Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?xml version="1.0" encoding="ISO-8859-1"?>
- <beans:beans
- xmlns="http://www.springframework.org/schema/security"
- xmlns:beans="http://www.springframework.org/schema/beans"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation=
- "http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
- <!-- <debug/> -->
- <global-method-security
- secured-annotations="enabled">
- </global-method-security>
- <beans:bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
- <beans:property name="errorPage" value="/login.xhtml"/>
- </beans:bean>
- <!-- <beans:bean id="roleHierarchy" class="com.indra.contratos.application.security.RolApplicationService"/> -->
- <beans:bean id="roleHierarchy" class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl">
- <beans:property name="hierarchy">
- <beans:value>
- SYS_ADMIN > AUDITOR
- AUDITOR > GERENTE
- GERENTE > JEFE_PROYECTO
- JEFE_PROYECTO > COLABORADOR
- COLABORADOR > JEFE_ALMACEN
- JEFE_ALMACEN > USUARIO
- </beans:value>
- </beans:property>
- </beans:bean>
- <!-- <beans:bean id="rolApplicationService" class="com.indra.contratos.application.security.RolApplicationService" /> -->
- <beans:bean id="roleHierarchyVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter">
- <beans:constructor-arg ref="roleHierarchy" />
- <beans:property name="rolePrefix" value="" />
- </beans:bean>
- <beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
- <beans:constructor-arg>
- <beans:list>
- <beans:ref bean="roleHierarchyVoter"/>
- </beans:list>
- </beans:constructor-arg>
- </beans:bean>
- <!-- <beans:bean id="customLogoutSuccessHandler" class="com.indra.contratos.application.security.CustomLogoutSuccessHandler"/> -->
- <!-- <beans:bean id="securityMetadataSource" class="com.indra.contratos.application.security.InterceptorApplicationService"/>
- <beans:bean class="com.indra.contratos.application.security.FilterInvocationSecurityMetadataSourcePostProcessor">
- <beans:property name="securityMetadataSource">
- <beans:bean class="com.indra.contratos.application.security.InterceptorApplicationService"/>
- </beans:property>
- </beans:bean> -->
- <!-- <beans:bean id="filterSecurityInterceptor"
- class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
- <beans:property name="authenticationManager" ref="authenticationManager"/>
- <beans:property name="accessDecisionManager" ref="accessDecisionManager"/>
- <beans:property name="securityMetadataSource" ref="securityMetadataSource"/>
- </beans:bean> -->
- <!-- <http pattern="/**" security="none"/> -->
- <!-- <http pattern="/pages/accessDenied.xhtml" security="none" /> -->
- <!-- <http pattern="/login.xhtml" security="none"/>
- <http pattern="/l/" security="none"/> -->
- <http pattern="/resources/**" security="none"/>
- <http pattern="/javax.faces.resource/**" security="none"/>
- <http pattern="/index.html" security="none"/>
- <http auto-config="false"
- authentication-manager-ref="authenticationManager"
- access-decision-manager-ref="accessDecisionManager"
- >
- <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
- <!-- <custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" /> -->
- <!-- <intercept-url pattern="/login.xhtml" access="isAnonymous()"/>
- <intercept-url pattern="/l/**" access="isAnonymous()"/> -->
- <!-- <custom-filter ref="customFilterChain" before="LAST"/> -->
- <!-- <custom-filter position="BASIC_AUTH_FILTER" ref="basicAuthenticationFilter" /> -->
- <!-- <custom-filter position="EXCEPTION_TRANSLATION_FILTER" ref="exceptionTranslationFilter" /> -->
- <!-- <custom-filter position="FILTER_SECURITY_INTERCEPTOR" ref="filterSecurityInterceptor" /> -->
- <!-- <intercept-url pattern="/resources/**" filters="none"/>
- <intercept-url pattern="/javax.faces.resource/**" filters="none"/> -->
- <!-- <intercept-url pattern="/login.xhtml" access="hasPermission('IS_AUTHENTICATED_ANONYMOUSLY')"/>
- <intercept-url pattern="/l/**" access="hasPermission('IS_AUTHENTICATED_ANONYMOUSLY')"/> -->
- <intercept-url pattern="/a1/**" access="SYS_ADMIN"/>
- <intercept-url pattern="/pages/admin/**" access="SYS_ADMIN"/>
- <access-denied-handler ref="accessDeniedHandler"/>
- <session-management session-authentication-strategy-ref="sas" >
- <!-- <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" session-registry-alias="sessionRegistry"/> -->
- </session-management>
- <!-- <http-basic/> -->
- <form-login login-page="/login.xhtml" authentication-failure-url="/index.html"
- default-target-url="/pages/admin/listAdmin.xhtml"
- always-use-default-target="true"/>
- <!-- <logout delete-cookies="true" invalidate-session="true"
- success-handler-ref="customLogoutSuccessHandler"/> -->
- </http>
- <!-- <beans:bean id="basicAuthenticationFilter"
- class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
- <beans:property name="authenticationManager" ref="authenticationManager"/>
- <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
- </beans:bean> -->
- <beans:bean id="authenticationEntryPoint"
- class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
- p:loginFormUrl="/login.xhtml" />
- <beans:bean id="myAuthFilter"
- class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
- <beans:property name="sessionAuthenticationStrategy" ref="sas" />
- <beans:property name="authenticationManager" ref="authenticationManager" />
- <beans:property name="authenticationFailureHandler" ref="failureHandler" />
- <beans:property name="authenticationSuccessHandler" ref="successHandler" />
- <beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
- </beans:bean>
- <beans:bean id="concurrencyFilter"
- class="org.springframework.security.web.session.ConcurrentSessionFilter">
- <beans:property name="sessionRegistry" ref="sessionRegistry" />
- <beans:property name="expiredUrl" value="/login.xhtml" />
- </beans:bean>
- <beans:bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
- <beans:property name="defaultTargetUrl" value="/pages/admin/listAdmin.xhtml" />
- </beans:bean>
- <beans:bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
- <beans:property name="defaultFailureUrl" value="/login.xhtml?login_error=true" />
- </beans:bean>
- <!-- <beans:bean id="securityContextPersistenceFilter"
- class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
- <beans:property name='securityContextRepository'>
- <beans:bean class='org.springframework.security.web.context.HttpSessionSecurityContextRepository'>
- <beans:property name='allowSessionCreation' value='false' />
- </beans:bean>
- </beans:property>
- </beans:bean> -->
- <!-- <beans:bean id="exceptionTranslationFilter"
- class="org.springframework.security.web.access.ExceptionTranslationFilter">
- <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
- <beans:property name="accessDeniedHandler" ref="accessDeniedHandler"/>
- </beans:bean> -->
- <beans:bean id="sas"
- class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
- <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
- <beans:property name="maximumSessions" value="1" />
- </beans:bean>
- <beans:bean id="sessionRegistry"
- class="org.springframework.security.core.session.SessionRegistryImpl" />
- <beans:bean id="passwordEncoder"
- class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
- <beans:bean id="authService"
- class="com.indra.contratos.application.security.UserApplicationService" />
- <authentication-manager id="authenticationManager" alias="authenticationManager" >
- <!-- <authentication-provider user-service-ref="authService" >
- <password-encoder ref="passwordEncoder" />
- </authentication-provider> -->
- <authentication-provider>
- <user-service>
- <user name="admin" password="secret" authorities="SYS_ADMIN, USUARIO"/>
- </user-service>
- </authentication-provider>
- </authentication-manager>
- <!-- <beans:bean id="customFilterChain" class="org.springframework.security.web.FilterChainProxy">
- <beans:constructor-arg>
- <beans:list>
- <filter-chain pattern="/pages/accessDenied.xhtml" filters="none"/>
- <filter-chain pattern="/login.xhtml" filters="none"/>
- <filter-chain pattern="/l/" filters="none"/>
- <filter-chain pattern="/resources/**" filters="none"/>
- <filter-chain pattern="/javax.faces.resource/**" filters="none"/>
- <filter-chain pattern="/**" filters="
- securityContextPersistenceFilter,
- concurrencyFilter,
- myAuthFilter,
- basicAuthenticationFilter,
- exceptionTranslationFilter,
- filterSecurityInterceptor" />
- </beans:list>
- </beans:constructor-arg>
- </beans:bean> -->
- </beans:beans>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement