Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?xml version="1.0" encoding="UTF-8" ?>
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.1.xsd">
- <!-- Secured pages -->
- <security:http auto-config="true" use-expressions="true" authentication-manager-ref="authenticationManager">
- <security:intercept-url pattern="/api/**" access="permitAll()"/>
- <security:intercept-url pattern="/login" access="permitAll()"/>
- <!-- Menu pages -->
- <security:intercept-url pattern="/users.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/groups.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/tasks.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/topics.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <!-- Users -->
- <security:intercept-url pattern="/addUsers.do" access="hasRole('ADMIN')"/>
- <security:intercept-url pattern="/registration.do" access="hasRole('ADMIN')"/>
- <security:intercept-url pattern="/updateUser.do" access="hasRole('ADMIN')"/>
- <!-- Groups -->
- <security:intercept-url pattern="/createGroup.do" access="hasRole('ADMIN')"/>
- <security:intercept-url pattern="/editGroup.do" access="hasAnyRole('ADMIN')"/>
- <security:intercept-url pattern="/deactivateGroups.do" access="hasRole('ADMIN')"/>
- <!-- Tasks -->
- <security:intercept-url pattern="/createTask.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/personalJournal.do" access="hasAnyRole('ADMIN','MENTOR','MENTEE')"/>
- <security:intercept-url pattern="/assignTask.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/updateTask.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/removeTasks.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/checkTask.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/groupTasksTests.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <!-- Questions -->
- <security:intercept-url pattern="/getQuestionsByTopic.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/getQuestionsById.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/topicQuestions.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/questionById.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/saveQuestion.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/deleteQuestion.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/notAssingned.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <!-- Activities -->
- <security:intercept-url pattern="/deleteActivities.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/getActivityById.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/personalActivity.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <!-- Topics -->
- <security:intercept-url pattern="/getDescription.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/updateTopic.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/topics.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <!-- Journals -->
- <security:intercept-url pattern="/menteeJournal.do" access="hasAnyRole('ADMIN','MENTOR','MENTEE')"/>
- <!-- Tests -->
- <security:intercept-url pattern="/createEditTest.do" access="hasAnyRole('ADMIN','MENTOR')"/>
- <security:intercept-url pattern="/testPage.do" access="hasAnyRole('ADMIN','LAB_MANAGER','MENTOR')"/>
- <security:intercept-url pattern="/passTest.do" access="hasRole('MENTEE')"/>
- <security:intercept-url pattern="/alltests.do" access="hasAnyRole('ADMIN','LAB_MANAGER')"/>
- <security:intercept-url pattern="/stopTest.do" access="hasRole('MENTEE')"/>
- <security:intercept-url pattern="/userTestInfo.do" access="hasAnyRole('ADMIN','LAB_MANAGER','MENTOR','MENTEE')"/>
- <security:intercept-url pattern="/menteeResults.do" access="hasAnyRole('ADMIN','MENTOR','LAB_MANAGER')"/>
- <!-- Candidates -->
- <security:intercept-url pattern="/candidateResults.do" access="hasAnyRole('ADMIN','MENTOR','LAB_MANAGER')"/>
- <security:intercept-url pattern="/candidateTestInfo.do" access="hasAnyRole('ADMIN','MENTOR','LAB_MANAGER')"/>
- <security:intercept-url pattern="/**" access="isAuthenticated()"/>
- <security:custom-filter before="PRE_AUTH_FILTER" ref="preAuthFilter"/>
- <security:form-login login-page="/login" />
- <security:logout
- logout-url="/logout"
- invalidate-session="true"
- delete-cookies="JSESSIONID"
- success-handler-ref="restLogoutSuccessHandler"
- />
- </security:http>
- <bean id="preAuthFilter" class="com.epam.khppp.web.filter.TestAuthorizationTokenFilter"/>
- <security:authentication-manager alias="authenticationManager">
- <security:authentication-provider ref="authenticationProvider"/>
- </security:authentication-manager>
- <bean id="authenticationProvider" class="com.epam.khppp.security.CustomAuthenticationProvider"/>
- <bean id="restLogoutSuccessHandler" class="com.epam.khppp.security.RestLogoutSuccessHandler"/>
- </beans>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement