Skip to content

Instantly share code, notes, and snippets.

@fvanderbiest

fvanderbiest/gist:11217409

Created April 23, 2014 14:28
Show Gist options
  • Save fvanderbiest/11217409 to your computer and use it in GitHub Desktop.
Save fvanderbiest/11217409 to your computer and use it in GitHub Desktop.
Download ZIP
locking down georchestra
Raw
gistfile1.diff
diff --git a/security-proxy/WEB-INF/applicationContext-security.xml b/security-proxy/WEB-INF/applicationContext-security.xml
index 5257608..e4e20f4 100644
--- a/security-proxy/WEB-INF/applicationContext-security.xml
+++ b/security-proxy/WEB-INF/applicationContext-security.xml
@@ -15,6 +15,7 @@
<s:intercept-url pattern=".*\?.*casLogin.*" access="ROLE_SV_USER,ROLE_SV_EDITOR,ROLE_SV_REVIEWER,ROLE_SV_ADMIN" />
<s:intercept-url pattern="/extractorapp/admin/.*" access="ROLE_ADMINISTRATOR" />
<s:intercept-url pattern="/extractorapp/.*" access="ROLE_MOD_EXTRACTORAPP" />
+ <s:intercept-url pattern="/header/.*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<s:intercept-url pattern="/geofence/.*" access="ROLE_ADMINISTRATOR" />
<s:intercept-url pattern="/analytics/.*" access="ROLE_MOD_ANALYTICS" />
<!-- ldapadmin private UI is restricted to members of the MOD_LDAPADMIN group: -->
@@ -23,7 +24,7 @@
<s:intercept-url pattern="/ldapadmin/private/.*" access="ROLE_MOD_LDAPADMIN" />
<s:intercept-url pattern="/testPage" access="IS_AUTHENTICATED_FULLY" />
<!-- <sec:intercept-url pattern=".*\?.*login.*" access="IS_AUTHENTICATED_FULLY" />-->
- <s:intercept-url pattern=".*" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_SV_USER,ROLE_SV_EDITOR,ROLE_SV_REVIEWER,ROLE_SV_ADMIN" />
+ <s:intercept-url pattern=".*" access="ROLE_SV_USER,ROLE_SV_EDITOR,ROLE_SV_REVIEWER,ROLE_SV_ADMIN" />
<!-- s:form-login / -->
<s:custom-filter ref="basicAuthChallengeByUserAgent" before="CAS_FILTER" />
<s:custom-filter ref="casFilter" after="CAS_FILTER" />
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment