by ContextLoaderListener.
|
||||
-->
|
||||
<context-param>
|
||||
<param-name>contextConfigLocation</param-name>
|
||||
<param-value>
|
||||
classpath:applicationContext-business.xml
|
||||
/WEB-INF/applicationContext-security.xml
|
||||
</param-value>
|
||||
</context-param>
|
||||
<!--
|
||||
- Location of the XML file that defines the root application context
|
||||
- Applied by ContextLoaderListener.
|
||||
-->
|
||||
<context-param>
|
||||
<param-name>contextConfigLocation</param-name>
|
||||
<param-value>
|
||||
classpath:applicationContext-business.xml
|
||||
/WEB-INF/applicationContext-security.xml
|
||||
</param-value>
|
||||
</context-param>
|
||||
|
||||
<context-param>
|
||||
<param-name>webAppRootKey</param-name>
|
||||
<param-value>tutorial.root</param-value>
|
||||
</context-param>
|
||||
<context-param>
|
||||
<param-name>webAppRootKey</param-name>
|
||||
<param-value>tutorial.root</param-value>
|
||||
</context-param>
|
||||
|
||||
<filter>
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
|
||||
</filter>
|
||||
<filter>
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
|
||||
</filter>
|
||||
|
||||
<filter-mapping>
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
<filter-mapping>
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
<!--
|
||||
- Loads the root application context of this web app at startup.
|
||||
-->
|
||||
<listener>
|
||||
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
|
||||
</listener>
|
||||
<!--
|
||||
- Loads the root application context of this web app at startup.
|
||||
-->
|
||||
<listener>
|
||||
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
|
||||
</listener>
|
||||
|
||||
<!--
|
||||
- Publishes events for session creation and destruction through the application
|
||||
- context. Optional unless concurrent session control is being used.
|
||||
-->
|
||||
<listener>
|
||||
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
|
||||
</listener>
|
||||
<!--
|
||||
- Publishes events for session creation and destruction through the application
|
||||
- context. Optional unless concurrent session control is being used.
|
||||
-->
|
||||
<listener>
|
||||
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
|
||||
</listener>
|
||||
|
||||
<!--
|
||||
- Provides core MVC application controller. See bank-servlet.xml.
|
||||
-->
|
||||
<servlet>
|
||||
<servlet-name>bank</servlet-name>
|
||||
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
|
||||
<load-on-startup>1</load-on-startup>
|
||||
</servlet>
|
||||
- Provides core MVC application controller. See bank-servlet.xml.
|
||||
-->
|
||||
<servlet>
|
||||
<servlet-name>bank</servlet-name>
|
||||
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
|
||||
<load-on-startup>1</load-on-startup>
|
||||
</servlet>
|
||||
|
||||
<servlet-mapping>
|
||||
<servlet-name>bank</servlet-name>
|
||||
<url-pattern>*.html</url-pattern>
|
||||
</servlet-mapping>
|
||||
<servlet-mapping>
|
||||
<servlet-name>bank</servlet-name>
|
||||
<url-pattern>*.html</url-pattern>
|
||||
</servlet-mapping>
|
||||
|
||||
<welcome-file-list>
|
||||
<welcome-file>index.jsp</welcome-file>
|
||||
</welcome-file-list>
|
||||
<welcome-file-list>
|
||||
<welcome-file>index.jsp</welcome-file>
|
||||
</welcome-file-list>
|
||||
|
||||
</web-app>
|
||||
|
||||
Reference in New Issue
Block a user