API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 18th, 2013
242
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
XML 7.33 KB | None | 0 0
raw download clone embed print report
  1. <?xml version="1.0" encoding="ISO-8859-1"?>
  2.  
  3. <beans:beans
  4.     xmlns="http://www.springframework.org/schema/security"
  5.    xmlns:beans="http://www.springframework.org/schema/beans"
  6.    xmlns:util="http://www.springframework.org/schema/util"
  7.    xmlns:p="http://www.springframework.org/schema/p"  
  8.    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  9.    xsi:schemaLocation=
  10.         "http://www.springframework.org/schema/beans
  11.         http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
  12.         http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
  13.         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
  14.     <debug/>
  15.     <!-- <global-method-security pre-post-annotations="enabled" /> -->
  16.  
  17.     <beans:bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
  18.         <beans:property name="errorPage" value="/login.xhtml"/>
  19.     </beans:bean>
  20.    
  21.     <beans:bean id="roleHierarchy"  class="com.indra.contratos.application.security.RolApplicationService"/>
  22.    
  23.     <beans:bean id="rolApplicationService" class="com.indra.contratos.application.security.RolApplicationService" />
  24.    
  25.     <beans:bean id="roleHierarchyVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter">
  26.         <beans:constructor-arg ref="roleHierarchy" />
  27.         <beans:property name="rolePrefix" value="" />
  28.     </beans:bean>
  29.  
  30.     <beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
  31.        <beans:constructor-arg>
  32.            <beans:list>
  33.                 <beans:ref bean="roleHierarchyVoter"/>
  34.            </beans:list>
  35.        </beans:constructor-arg>
  36.     </beans:bean>
  37.    
  38.     <!-- <beans:bean id="customLogoutSuccessHandler" class="com.indra.contratos.application.security.CustomLogoutSuccessHandler"/> -->
  39.  
  40.     <beans:bean id="securityMetadataSource" class="com.indra.contratos.application.security.InterceptorApplicationService"/>
  41.    
  42.     <beans:bean id="filterSecurityInterceptor"
  43.          class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
  44.       <beans:property name="authenticationManager" ref="authenticationManager"/>
  45.       <beans:property name="accessDecisionManager" ref="accessDecisionManager"/>
  46.       <beans:property name="securityMetadataSource" ref="securityMetadataSource"/>
  47.     </beans:bean>
  48.    
  49.     <http auto-config="false"
  50.         authentication-manager-ref="authenticationManager"
  51.         access-decision-manager-ref="accessDecisionManager"
  52.         entry-point-ref="authenticationEntryPoint"
  53.         use-expressions="true"
  54.         >
  55.        
  56.         <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
  57.         <custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
  58.         <!-- <custom-filter ref="customFilterChain" before="LAST"/> -->
  59.         <!-- <custom-filter position="BASIC_AUTH_FILTER" ref="basicAuthenticationFilter" /> -->
  60.         <!-- <custom-filter position="FILTER_SECURITY_INTERCEPTOR" ref="filterSecurityInterceptor" /> -->
  61.         <!-- <intercept-url pattern="/resources/**" filters="none"/>
  62.        <intercept-url pattern="/javax.faces.resource/**" filters="none"/> -->
  63.         <!-- <intercept-url pattern="/login.xhtml" access="hasPermission('IS_AUTHENTICATED_ANONYMOUSLY')"/>
  64.         <intercept-url pattern="/l/**" access="hasPermission('IS_AUTHENTICATED_ANONYMOUSLY')"/> -->
  65.         <!-- <intercept-url pattern="/a1/**" access="hasPermission('SYS_ADMIN')"/> -->
  66.         <access-denied-handler ref="accessDeniedHandler"/>
  67.        
  68.         <!-- <form-login login-page="/pages/login.xhtml" authentication-failure-url="/pages/failed.xhtml" /> -->
  69.        
  70.         <!-- <logout delete-cookies="true"  invalidate-session="true"
  71.            success-handler-ref="customLogoutSuccessHandler"/> -->
  72.        
  73.         <session-management session-authentication-strategy-ref="sas" >
  74.             <!-- <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" session-registry-alias="sessionRegistry"/> -->
  75.         </session-management>
  76.  
  77.     </http>
  78.    
  79.     <beans:bean id="basicAuthenticationFilter"
  80.       class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
  81.       <beans:property name="authenticationManager" ref="authenticationManager"/>
  82.       <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
  83.     </beans:bean>
  84.    
  85.     <beans:bean id="authenticationEntryPoint"  
  86.        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
  87.        p:loginFormUrl="/login.xhtml" />
  88.  
  89.     <beans:bean id="myAuthFilter"
  90.        class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
  91.         <beans:property name="sessionAuthenticationStrategy" ref="sas" />
  92.         <beans:property name="authenticationManager" ref="authenticationManager" />
  93.         <beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
  94.     </beans:bean>
  95.    
  96.     <beans:bean id="concurrencyFilter"
  97.         class="org.springframework.security.web.session.ConcurrentSessionFilter">
  98.         <beans:property name="sessionRegistry" ref="sessionRegistry" />
  99.         <beans:property name="expiredUrl" value="/login.xhtml" />
  100.     </beans:bean>
  101.    
  102.     <beans:bean id="securityContextPersistenceFilter"
  103.         class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
  104.       <beans:property name='securityContextRepository'>
  105.         <beans:bean class='org.springframework.security.web.context.HttpSessionSecurityContextRepository'>
  106.           <beans:property name='allowSessionCreation' value='false' />
  107.         </beans:bean>
  108.       </beans:property>
  109.     </beans:bean>
  110.    
  111.     <beans:bean id="sas"
  112.        class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
  113.         <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
  114.         <beans:property name="maximumSessions" value="1" />
  115.     </beans:bean>
  116.    
  117.     <beans:bean id="sessionRegistry"
  118.         class="org.springframework.security.core.session.SessionRegistryImpl" />
  119.  
  120.     <beans:bean id="passwordEncoder"
  121.         class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
  122.    
  123.     <beans:bean id="authService"
  124.         class="com.indra.contratos.application.security.UserApplicationService" />
  125.        
  126.    
  127.     <authentication-manager alias="authenticationManager" >
  128.         <authentication-provider user-service-ref="authService">
  129.             <password-encoder ref="passwordEncoder" />
  130.             <!-- <jdbc-user-service data-source-ref="dataSource" />  -->
  131.         </authentication-provider>
  132.     </authentication-manager>
  133.    
  134.     <beans:bean id="customFilterChain" class="org.springframework.security.web.FilterChainProxy">
  135.       <beans:constructor-arg>
  136.         <beans:list>
  137.           <filter-chain pattern="/pages/accessDenied.xhtml" filters="none"/>
  138.           <filter-chain pattern="/login.xhtml" filters="none"/>
  139.           <filter-chain pattern="/l/" filters="none"/>
  140.           <filter-chain pattern="/resources/**" filters="none"/>
  141.           <filter-chain pattern="/javax.faces.resource/**" filters="none"/>
  142.           <filter-chain pattern="/**" filters="
  143.                filterSecurityInterceptor,
  144.                securityContextPersistenceFilter,
  145.                basicAuthenticationFilter,
  146.                concurrencyFilter,
  147.                myAuthFilter" />
  148.         </beans:list>
  149.       </beans:constructor-arg>
  150.     </beans:bean>
  151.    
  152. </beans:beans>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!