bh5k/gist:db6c7522776c4556d713

## gistfile1.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:mvc="http://www.springframework.org/schema/mvc"
	xmlns:p="http://www.springframework.org/schema/p"
	xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="
		http://www.springframework.org/schema/security
		http://www.springframework.org/schema/security/spring-security.xsd
		http://www.springframework.org/schema/mvc
		http://www.springframework.org/schema/mvc/spring-mvc.xsd
		http://www.springframework.org/schema/beans
		http://www.springframework.org/schema/beans/spring-beans.xsd
		http://www.springframework.org/schema/context
		http://www.springframework.org/schema/context/spring-context.xsd">

	<mvc:annotation-driven/>

	<mvc:resources location="assets" mapping="/assets/**"/>
	<mvc:resources location="pdfs" mapping="/pdfs/**"/>

	<context:component-scan base-package="com.pluralsight"/>

	<!-- Enable global method security: -> can only be defined in MVC Controller
		1) Modify this servlet-config.xml to add pre-post-annotations
		2) Modify GoalController.java (this example) to add ROLE_ADMIN only for update
		3) Add permmissions table
		4) Add com.pluralsight.security package, FitnessPermissionEvaluator.java
		5) Add <security:expression-handler ref="fitnessExpressionHandler"/>
	-->
	<security:global-method-security pre-post-annotations="enabled" >
		<security:expression-handler ref="fitnessExpressionHandler"/>
	</security:global-method-security>

	<bean id="fitnessExpressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
		<property name="permissionEvaluator">
			<bean id="permissionEvaluator" class="com.pluralsight.security.FitnessPermissionEvaluator">
				<property name="datasource" ref="dataSource" />
			</bean>
		</property>
	</bean>

 	<bean class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
		<property name="order" value="1" />
		<property name="contentNegotiationManager">
			<bean class="org.springframework.web.accept.ContentNegotiationManager">
				<constructor-arg>
					<bean class="org.springframework.web.accept.PathExtensionContentNegotiationStrategy">
						<constructor-arg>
							<map>
								<entry key="json" value="application/json" />
								<entry key="xml" value="application/xml" />
							</map>
						</constructor-arg>
					</bean>
				</constructor-arg>
			</bean>
		</property>

		<property name="defaultViews">
			<list>
				<!-- JSON View -->
				<bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView" />

				<!-- XML View -->
				<bean class="org.springframework.web.servlet.view.xml.MarshallingView">
					<constructor-arg>
						<bean class="org.springframework.oxm.xstream.XStreamMarshaller">
							<property name="autodetectAnnotations" value="true" />
						</bean>
					</constructor-arg>
				</bean>
			</list>
		</property>
	</bean>

	<!-- Languages: English and Spanish -->
	<mvc:interceptors>
		<bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor"
		      p:paramName="language"/>
	</mvc:interceptors>

	<bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver"
	      p:defaultLocale="en"/>

	<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource"
	      p:basename="messages"></bean>

	<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"
	      p:prefix="/WEB-INF/jsp/" p:suffix=".jsp" p:order="2"/>

	<bean class="org.springframework.web.servlet.view.BeanNameViewResolver" p:order="0"/>
</beans>
	<?xml version="1.0" encoding="UTF-8"?>
	<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:mvc="http://www.springframework.org/schema/mvc"
	xmlns:p="http://www.springframework.org/schema/p"
	xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security.xsd
	http://www.springframework.org/schema/mvc
	http://www.springframework.org/schema/mvc/spring-mvc.xsd
	http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans.xsd
	http://www.springframework.org/schema/context
	http://www.springframework.org/schema/context/spring-context.xsd">

	<mvc:annotation-driven/>

	<mvc:resources location="assets" mapping="/assets/**"/>
	<mvc:resources location="pdfs" mapping="/pdfs/**"/>

	<context:component-scan base-package="com.pluralsight"/>

	<!-- Enable global method security: -> can only be defined in MVC Controller
	1) Modify this servlet-config.xml to add pre-post-annotations
	2) Modify GoalController.java (this example) to add ROLE_ADMIN only for update
	3) Add permmissions table
	4) Add com.pluralsight.security package, FitnessPermissionEvaluator.java
	5) Add <security:expression-handler ref="fitnessExpressionHandler"/>
	-->
	<security:global-method-security pre-post-annotations="enabled" >
	<security:expression-handler ref="fitnessExpressionHandler"/>
	</security:global-method-security>

	<bean id="fitnessExpressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
	<property name="permissionEvaluator">
	<bean id="permissionEvaluator" class="com.pluralsight.security.FitnessPermissionEvaluator">
	<property name="datasource" ref="dataSource" />
	</bean>
	</property>
	</bean>

	<bean class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
	<property name="order" value="1" />
	<property name="contentNegotiationManager">
	<bean class="org.springframework.web.accept.ContentNegotiationManager">
	<constructor-arg>
	<bean class="org.springframework.web.accept.PathExtensionContentNegotiationStrategy">
	<constructor-arg>
	<map>
	<entry key="json" value="application/json" />
	<entry key="xml" value="application/xml" />
	</map>
	</constructor-arg>
	</bean>
	</constructor-arg>
	</bean>
	</property>

	<property name="defaultViews">
	<list>
	<!-- JSON View -->
	<bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView" />

	<!-- XML View -->
	<bean class="org.springframework.web.servlet.view.xml.MarshallingView">
	<constructor-arg>
	<bean class="org.springframework.oxm.xstream.XStreamMarshaller">
	<property name="autodetectAnnotations" value="true" />
	</bean>
	</constructor-arg>
	</bean>
	</list>
	</property>
	</bean>

	<!-- Languages: English and Spanish -->
	<mvc:interceptors>
	<bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor"
	p:paramName="language"/>
	</mvc:interceptors>

	<bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver"
	p:defaultLocale="en"/>

	<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource"
	p:basename="messages"></bean>

	<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"
	p:prefix="/WEB-INF/jsp/" p:suffix=".jsp" p:order="2"/>

	<bean class="org.springframework.web.servlet.view.BeanNameViewResolver" p:order="0"/>
	</beans>