API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 20th, 2013
110
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.93 KB | None | 0 0
raw download clone embed print report
  1. <?xml version="1.0" encoding="ISO-8859-1"?>
  2.  
  3. <beans:beans
  4. xmlns="http://www.springframework.org/schema/security"
  5. xmlns:beans="http://www.springframework.org/schema/beans"
  6. xmlns:util="http://www.springframework.org/schema/util"
  7. xmlns:p="http://www.springframework.org/schema/p"
  8. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  9. xsi:schemaLocation=
  10. "http://www.springframework.org/schema/beans
  11. http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
  12. http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
  13. http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
  14. <!-- <debug/> -->
  15. <global-method-security
  16. secured-annotations="enabled">
  17. </global-method-security>
  18.  
  19. <beans:bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
  20. <beans:property name="errorPage" value="/login.xhtml"/>
  21. </beans:bean>
  22.  
  23. <!-- <beans:bean id="roleHierarchy" class="com.indra.contratos.application.security.RolApplicationService"/> -->
  24.  
  25. <beans:bean id="roleHierarchy" class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl">
  26. <beans:property name="hierarchy">
  27. <beans:value>
  28. SYS_ADMIN > AUDITOR
  29. AUDITOR > GERENTE
  30. GERENTE > JEFE_PROYECTO
  31. JEFE_PROYECTO > COLABORADOR
  32. COLABORADOR > JEFE_ALMACEN
  33. JEFE_ALMACEN > USUARIO
  34. </beans:value>
  35. </beans:property>
  36. </beans:bean>
  37.  
  38. <!-- <beans:bean id="rolApplicationService" class="com.indra.contratos.application.security.RolApplicationService" /> -->
  39.  
  40. <beans:bean id="roleHierarchyVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter">
  41. <beans:constructor-arg ref="roleHierarchy" />
  42. <beans:property name="rolePrefix" value="" />
  43.  
  44. </beans:bean>
  45.  
  46. <beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
  47. <beans:constructor-arg>
  48. <beans:list>
  49. <beans:ref bean="roleHierarchyVoter"/>
  50. </beans:list>
  51. </beans:constructor-arg>
  52. </beans:bean>
  53.  
  54. <!-- <beans:bean id="customLogoutSuccessHandler" class="com.indra.contratos.application.security.CustomLogoutSuccessHandler"/> -->
  55.  
  56. <!-- <beans:bean id="securityMetadataSource" class="com.indra.contratos.application.security.InterceptorApplicationService"/>
  57.  
  58. <beans:bean class="com.indra.contratos.application.security.FilterInvocationSecurityMetadataSourcePostProcessor">
  59. <beans:property name="securityMetadataSource">
  60. <beans:bean class="com.indra.contratos.application.security.InterceptorApplicationService"/>
  61. </beans:property>
  62. </beans:bean> -->
  63.  
  64. <!-- <beans:bean id="filterSecurityInterceptor"
  65. class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
  66. <beans:property name="authenticationManager" ref="authenticationManager"/>
  67. <beans:property name="accessDecisionManager" ref="accessDecisionManager"/>
  68. <beans:property name="securityMetadataSource" ref="securityMetadataSource"/>
  69. </beans:bean> -->
  70.  
  71. <!-- <http pattern="/**" security="none"/> -->
  72. <!-- <http pattern="/pages/accessDenied.xhtml" security="none" /> -->
  73. <!-- <http pattern="/login.xhtml" security="none"/>
  74. <http pattern="/l/" security="none"/> -->
  75. <http pattern="/resources/**" security="none"/>
  76. <http pattern="/javax.faces.resource/**" security="none"/>
  77. <http pattern="/index.html" security="none"/>
  78.  
  79. <http auto-config="false"
  80. authentication-manager-ref="authenticationManager"
  81. access-decision-manager-ref="accessDecisionManager"
  82. >
  83.  
  84. <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
  85. <!-- <custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" /> -->
  86. <!-- <intercept-url pattern="/login.xhtml" access="isAnonymous()"/>
  87. <intercept-url pattern="/l/**" access="isAnonymous()"/> -->
  88. <!-- <custom-filter ref="customFilterChain" before="LAST"/> -->
  89. <!-- <custom-filter position="BASIC_AUTH_FILTER" ref="basicAuthenticationFilter" /> -->
  90. <!-- <custom-filter position="EXCEPTION_TRANSLATION_FILTER" ref="exceptionTranslationFilter" /> -->
  91. <!-- <custom-filter position="FILTER_SECURITY_INTERCEPTOR" ref="filterSecurityInterceptor" /> -->
  92. <!-- <intercept-url pattern="/resources/**" filters="none"/>
  93. <intercept-url pattern="/javax.faces.resource/**" filters="none"/> -->
  94. <!-- <intercept-url pattern="/login.xhtml" access="hasPermission('IS_AUTHENTICATED_ANONYMOUSLY')"/>
  95. <intercept-url pattern="/l/**" access="hasPermission('IS_AUTHENTICATED_ANONYMOUSLY')"/> -->
  96. <intercept-url pattern="/a1/**" access="SYS_ADMIN"/>
  97. <intercept-url pattern="/pages/admin/**" access="SYS_ADMIN"/>
  98. <access-denied-handler ref="accessDeniedHandler"/>
  99. <session-management session-authentication-strategy-ref="sas" >
  100. <!-- <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" session-registry-alias="sessionRegistry"/> -->
  101. </session-management>
  102. <!-- <http-basic/> -->
  103. <form-login login-page="/login.xhtml" authentication-failure-url="/index.html"
  104. default-target-url="/pages/admin/listAdmin.xhtml"
  105. always-use-default-target="true"/>
  106.  
  107.  
  108. <!-- <logout delete-cookies="true" invalidate-session="true"
  109. success-handler-ref="customLogoutSuccessHandler"/> -->
  110.  
  111.  
  112.  
  113. </http>
  114.  
  115. <!-- <beans:bean id="basicAuthenticationFilter"
  116. class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
  117. <beans:property name="authenticationManager" ref="authenticationManager"/>
  118. <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
  119. </beans:bean> -->
  120.  
  121. <beans:bean id="authenticationEntryPoint"
  122. class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
  123. p:loginFormUrl="/login.xhtml" />
  124.  
  125. <beans:bean id="myAuthFilter"
  126. class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
  127. <beans:property name="sessionAuthenticationStrategy" ref="sas" />
  128. <beans:property name="authenticationManager" ref="authenticationManager" />
  129. <beans:property name="authenticationFailureHandler" ref="failureHandler" />
  130. <beans:property name="authenticationSuccessHandler" ref="successHandler" />
  131. <beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
  132. </beans:bean>
  133.  
  134. <beans:bean id="concurrencyFilter"
  135. class="org.springframework.security.web.session.ConcurrentSessionFilter">
  136. <beans:property name="sessionRegistry" ref="sessionRegistry" />
  137. <beans:property name="expiredUrl" value="/login.xhtml" />
  138. </beans:bean>
  139.  
  140. <beans:bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
  141. <beans:property name="defaultTargetUrl" value="/pages/admin/listAdmin.xhtml" />
  142. </beans:bean>
  143.  
  144. <beans:bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
  145. <beans:property name="defaultFailureUrl" value="/login.xhtml?login_error=true" />
  146. </beans:bean>
  147.  
  148. <!-- <beans:bean id="securityContextPersistenceFilter"
  149. class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
  150. <beans:property name='securityContextRepository'>
  151. <beans:bean class='org.springframework.security.web.context.HttpSessionSecurityContextRepository'>
  152. <beans:property name='allowSessionCreation' value='false' />
  153. </beans:bean>
  154. </beans:property>
  155. </beans:bean> -->
  156.  
  157. <!-- <beans:bean id="exceptionTranslationFilter"
  158. class="org.springframework.security.web.access.ExceptionTranslationFilter">
  159. <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
  160. <beans:property name="accessDeniedHandler" ref="accessDeniedHandler"/>
  161. </beans:bean> -->
  162.  
  163. <beans:bean id="sas"
  164. class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
  165. <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
  166. <beans:property name="maximumSessions" value="1" />
  167. </beans:bean>
  168.  
  169. <beans:bean id="sessionRegistry"
  170. class="org.springframework.security.core.session.SessionRegistryImpl" />
  171.  
  172. <beans:bean id="passwordEncoder"
  173. class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
  174.  
  175. <beans:bean id="authService"
  176. class="com.indra.contratos.application.security.UserApplicationService" />
  177.  
  178.  
  179. <authentication-manager id="authenticationManager" alias="authenticationManager" >
  180. <!-- <authentication-provider user-service-ref="authService" >
  181. <password-encoder ref="passwordEncoder" />
  182. </authentication-provider> -->
  183. <authentication-provider>
  184. <user-service>
  185. <user name="admin" password="secret" authorities="SYS_ADMIN, USUARIO"/>
  186. </user-service>
  187. </authentication-provider>
  188. </authentication-manager>
  189.  
  190. <!-- <beans:bean id="customFilterChain" class="org.springframework.security.web.FilterChainProxy">
  191. <beans:constructor-arg>
  192. <beans:list>
  193. <filter-chain pattern="/pages/accessDenied.xhtml" filters="none"/>
  194. <filter-chain pattern="/login.xhtml" filters="none"/>
  195. <filter-chain pattern="/l/" filters="none"/>
  196. <filter-chain pattern="/resources/**" filters="none"/>
  197. <filter-chain pattern="/javax.faces.resource/**" filters="none"/>
  198. <filter-chain pattern="/**" filters="
  199. securityContextPersistenceFilter,
  200. concurrencyFilter,
  201. myAuthFilter,
  202. basicAuthenticationFilter,
  203. exceptionTranslationFilter,
  204. filterSecurityInterceptor" />
  205. </beans:list>
  206. </beans:constructor-arg>
  207. </beans:bean> -->
  208.  
  209. </beans:beans>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!