<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="false" entry-point-ref="authenticationEntryPoint">
<intercept-url pattern="/**/Special:Admin" access="ROLE_SYSADMIN" />
<intercept-url pattern="/**/Special:Edit" access="ROLE_EDIT_EXISTING,ROLE_EDIT_NEW" />
<intercept-url pattern="/**/Special:Import" access="ROLE_IMPORT" />
<intercept-url pattern="/**/Special:Login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**/Special:Maintenance" access="ROLE_SYSADMIN" />
<intercept-url pattern="/**/Special:Manage" access="ROLE_ADMIN" />
<intercept-url pattern="/**/Special:Move" access="ROLE_MOVE" />
<intercept-url pattern="/**/Special:RecentChangesFeed" filters="none" />
<intercept-url pattern="/**/Special:Roles" access="ROLE_SYSADMIN" />
<intercept-url pattern="/**/Special:Setup" filters="none" />
<intercept-url pattern="/**/Special:Translation" access="ROLE_TRANSLATE" />
<intercept-url pattern="/**/Special:Upload" access="ROLE_UPLOAD" />
<intercept-url pattern="/**/Special:Upgrade" filters="none" />
<intercept-url pattern="/**/Special:VirtualWiki" access="ROLE_SYSADMIN" />
<intercept-url pattern="/**/*.jsp" filters="none" />
<intercept-url pattern="/**/*.css" filters="none" />
<intercept-url pattern="/images/**" filters="none" />
<intercept-url pattern="/js/**" filters="none" />
<intercept-url pattern="/upload/**" filters="none" />
<intercept-url pattern="/**" access="ROLE_VIEW" />
<access-denied-handler ref="jamwikiAccessDeniedHandler" />
<remember-me key="jam35Wiki" services-alias="_rememberMeServices" />
<anonymous key="jam35Wiki" />
<!-- note that the JAMWiki LoginServlet will add the appropriate logout success URL to the request during logout -->
<logout />
<custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter" />
<custom-filter before="EXCEPTION_TRANSLATION_FILTER" ref="jamwikiPostAuthenticationFilter" />
</http>
<b:bean id="authenticationProcessingFilter" class="org.jamwiki.authentication.JAMWikiAuthenticationProcessingFilter">
<b:property name="authenticationManager" ref="authenticationManager" />
<b:property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
<!--do not include virtual wiki in the url, JAMWikiAuthenticationProcessingFilter adds it-->
<b:property name="filterProcessesUrl" value="/j_spring_security_check" />
<b:property name="rememberMeServices" ref="_rememberMeServices" />
</b:bean>
<b:bean id="jamWikiAuthenticationDao" class="org.jamwiki.authentication.JAMWikiDaoImpl" />
<b:bean id="jamwikiPasswordEncoder" class="org.jamwiki.authentication.JAMWikiPasswordEncoder" />
<b:bean id="authenticationFailureHandler" class="org.jamwiki.authentication.JAMWikiAuthenticationFailureHandler">
<!-- do not include virtual wiki in the url, JAMWikiAuthenticationFailureHandler adds it -->
<b:property name="authenticationFailureUrl" value="/Special:Login?message=error.login" />
</b:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="ldapAuthProvider" user-service-ref="jamWikiAuthenticationDao" />
</authentication-manager>
<b:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<b:constructor-arg><b:ref bean="ldapAuthenticator"/></b:constructor-arg>
<b:constructor-arg><b:ref bean="ldapAuthoritiesPopulator"/></b:constructor-arg>
</b:bean>
<b:bean id="ldapAuthenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
<b:constructor-arg><b:ref bean="ldapContextSource"/></b:constructor-arg>
<b:property name="userSearch" ref="ldapUserSearch" />
</b:bean>
<b:bean id="ldapAuthoritiesPopulator" class="org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator">
<b:constructor-arg><b:ref bean="jamWikiAuthenticationDao"/></b:constructor-arg>
</b:bean>
<b:bean id="ldapContextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<b:property name="url" value="ldap://127.0.0.1:389" />
<b:property name="userDn" value="cn=Manager,dc=stickfish,dc=net" />
<b:property name="password" value="*****" />
<b:property name="referral" value="follow" />
</b:bean>
<b:bean id="ldapUserSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<b:constructor-arg><b:value>ou=users,dc=stickfish,dc=net</b:value></b:constructor-arg>
<b:constructor-arg><b:value>cn={0}</b:value></b:constructor-arg>
<b:constructor-arg><b:ref bean="ldapContextSource"/></b:constructor-arg>
</b:bean>
<b:bean id="jamwikiErrorMessageProvider" class="org.jamwiki.authentication.JAMWikiErrorMessageProvider">
<b:property name="urlPatterns">
<b:map>
<b:entry key="/**/Special:Admin" value="login.message.admin" />
<b:entry key="/**/Special:Edit" value="login.message.edit" />
<b:entry key="/**/Special:Maintenance" value="login.message.admin" />
<b:entry key="/**/Special:Manage" value="login.message.admin" />
<b:entry key="/**/Special:Move" value="login.message.move" />
<b:entry key="/**/Special:Roles" value="login.message.admin" />
<b:entry key="/**/Special:Translation" value="login.message.admin" />
<b:entry key="/**/Special:VirtualWiki" value="login.message.admin" />
<b:entry key="/**/*" value="login.message.default" />
</b:map>
</b:property>
</b:bean>
<b:bean id="jamwikiAccessDeniedHandler" class="org.jamwiki.authentication.JAMWikiAccessDeniedHandler">
<b:property name="errorMessageProvider" ref="jamwikiErrorMessageProvider" />
</b:bean>
<b:bean id="authenticationEntryPoint" class="org.jamwiki.authentication.JAMWikiAuthenticationProcessingFilterEntryPoint">
<!-- do not include virtual wiki in the url, JAMWikiAuthenticationProcessingFilterEntryPoint adds it -->
<b:property name="loginFormUrl" value="/Special:Login" />
<!-- a PortMapper has to be configured if this is true and we are not using default ports -->
<b:property name="forceHttps" value="false" />
<b:property name="errorMessageProvider" ref="jamwikiErrorMessageProvider" />
</b:bean>
<b:bean id="jamwikiPostAuthenticationFilter" class="org.jamwiki.authentication.JAMWikiPostAuthenticationFilter">
<b:property name="key" value="jam35Wiki" />
<b:property name="useJAMWikiAnonymousRoles" value="true" />
</b:bean>
</b:beans>