spring-security/samples/contacts/etc/ca/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>

<!--
  - Contacts web application
  - $Id$
  - File will be copied into WAR's WEB-INF directory if using container adapter
  -->

<web-app>

    <display-name>Contacts Sample Application</display-name>
    
	<description>
    	Example of an application secured using Acegi Security System for Spring.
    </description>

	<!--
	  - Location of the XML file that defines the root application context
	  - Applied by ContextLoaderListener.
	  -->
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>/WEB-INF/applicationContext.xml</param-value>
	</context-param>

    <filter>
        <filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>
        <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
        <init-param>
            <param-name>targetClass</param-name>
            <param-value>net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter</param-value>
        </init-param>
    </filter>

    <filter>
        <filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name>
        <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
        <init-param>
            <param-name>targetClass</param-name>
            <param-value>net.sf.acegisecurity.ui.AutoIntegrationFilter</param-value>
        </init-param>
    </filter>

    <filter-mapping>
      <filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
      <filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

	<!--
	  - Loads the root application context of this web app at startup,
	  - by default from "/WEB-INF/applicationContext.xml".
	  - Use WebApplicationContextUtils.getWebApplicationContext(servletContext)
	  - to access it anywhere in the web application, outside of the framework.
    -->
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>

  <!--
    - Servlet that dispatches request to registered handlers (Controller implementations).
    - Has its own application context, by default defined in "{servlet-name}-servlet.xml",
    - i.e. "contacts-servlet.xml".
    -
    - A web app can contain any number of such servlets.
    - Note that this web app does not have a shared root application context,
    - therefore the DispatcherServlet contexts do not have a common parent.
    -->
	<servlet>
		<servlet-name>contacts</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>

	<servlet>
		<servlet-name>caucho</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>2</load-on-startup>
	</servlet>

  <!--
    - Maps the contacts dispatcher to /*.
    -
   -->
	<servlet-mapping>
    	<servlet-name>contacts</servlet-name>
    	<url-pattern>*.htm</url-pattern>
 	</servlet-mapping>
  
  <!--
	- Dispatcher servlet mapping for HTTP remoting via the Caucho protocols,
	- i.e. Hessian and Burlap (see caucho-servlet.xml for the controllers).
   -->
	<servlet-mapping>
		<servlet-name>caucho</servlet-name>
		<url-pattern>/caucho/*</url-pattern>
	</servlet-mapping>

 	<welcome-file-list>
		<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>

  	<taglib>
      <taglib-uri>/spring</taglib-uri>
      <taglib-location>/WEB-INF/spring.tld</taglib-location>
  	</taglib>

    <security-constraint>
      <display-name>Secured Area Security Constraint</display-name>
      <web-resource-collection>
         <web-resource-name>Secured Area</web-resource-name>
         <url-pattern>/secure/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
         <role-name>ROLE_TELLER</role-name>
	     <role-name>ROLE_SUPERVISOR</role-name>
      </auth-constraint>
    </security-constraint>

    <!-- Default login configuration using BASIC authentication -->
	<!--
	<login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>Spring Powered Realm</realm-name>
	</login-config>
    -->
  
    <!-- Default login configuration using form-based authentication -->
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Spring Powered Realm</realm-name>
      <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/login.jsp?login_error=1</form-error-page>
      </form-login-config>
    </login-config>

    <!-- Security roles referenced by this web application -->
    <security-role>
      <role-name>ROLE_SUPERVISOR</role-name>
    </security-role>
    <security-role>
      <role-name>ROLE_TELLER</role-name>
    </security-role>    

</web-app>
Initial commit. 2004-04-02 06:53:20 -05:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>`

			`<!--`
			`- Contacts web application`
			`- $Id$`
			`- File will be copied into WAR's WEB-INF directory if using container adapter`
			`-->`

			`<web-app>`

			`<display-name>Contacts Sample Application</display-name>`

			`<description>`
			`Example of an application secured using Acegi Security System for Spring.`
			`</description>`

Expand Contacts sample application to use Hessian and Burlap remoting. 2004-04-11 08:15:00 -04:00			`<!--`
			`- Location of the XML file that defines the root application context`
			`- Applied by ContextLoaderListener.`
			`-->`
			`<context-param>`
			`<param-name>contextConfigLocation</param-name>`
			`<param-value>/WEB-INF/applicationContext.xml</param-value>`
			`</context-param>`

			`<filter>`
			`<filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>`
Provide a proxy so filters can be loaded directly from the application context. 2004-04-16 02:31:48 -04:00			`<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>`
			`<init-param>`
			`<param-name>targetClass</param-name>`
			`<param-value>net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter</param-value>`
			`</init-param>`
Expand Contacts sample application to use Hessian and Burlap remoting. 2004-04-11 08:15:00 -04:00			`</filter>`

Initial commit. 2004-04-02 06:53:20 -05:00			`<filter>`
			`<filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name>`
Load AutoIntegrationFilter via FilterToBeanProxy. 2004-08-03 03:18:33 -04:00			`<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>`
			`<init-param>`
			`<param-name>targetClass</param-name>`
			`<param-value>net.sf.acegisecurity.ui.AutoIntegrationFilter</param-value>`
			`</init-param>`
Initial commit. 2004-04-02 06:53:20 -05:00			`</filter>`

Expand Contacts sample application to use Hessian and Burlap remoting. 2004-04-11 08:15:00 -04:00			`<filter-mapping>`
			`<filter-name>Acegi HTTP BASIC Authorization Filter</filter-name>`
			`<url-pattern>/*</url-pattern>`
			`</filter-mapping>`

Initial commit. 2004-04-02 06:53:20 -05:00			`<filter-mapping>`
			`<filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name>`
			`<url-pattern>/*</url-pattern>`
			`</filter-mapping>`

Expand Contacts sample application to use Hessian and Burlap remoting. 2004-04-11 08:15:00 -04:00			`<!--`
			`- Loads the root application context of this web app at startup,`
			`- by default from "/WEB-INF/applicationContext.xml".`
			`- Use WebApplicationContextUtils.getWebApplicationContext(servletContext)`
			`- to access it anywhere in the web application, outside of the framework.`
			`-->`
			`<listener>`
			`<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>`
			`</listener>`

Initial commit. 2004-04-02 06:53:20 -05:00			`<!--`
			`- Servlet that dispatches request to registered handlers (Controller implementations).`
			`- Has its own application context, by default defined in "{servlet-name}-servlet.xml",`
			`- i.e. "contacts-servlet.xml".`
			`-`
			`- A web app can contain any number of such servlets.`
			`- Note that this web app does not have a shared root application context,`
			`- therefore the DispatcherServlet contexts do not have a common parent.`
			`-->`
			`<servlet>`
			`<servlet-name>contacts</servlet-name>`
			`<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>`
			`<load-on-startup>1</load-on-startup>`
			`</servlet>`

Expand Contacts sample application to use Hessian and Burlap remoting. 2004-04-11 08:15:00 -04:00			`<servlet>`
			`<servlet-name>caucho</servlet-name>`
			`<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>`
			`<load-on-startup>2</load-on-startup>`
			`</servlet>`

Initial commit. 2004-04-02 06:53:20 -05:00			`<!--`
			`- Maps the contacts dispatcher to /*.`
			`-`
			`-->`
			`<servlet-mapping>`
			`<servlet-name>contacts</servlet-name>`
			`<url-pattern>*.htm</url-pattern>`
			`</servlet-mapping>`

Expand Contacts sample application to use Hessian and Burlap remoting. 2004-04-11 08:15:00 -04:00			`<!--`
			`- Dispatcher servlet mapping for HTTP remoting via the Caucho protocols,`
			`- i.e. Hessian and Burlap (see caucho-servlet.xml for the controllers).`
			`-->`
			`<servlet-mapping>`
			`<servlet-name>caucho</servlet-name>`
			`<url-pattern>/caucho/*</url-pattern>`
			`</servlet-mapping>`

Initial commit. 2004-04-02 06:53:20 -05:00			`<welcome-file-list>`
			`<welcome-file>index.jsp</welcome-file>`
			`</welcome-file-list>`

			`<taglib>`
			`<taglib-uri>/spring</taglib-uri>`
			`<taglib-location>/WEB-INF/spring.tld</taglib-location>`
			`</taglib>`

			`<security-constraint>`
			`<display-name>Secured Area Security Constraint</display-name>`
			`<web-resource-collection>`
			`<web-resource-name>Secured Area</web-resource-name>`
			`<url-pattern>/secure/*</url-pattern>`
			`</web-resource-collection>`
			`<auth-constraint>`
			`<role-name>ROLE_TELLER</role-name>`
			`<role-name>ROLE_SUPERVISOR</role-name>`
			`</auth-constraint>`
			`</security-constraint>`

			`<!-- Default login configuration using BASIC authentication -->`
			`<!--`
			`<login-config>`
			`<auth-method>BASIC</auth-method>`
			`<realm-name>Spring Powered Realm</realm-name>`
			`</login-config>`
			`-->`

			`<!-- Default login configuration using form-based authentication -->`
			`<login-config>`
			`<auth-method>FORM</auth-method>`
			`<realm-name>Spring Powered Realm</realm-name>`
			`<form-login-config>`
			`<form-login-page>/login.jsp</form-login-page>`
			`<form-error-page>/login.jsp?login_error=1</form-error-page>`
			`</form-login-config>`
			`</login-config>`

			`<!-- Security roles referenced by this web application -->`
			`<security-role>`
			`<role-name>ROLE_SUPERVISOR</role-name>`
			`</security-role>`
			`<security-role>`
			`<role-name>ROLE_TELLER</role-name>`
			`</security-role>`

			`</web-app>`