001 <?xml version="1.0" encoding="UTF-8"?>
002 <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
003     "http://www.springframework.org/dtd/spring-beans.dtd">
004 
005 <beans>
006 
007     <!-- ======================== FILTER CHAIN ======================= -->
008     <bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
009         <property name="filterInvocationDefinitionSource">
010             <value>
011                 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
012                 PATTERN_TYPE_APACHE_ANT
013                 /j_security_check*=httpSessionContextIntegrationFilter,authenticationProcessingFilter
014                 /**/*.html*=httpSessionContextIntegrationFilter,remoteUserFilter,anonymousProcessingFilter,securityEnforcementFilter
015                 /**/*.jsp*=httpSessionContextIntegrationFilter,remoteUserFilter,securityEnforcementFilter
016             </value>
017         </property>
018     </bean>
019 
020     <!-- ======================== AUTHENTICATION ======================= -->
021     
022     <!-- Note the order that entries are placed against the objectDefinitionSource is critical.
023          The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
024          Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*expressions first, with LEAST SPECIFIC (ie a/.*expressions last -->
025     <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
026         <property name="authenticationManager" ref="authenticationManager"/>
027         <property name="accessDecisionManager" ref="accessDecisionManager"/>
028          <property name="objectDefinitionSource">
029             <value>
030                 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
031                 PATTERN_TYPE_APACHE_ANT
032                 /signup.html=ROLE_ANONYMOUS,admin,tomcat
033                 /passwordhint.html*=ROLE_ANONYMOUS,admin,tomcat
034                 /**/*.html*=admin,tomcat
035                 /clickstreams.jsp=admin
036             </value>
037         </property>
038     </bean>
039 
040     <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
041         <property name="providers">
042             <list>
043                 <ref local="daoAuthenticationProvider"/>
044                 <ref local="anonymousAuthenticationProvider"/>
045             </list>
046         </property>
047     </bean>
048    
049     <!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
050     <bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
051     
052     <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
053          <property name="authenticationDao" ref="jdbcAuthenticationDao"/>
054          <property name="userCache" ref="userCache"/>
055     </bean>
056     
057     <!-- Read users from database -->
058     <bean id="jdbcAuthenticationDao" class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
059         <property name="dataSource" ref="dataSource"/>
060         <property name="usersByUsernameQuery">
061             <value>SELECT username,password,enabled FROM app_user WHERE username = ?</value>
062         </property>
063         <property name="authoritiesByUsernameQuery">
064             <value>SELECT username,role_name FROM user_role WHERE username = ?</value>
065         </property>
066     </bean>
067 
068     <bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
069         <property name="cache">
070             <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
071                 <property name="cacheManager">
072                     <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
073                 </property>
074                 <property name="cacheName" value="userCache"/>
075             </bean>
076         </property>
077     </bean>
078    
079     <bean id="anonymousAuthenticationProvider" class="net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
080         <property name="key" value="anonymous"/>
081     </bean>
082     
083     <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter">
084         <property name="rolePrefix" value=""/>
085     </bean>
086 
087     <bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
088         <property name="allowIfAllAbstainDecisions" value="false"/>
089         <property name="decisionVoters">
090             <list>
091                 <ref local="roleVoter"/>
092             </list>
093         </property>
094     </bean>
095     
096     <!-- ===================== HTTP REQUEST SECURITY ==================== -->
097     <bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
098         <property name="context" value="net.sf.acegisecurity.context.security.SecureContextImpl"/>
099     </bean>
100     
101     <bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
102         <property name="authenticationManager" ref="authenticationManager"/>
103         <property name="authenticationFailureUrl" value="/login.jsp?error=true"/>
104         <property name="defaultTargetUrl" value="/"/>
105         <property name="filterProcessesUrl" value="/j_security_check"/>
106     </bean>
107     
108     <bean id="anonymousProcessingFilter" class="net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
109         <property name="key" value="anonymous"/>
110         <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS"/>
111     </bean>
112     
113     <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
114         <property name="filterSecurityInterceptor" ref="filterInvocationInterceptor"/>
115         <property name="authenticationEntryPoint" ref="authenticationProcessingFilterEntryPoint"/>
116     </bean>
117     
118     <bean id="remoteUserFilter" class="net.sf.acegisecurity.wrapper.ContextHolderAwareRequestFilter"/>
119 
120     <bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
121         <property name="loginFormUrl" value="/login.jsp"/>
122         <property name="forceHttps" value="false"/>
123     </bean>
124 
125     <!-- Override 'userManager' bean definition to add userManagerSecurity interceptor -->
126     <bean id="userManager" parent="txProxyTemplate">
127         <property name="target">
128             <bean class="org.appfuse.service.impl.UserManagerImpl">
129                 <property name="userDAO" ref="userDAO"/>
130             </bean>
131         </property>
132         <property name="transactionAttributes">
133             <props>
134                 <prop key="save*">PROPAGATION_REQUIRED,-UserExistsException</prop>
135                 <prop key="remove*">PROPAGATION_REQUIRED</prop>
136                 <prop key="*LoginCookie">PROPAGATION_REQUIRED</prop>
137                 <prop key="*">PROPAGATION_REQUIRED,readOnly</prop>
138             </props>
139         </property>
140         <property name="preInterceptors">
141             <list>
142                 <ref bean="userSecurityInterceptor"/>
143                 <ref bean="userManagerSecurity"/>
144             </list>
145         </property>
146     </bean>
147 
148     <bean id="userManagerSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
149         <property name="authenticationManager" ref="authenticationManager"/>
150         <property name="accessDecisionManager" ref="accessDecisionManager"/>
151         <property name="objectDefinitionSource">
152              <value>
153                  org.appfuse.service.UserManager.getUsers=admin
154                  org.appfuse.service.UserManager.removeUser=admin
155              </value>
156         </property>
157     </bean>
158 </beans>

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-1) was last changed on 06-Apr-2006 09:45 by 이동국