<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http pattern="/login*" security="none"/>
<http pattern="/favicon.ico" security="none"/>
<http pattern="/audit/create*" security="none"/>
<http pattern="/error" security="none"/>
<http pattern="/resources/**" security="none"/>
<http auto-config='true' use-expressions="true">
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/login" authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" delete-cookies="JSESSIONID"/>
<access-denied-handler ref="accessDeniedHandler"/>
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="cat-oracle-dataSource"
users-by-username-query="
select username, password, 1
from users where username=?"
authorities-by-username-query="
select u.username, ur.authority from users u, user_roles ur
where u.user_id = ur.user_id and u.username =?"
/>
</authentication-provider>
</authentication-manager>
<beans:bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<beans:property name="basenames">
<beans:list>
<beans:value>properties.security-message</beans:value>
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="accessDeniedHandler" class="org.cat.core.security.CATAccessHandler">
<beans:property name="accessDeniedUrl" value="/cat/error" />
<beans:property name="errorPropertyFile" value="properties/error.properties" />
<beans:property name="propertyManager" ref="propertyManager" />
</beans:bean>
</beans:beans>