Created
June 23, 2010 16:39
-
-
Save davidray/450178 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springsource.org/dtd/spring-beans.dtd"> | |
| <!--+ | |
| | Application context containing FilterChainProxy. | |
| +--> | |
| <beans> | |
| <!-- ======================== FILTER CHAIN ======================= --> | |
| <!-- if you wish to use channel security, add "channelProcessingFilter," in front | |
| of "httpSessionContextIntegrationFilter" in the list below --> | |
| <bean id="filterChainProxy" | |
| class="org.acegisecurity.util.FilterChainProxy"> | |
| <property name="filterInvocationDefinitionSource"> | |
| <value> | |
| <![CDATA[CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON | |
| PATTERN_TYPE_APACHE_ANT | |
| /**=securityContextHolderAwareRequestFilter,httpSessionContextIntegrationFilter,httpSessionReuseDetectionFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,requestParameterProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,pentahoSecurityStartupFilter,switchUserProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor]]> | |
| </value> | |
| </property> | |
| </bean> | |
| <!-- ======================== AUTHENTICATION ======================= --> | |
| <bean id="authenticationManager" | |
| class="org.acegisecurity.providers.ProviderManager"> | |
| <property name="providers"> | |
| <list> | |
| <ref bean="daoAuthenticationProvider" /> | |
| <ref local="anonymousAuthenticationProvider" /> | |
| <ref local="rememberMeAuthenticationProvider" /> | |
| </list> | |
| </property> | |
| </bean> | |
| <!-- Automatically receives AuthenticationEvent messages --> | |
| <bean id="loggerListener" | |
| class="org.acegisecurity.event.authentication.LoggerListener" /> | |
| <bean id="basicProcessingFilter" | |
| class="org.acegisecurity.ui.basicauth.BasicProcessingFilter"> | |
| <property name="authenticationManager"> | |
| <ref local="authenticationManager" /> | |
| </property> | |
| <property name="authenticationEntryPoint"> | |
| <ref local="basicProcessingFilterEntryPoint" /> | |
| </property> | |
| </bean> | |
| <bean id="basicProcessingFilterEntryPoint" | |
| class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"> | |
| <property name="realmName" value="Pentaho Realm" /> | |
| </bean> | |
| <!-- custom Pentaho begin --> | |
| <bean id="requestParameterProcessingFilter" | |
| class="org.pentaho.platform.web.http.security.RequestParameterAuthenticationFilter"> | |
| <property name="authenticationManager"> | |
| <ref local="authenticationManager" /> | |
| </property> | |
| <property name="authenticationEntryPoint"> | |
| <ref local="requestParameterProcessingFilterEntryPoint" /> | |
| </property> | |
| </bean> | |
| <bean id="requestParameterProcessingFilterEntryPoint" | |
| class="org.pentaho.platform.web.http.security.RequestParameterFilterEntryPoint" /> | |
| <bean id="pentahoSecurityStartupFilter" | |
| class="org.pentaho.platform.web.http.security.SecurityStartupFilter" /> | |
| <!-- custom Pentaho end --> | |
| <bean id="anonymousProcessingFilter" | |
| class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter"> | |
| <property name="key" value="foobar" /> | |
| <property name="userAttribute" | |
| value="anonymousUser,Anonymous" /> | |
| </bean> | |
| <bean id="anonymousAuthenticationProvider" | |
| class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"> | |
| <property name="key" value="foobar" /> | |
| </bean> | |
| <bean id="httpSessionContextIntegrationFilter" | |
| class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"> | |
| <property name="context" | |
| value="org.acegisecurity.context.SecurityContextImpl" /> | |
| </bean> | |
| <bean id="rememberMeProcessingFilter" | |
| class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter"> | |
| <property name="authenticationManager"> | |
| <ref local="authenticationManager" /> | |
| </property> | |
| <property name="rememberMeServices"> | |
| <ref local="rememberMeServices" /> | |
| </property> | |
| </bean> | |
| <bean id="rememberMeServices" | |
| class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> | |
| <property name="userDetailsService"> | |
| <ref bean="userDetailsService" /> | |
| </property> | |
| <property name="key" value="pentahoSecurity" /> | |
| </bean> | |
| <bean id="rememberMeAuthenticationProvider" | |
| class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"> | |
| <property name="key" value="pentahoSecurity" /> | |
| </bean> | |
| <bean id="logoutFilter" | |
| class="org.acegisecurity.ui.logout.LogoutFilter"> | |
| <constructor-arg value="/index.jsp" /> | |
| <!-- URL redirected to after logout --> | |
| <constructor-arg> | |
| <list> | |
| <bean | |
| class="org.pentaho.platform.web.http.security.PentahoLogoutHandler" /> | |
| <ref bean="rememberMeServices" /> | |
| <bean | |
| class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" /> | |
| </list> | |
| </constructor-arg> | |
| <property name="filterProcessesUrl" value="/Logout" /> | |
| </bean> | |
| <bean id="securityContextHolderAwareRequestFilter" | |
| class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" /> | |
| <bean id="httpSessionReuseDetectionFilter" | |
| class="org.pentaho.platform.web.http.security.HttpSessionReuseDetectionFilter"> | |
| <property name="filterProcessesUrl" | |
| value="/j_acegi_security_check" /> | |
| <property name="sessionReuseDetectedUrl" | |
| value="/Login?login_error=2" /> | |
| </bean> | |
| <!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== --> | |
| <!-- You will need to uncomment the "Acegi Channel Processing Filter" | |
| <filter-mapping> in web.xml for the following beans to be used --> | |
| <!-- | |
| <bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter"> | |
| <property name="channelDecisionManager"><ref local="channelDecisionManager"/></property> | |
| <property name="filterInvocationDefinitionSource"> | |
| <value> | |
| CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON | |
| \A/secure/.*\Z=REQUIRES_SECURE_CHANNEL | |
| \A/acegilogin.jsp.*\Z=REQUIRES_SECURE_CHANNEL | |
| \A/j_acegi_security_check.*\Z=REQUIRES_SECURE_CHANNEL | |
| \A.*\Z=REQUIRES_INSECURE_CHANNEL | |
| </value> | |
| </property> | |
| </bean> | |
| <bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl"> | |
| <property name="channelProcessors"> | |
| <list> | |
| <ref local="secureChannelProcessor"/> | |
| <ref local="insecureChannelProcessor"/> | |
| </list> | |
| </property> | |
| </bean> | |
| <bean id="secureChannelProcessor" class="org.acegisecurity.securechannel.SecureChannelProcessor"/> | |
| <bean id="insecureChannelProcessor" class="org.acegisecurity.securechannel.InsecureChannelProcessor"/> | |
| --> | |
| <!-- ===================== HTTP REQUEST SECURITY ==================== --> | |
| <bean id="exceptionTranslationFilter" | |
| class="org.acegisecurity.ui.ExceptionTranslationFilter"> | |
| <property name="authenticationEntryPoint"> | |
| <ref local="authenticationProcessingFilterEntryPoint" /> | |
| </property> | |
| <property name="accessDeniedHandler"> | |
| <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl" /> | |
| </property> | |
| </bean> | |
| <bean id="authenticationProcessingFilter" | |
| class="com.csinitiative.acegi.SiteminderAuthenticationProcessingFilter"> | |
| <property name="authenticationManager"> | |
| <ref local="authenticationManager" /> | |
| </property> | |
| <property name="authenticationFailureUrl" | |
| value="/Login?login_error=1" /> | |
| <property name="defaultTargetUrl" value="/Home" /> | |
| <property name="filterProcessesUrl" | |
| value="/j_acegi_security_check" /> | |
| <property name="rememberMeServices"> | |
| <ref local="rememberMeServices" /> | |
| </property> | |
| <property name="siteminderUsernameHeaderKey" value="UID" /> | |
| <property name="siteminderPasswordHeaderKey" value="UID" /> | |
| </bean> | |
| <bean id="authenticationProcessingFilterEntryPoint" | |
| class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> | |
| <property name="loginFormUrl" value="/Login" /> | |
| <property name="forceHttps" value="false" /> | |
| </bean> | |
| <bean id="httpRequestAccessDecisionManager" | |
| class="org.acegisecurity.vote.AffirmativeBased"> | |
| <property name="allowIfAllAbstainDecisions" value="false" /> | |
| <property name="decisionVoters"> | |
| <list> | |
| <ref bean="roleVoter" /> | |
| </list> | |
| </property> | |
| </bean> | |
| <!-- Note the order that entries are placed against the objectDefinitionSource is critical. | |
| The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL. | |
| Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last --> | |
| <bean id="filterInvocationInterceptor" | |
| class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> | |
| <property name="authenticationManager"> | |
| <ref local="authenticationManager" /> | |
| </property> | |
| <property name="accessDecisionManager"> | |
| <ref local="httpRequestAccessDecisionManager" /> | |
| </property> | |
| <property name="objectDefinitionSource"> | |
| <value> | |
| <![CDATA[ | |
| CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON | |
| \A/docs/.*\Z=Anonymous,Authenticated | |
| \A/mantlelogin/.*\Z=Anonymous,Authenticated | |
| \A/mantle/mantleloginservice/*\Z=Anonymous,Authenticated | |
| \A/mantle/.*\Z=Authenticated | |
| \A/welcome/.*\Z=Anonymous,Authenticated | |
| \A/public/.*\Z=Anonymous,Authenticated | |
| \A/login.*\Z=Anonymous,Authenticated | |
| \A/ping/alive.gif.*\Z=Anonymous,Authenticated | |
| \A/j_acegi_security_check.*\Z=Anonymous,Authenticated | |
| \A/getmondrianmodel.*\Z=Anonymous,Authenticated | |
| \A/getimage.*\Z=Anonymous,Authenticated | |
| \A/getresource.*\Z=Anonymous,Authenticated | |
| \A/admin.*\Z=Admin | |
| \A/auditreport.*\Z=Admin | |
| \A/auditreportlist.*\Z=Admin | |
| \A/versioncontrol.*\Z=Admin | |
| \A/propertieseditor.*\Z=Admin | |
| \A/propertiespanel.*\Z=Admin | |
| \A/subscriptionadmin.*\Z=Admin | |
| \A/resetrepository.*\Z=Admin | |
| \A/viewaction.*solution.admin.*\Z=Admin | |
| \A/scheduleradmin.*\Z=Admin | |
| \A/publish.*\Z=Admin | |
| \A/logout.*\Z=Anonymous | |
| \A/.*\Z=Authenticated | |
| ]]> | |
| </value> | |
| </property> | |
| </bean> | |
| <!-- Filter used to switch the user context. Note: the switch and exit url must be secured | |
| based on the role granted the ability to 'switch' to another user --> | |
| <!-- This needs fixing --> | |
| <bean id="switchUserProcessingFilter" | |
| class="org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter"> | |
| <property name="userDetailsService" ref="userDetailsService" /> | |
| <property name="switchUserUrl" value="/j_acegi_switch_user" /> | |
| <property name="exitUserUrl" value="/j_acegi_exit_user" /> | |
| <property name="targetUrl" | |
| value="/acegi-security-sample-contacts-filter/secure/index.htm" /> | |
| </bean> | |
| </beans> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment