SEC-271: removed autowiring by type and explicity introspected the applicationContext to detect the required dependencies of userDetailsService

This commit is contained in:
Vishal Puri
2007-05-18 03:20:28 +00:00
parent 803c687b5d
commit e3435da9ae
8 changed files with 203 additions and 178 deletions

View File

@@ -42,10 +42,11 @@
<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
<security:logout-support id="logoutFilter" redirectAfterLogoutUrl="/index.jsp" logoutUrl="/j_acegi_logout"/>
<security:logout-support id="logoutFilter"
redirectAfterLogoutUrl="/index.jsp" logoutUrl="/j_acegi_logout" />
<security:authentication-remember-me-services
id="rememberMeServices" key="someValue" principalRepositoryBeanRef="userDetailsService"/>
id="rememberMeServices" key="someValue" />
<bean id="securityContextLogoutHandler"
@@ -60,8 +61,8 @@
<security:authentication-mechanism id="authenticationManager" />
<!-- dao authentication provider "authenticationRepository" -->
<security:authentication-repository id="daoAuthenticationProvider" repositoryBeanRef="userDetailsService"/>
<security:authentication-repository id="daoAuthenticationProvider" />
<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
<security:principal-repository id="userDetailsService">
@@ -72,7 +73,8 @@
class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
<!-- makes the filter, but does little else, as it auto-detects everything -->
<security:authentication-remember-me-filter id="rememberMeProcessingFilter" />
<security:authentication-remember-me-filter
id="rememberMeProcessingFilter" />
<bean id="anonymousProcessingFilter"
class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">