SEC-271: Rolled back new namespaces changes from 1.0.4 release

samples/tutorial/src/main/webapp/WEB-INF/applicationContext-acegi-security.xml

@@ -1,172 +1,148 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="UTF-8"?>
-
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<beans xmlns="http://www.springframework.org/schema/beans"
+
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<!--
-	xmlns:security="http://www.springframework.org/schema/security"
+  - A simple "base bones" Acegi Security configuration.
-	xmlns:util="http://www.springframework.org/schema/util"
+  -
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+  - The sample includes the "popular" features that people tend to use.
-	http://www.springframework.org/schema/util http://www.springframework.org/schema/beans/spring-util-2.0.xsd
+  - Specifically, form authentication, remember-me, and anonymous processing.
-	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+  - Other features aren't setup, as these can be added later by inserting
-
+  - the relevant XML fragments as specified in the Reference Guide.
-	<!--
+  -
-		- A simple "base bones" Acegi Security configuration.
+  - To assist new users, the filters specified in the FilterChainProxy are
-		-
+  - declared in the application context in the same order. Collaborators
-		- The sample includes the "popular" features that people tend to use.
+  - required by those filters are placed at the end of the file.
-		- Specifically, form authentication, remember-me, and anonymous processing.
+  -
-		- Other features aren't setup, as these can be added later by inserting
+  - $Id$
-		- the relevant XML fragments as specified in the Reference Guide.
+  -->
-		-
+
-		- To assist new users, the filters specified in the FilterChainProxy are
+<beans>
-		- declared in the application context in the same order. Collaborators
+
-		- required by those filters are placed at the end of the file.
+	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
-		-
+		<property name="filterInvocationDefinitionSource">
-		- $Id$
+			<value>
-	-->
+				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-
+				PATTERN_TYPE_APACHE_ANT
-
+				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
-	<bean id="filterChainProxy"
+			</value>
-		class="org.acegisecurity.util.FilterChainProxy">
+		</property>
-		<property name="filterInvocationDefinitionSource">
+	</bean>
-			<value>
+
-				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+	<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
-				PATTERN_TYPE_APACHE_ANT
+
-				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
+	<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
-			</value>
+		<constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
-		</property>
+		<constructor-arg>
-	</bean>
+			<list>
-
+				<ref bean="rememberMeServices"/>
-	<!-- sessionCreation defaults to ifRequired(true) always(true) never(false) . -->
+				<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
-	<security:session-context-integration
+			</list>
-		id="httpSessionContextIntegrationFilter" sessionCreation="ifRequired" />
+		</constructor-arg>
-
+	</bean>
-
+
-	<!-- If LogoutFilter does not have setHandlers populated, introspect app ctx for LogoutHandlers, using Ordered (if present, otherwise assume Integer.MAX_VALUE) -->
+	<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
-	<!-- The logoutUrl and redirectAfterLogout are both optional and default to that shown -->
+		<property name="authenticationManager" ref="authenticationManager"/>
-	<security:logout-support id="logoutFilter"
+		<property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
-		redirectAfterLogoutUrl="/index.jsp" logoutUrl="/j_acegi_logout" />
+		<property name="defaultTargetUrl" value="/"/>
-
+		<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
-	<security:authentication-remember-me-services
+		<property name="rememberMeServices" ref="rememberMeServices"/>
-		id="rememberMeServices" key="someValue" />
+	</bean>
-
+   
-
+	<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
-	<bean id="securityContextLogoutHandler"
+
-		class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
+	<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
-
+		<property name="authenticationManager" ref="authenticationManager"/>
-	<!--  the URLs are all mandatory and have no defaults (well, except authenticationUrl) -->
+		<property name="rememberMeServices" ref="rememberMeServices"/>
-	<security:authentication-form id="authenticationProcessingFilter"
+	</bean>
-		authenticationUrl="/j_acegi_security_check" defaultTargetUrl="/"
+
-		errorFormUrl="/acegilogin.jsp?login_error=1" />
+	<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
-
+		<property name="key" value="changeThis"/>
-	<!-- make it optional, if not supplied autodetect all auth-providers from app ctx, using Ordered to resolve their order  -->
+		<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
-	<security:authentication-mechanism id="authenticationManager" />
+	</bean>
-
+
-	<!-- dao authentication provider "authenticationRepository" -->
+	<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
-	<security:authentication-repository id="daoAuthenticationProvider" />
+		<property name="authenticationEntryPoint">
-
+			<bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
-
+				<property name="loginFormUrl" value="/acegilogin.jsp"/>
-	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
+				<property name="forceHttps" value="false"/>
-	<security:principal-repository id="userDetailsService">
+			</bean>
-		<security:properties resource="/WEB-INF/users.properties" />
+		</property>
-	</security:principal-repository>
+		<property name="accessDeniedHandler">
-
+			<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
-	<bean id="securityContextHolderAwareRequestFilter"
+				<property name="errorPage" value="/accessDenied.jsp"/>
-		class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
+			</bean>
-
+		</property>
-	<!-- makes the filter, but does little else, as it auto-detects everything -->
+	</bean>
-	<security:authentication-remember-me-filter
+
-		id="rememberMeProcessingFilter" />
+	<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
-
+		<property name="authenticationManager" ref="authenticationManager"/>
-	<bean id="anonymousProcessingFilter"
+		<property name="accessDecisionManager">
-		class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
+			<bean class="org.acegisecurity.vote.AffirmativeBased">
-		<property name="key" value="changeThis" />
+				<property name="allowIfAllAbstainDecisions" value="false"/>
-		<property name="userAttribute"
+				<property name="decisionVoters">
-			value="anonymousUser,ROLE_ANONYMOUS" />
+					<list>
-	</bean>
+						<bean class="org.acegisecurity.vote.RoleVoter"/>
-
+						<bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
-	<!-- Basically accessDeniedUrl is optional, we if unspecified impl will auto-detect any AccessDeniedHandler in ctx and use it; 
+					</list>
-		alternately if there are > 1 such handlers, we can nominate the one to use via accessDeniedBeanRef; provide nested elements for
+				</property>
-		other props; i do not mind if you move the access denied stuff to a sub-element -->
+			</bean>
-	<security:exception-translation id="exceptionTranslationFilter">
+		</property>
-		<security:entry-point
+		<property name="objectDefinitionSource">
-			entryPointBeanRef="authenticationEntryPoint" />
+			<value>
-	</security:exception-translation>
+				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
-
+				PATTERN_TYPE_APACHE_ANT
-
+				/secure/extreme/**=ROLE_SUPERVISOR
-	<bean id="authenticationEntryPoint"
+				/secure/**=IS_AUTHENTICATED_REMEMBERED
-		class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+				/**=IS_AUTHENTICATED_ANONYMOUSLY
-		<property name="loginFormUrl" value="/acegilogin.jsp" />
+			</value>
-		<property name="forceHttps" value="false" />
+		</property>
-	</bean>
+	</bean>
-
+
-
+	<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
-	<bean id="accessDeniedHandler"
+		<property name="userDetailsService" ref="userDetailsService"/>
-		class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
+		<property name="key" value="changeThis"/>
-		<property name="errorPage" value="/accessDenied.jsp" />
+	</bean>
-	</bean>
+
-
+	<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
-
+		<property name="providers">
-	<bean id="filterInvocationInterceptor"
+			<list>
-		class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
+				<ref local="daoAuthenticationProvider"/>
-		<property name="authenticationManager"
+				<bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
-			ref="authenticationManager" />
+					<property name="key" value="changeThis"/>
-		<property name="accessDecisionManager">
+				</bean>
-			<bean class="org.acegisecurity.vote.AffirmativeBased">
+				<bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
-				<property name="allowIfAllAbstainDecisions"
+					<property name="key" value="changeThis"/>
-					value="false" />
+				</bean>
-				<property name="decisionVoters">
+			</list>
-					<list>
+		</property>
-						<bean class="org.acegisecurity.vote.RoleVoter" />
+	</bean>
-						<bean
+
-							class="org.acegisecurity.vote.AuthenticatedVoter" />
+	<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
-					</list>
+		<property name="userDetailsService" ref="userDetailsService"/>
-				</property>
+		<property name="userCache">
-			</bean>
+			<bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
-		</property>
+				<property name="cache">
-		<property name="objectDefinitionSource">
+					<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
-			<value>
+						<property name="cacheManager">
-				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+							<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
-				PATTERN_TYPE_APACHE_ANT
+						</property>
-				/secure/extreme/**=ROLE_SUPERVISOR
+						<property name="cacheName" value="userCache"/>
-				/secure/**=IS_AUTHENTICATED_REMEMBERED
+					</bean>
-				/**=IS_AUTHENTICATED_ANONYMOUSLY
+				</property>
-			</value>
+			</bean>
-		</property>
+		</property>
-	</bean>
+	</bean>
-
+
-
+	<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
-	<!--<bean id="authenticationManager"
+	<bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
-		class="org.acegisecurity.providers.ProviderManager">
+		<property name="userProperties">
-		<property name="providers">
+			<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
-		<list>
+				<property name="location" value="/WEB-INF/users.properties"/>
-		<ref local="daoAuthenticationProvider" />
+			</bean>
-		<bean
+		</property>
-		class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
+	</bean>
-		<property name="key" value="changeThis" />
+
-		</bean>
+	<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
-		<bean
+	<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
-		class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
+
-		<property name="key" value="changeThis" />
-		</bean>
-		</list>
-		</property>
-		</bean>-->
-
-	<bean id="userCache"
-		class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
-		<property name="cache">
-			<bean
-				class="org.springframework.cache.ehcache.EhCacheFactoryBean">
-				<property name="cacheManager">
-					<bean
-						class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
-				</property>
-				<property name="cacheName" value="userCache" />
-			</bean>
-		</property>
-	</bean>
-
-	<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
-	<bean id="loggerListener"
-		class="org.acegisecurity.event.authentication.LoggerListener" />
-
 </beans>