Corrected typo "configuaration" in comments. Removed indentation tab characters.
This commit is contained in:
Luke Taylor
parent
defc79c283
commit
9e59374477
|
|
@ -8,243 +8,243 @@
|
||||||
|
|
||||||
<beans>
|
<beans>
|
||||||
|
|
||||||
<!-- =================== SECURITY SYSTEM DEFINITIONS ================== -->
|
<!-- =================== SECURITY SYSTEM DEFINITIONS ================== -->
|
||||||
|
|
||||||
<!-- RunAsManager -->
|
|
||||||
<bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
|
|
||||||
<property name="key"><value>my_run_as_password</value></property>
|
|
||||||
</bean>
|
|
||||||
|
|
||||||
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHENTICATION DEFINITIONS ~~~~~~~~~~~~~~~~~~ -->
|
<!-- RunAsManager -->
|
||||||
|
<bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
|
||||||
<bean id="runAsAuthenticationProvider" class="net.sf.acegisecurity.runas.RunAsImplAuthenticationProvider">
|
<property name="key"><value>my_run_as_password</value></property>
|
||||||
<property name="key"><value>my_run_as_password</value></property>
|
</bean>
|
||||||
</bean>
|
|
||||||
|
|
||||||
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
|
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHENTICATION DEFINITIONS ~~~~~~~~~~~~~~~~~~ -->
|
||||||
<property name="providers">
|
|
||||||
<list>
|
<bean id="runAsAuthenticationProvider" class="net.sf.acegisecurity.runas.RunAsImplAuthenticationProvider">
|
||||||
<ref bean="runAsAuthenticationProvider"/>
|
<property name="key"><value>my_run_as_password</value></property>
|
||||||
<ref bean="daoAuthenticationProvider"/>
|
</bean>
|
||||||
</list>
|
|
||||||
</property>
|
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
|
||||||
</bean>
|
<property name="providers">
|
||||||
|
<list>
|
||||||
<!-- Passwords encoded using MD5, NOT in Base64 format, with null as salt
|
<ref bean="runAsAuthenticationProvider"/>
|
||||||
Encoded password for marissa is "koala"
|
<ref bean="daoAuthenticationProvider"/>
|
||||||
Encoded password for dianne is "emu"
|
</list>
|
||||||
Encoded password for scott is "wombat"
|
</property>
|
||||||
Encoded password for peter is "opal" -->
|
</bean>
|
||||||
<bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
|
|
||||||
<property name="userMap">
|
<!-- Passwords encoded using MD5, NOT in Base64 format, with null as salt
|
||||||
<value>
|
Encoded password for marissa is "koala"
|
||||||
|
Encoded password for dianne is "emu"
|
||||||
|
Encoded password for scott is "wombat"
|
||||||
|
Encoded password for peter is "opal" -->
|
||||||
|
<bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
|
||||||
|
<property name="userMap">
|
||||||
|
<value>
|
||||||
marissa=a564de63c2d0da68cf47586ee05984d7,ROLE_TELLER,ROLE_SUPERVISOR
|
marissa=a564de63c2d0da68cf47586ee05984d7,ROLE_TELLER,ROLE_SUPERVISOR
|
||||||
dianne=65d15fe9156f9c4bbffd98085992a44e,ROLE_TELLER
|
dianne=65d15fe9156f9c4bbffd98085992a44e,ROLE_TELLER
|
||||||
scott=2b58af6dddbd072ed27ffc86725d7d3a,ROLE_TELLER
|
scott=2b58af6dddbd072ed27ffc86725d7d3a,ROLE_TELLER
|
||||||
peter=22b5c9accc6e1ba628cedc63a72d57f8,disabled,ROLE_TELLER
|
peter=22b5c9accc6e1ba628cedc63a72d57f8,disabled,ROLE_TELLER
|
||||||
</value>
|
</value>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="passwordEncoder" class="net.sf.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
|
<bean id="passwordEncoder" class="net.sf.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
|
||||||
|
|
||||||
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
|
|
||||||
<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
|
|
||||||
<property name="userCache"><ref bean="userCache"/></property>
|
|
||||||
<property name="passwordEncoder"><ref bean="passwordEncoder"/></property>
|
|
||||||
</bean>
|
|
||||||
|
|
||||||
<bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
|
|
||||||
<property name="minutesToIdle"><value>5</value></property>
|
|
||||||
</bean>
|
|
||||||
|
|
||||||
<!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
|
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
|
||||||
<bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
|
<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
|
||||||
|
<property name="userCache"><ref bean="userCache"/></property>
|
||||||
|
<property name="passwordEncoder"><ref bean="passwordEncoder"/></property>
|
||||||
|
</bean>
|
||||||
|
|
||||||
<bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
|
<bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
|
||||||
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
<property name="minutesToIdle"><value>5</value></property>
|
||||||
<property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
|
</bean>
|
||||||
</bean>
|
|
||||||
|
|
||||||
<bean id="basicProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
|
<!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
|
||||||
<property name="realmName"><value>Contacts Realm</value></property>
|
<bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
|
||||||
</bean>
|
|
||||||
|
|
||||||
<bean id="autoIntegrationFilter" class="net.sf.acegisecurity.ui.AutoIntegrationFilter" />
|
<bean id="basicProcessingFilter" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
|
||||||
|
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
||||||
|
<property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
|
||||||
|
</bean>
|
||||||
|
|
||||||
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ -->
|
<bean id="basicProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
|
||||||
|
<property name="realmName"><value>Contacts Realm</value></property>
|
||||||
|
</bean>
|
||||||
|
|
||||||
<!-- An access decision voter that reads ROLE_* configuaration settings -->
|
<bean id="autoIntegrationFilter" class="net.sf.acegisecurity.ui.AutoIntegrationFilter"/>
|
||||||
<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
|
|
||||||
|
|
||||||
<!-- An access decision voter that reads CONTACT_OWNED_BY_CURRENT_USER configuaration settings -->
|
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ -->
|
||||||
<bean id="contactSecurityVoter" class="sample.contact.ContactSecurityVoter"/>
|
|
||||||
|
|
||||||
<!-- An access decision manager used by the business objects -->
|
<!-- An access decision voter that reads ROLE_* configuration settings -->
|
||||||
<bean id="businessAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
|
<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
|
||||||
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
|
|
||||||
<property name="decisionVoters">
|
|
||||||
<list>
|
|
||||||
<ref bean="roleVoter"/>
|
|
||||||
<ref bean="contactSecurityVoter"/>
|
|
||||||
</list>
|
|
||||||
</property>
|
|
||||||
</bean>
|
|
||||||
|
|
||||||
<!-- ===================== SECURITY DEFINITIONS ======================= -->
|
<!-- An access decision voter that reads CONTACT_OWNED_BY_CURRENT_USER configuration settings -->
|
||||||
|
<bean id="contactSecurityVoter" class="sample.contact.ContactSecurityVoter"/>
|
||||||
<bean id="publicContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
|
|
||||||
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
<!-- An access decision manager used by the business objects -->
|
||||||
<property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
|
<bean id="businessAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
|
||||||
<property name="runAsManager"><ref bean="runAsManager"/></property>
|
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
|
||||||
<property name="objectDefinitionSource">
|
<property name="decisionVoters">
|
||||||
<value>
|
<list>
|
||||||
|
<ref bean="roleVoter"/>
|
||||||
|
<ref bean="contactSecurityVoter"/>
|
||||||
|
</list>
|
||||||
|
</property>
|
||||||
|
</bean>
|
||||||
|
|
||||||
|
<!-- ===================== SECURITY DEFINITIONS ======================= -->
|
||||||
|
|
||||||
|
<bean id="publicContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
|
||||||
|
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
||||||
|
<property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
|
||||||
|
<property name="runAsManager"><ref bean="runAsManager"/></property>
|
||||||
|
<property name="objectDefinitionSource">
|
||||||
|
<value>
|
||||||
sample.contact.ContactManager.delete=ROLE_SUPERVISOR,RUN_AS_SERVER
|
sample.contact.ContactManager.delete=ROLE_SUPERVISOR,RUN_AS_SERVER
|
||||||
sample.contact.ContactManager.getAllByOwner=CONTACT_OWNED_BY_CURRENT_USER,RUN_AS_SERVER
|
sample.contact.ContactManager.getAllByOwner=CONTACT_OWNED_BY_CURRENT_USER,RUN_AS_SERVER
|
||||||
sample.contact.ContactManager.save=CONTACT_OWNED_BY_CURRENT_USER,RUN_AS_SERVER
|
sample.contact.ContactManager.save=CONTACT_OWNED_BY_CURRENT_USER,RUN_AS_SERVER
|
||||||
sample.contact.ContactManager.getById=ROLE_TELLER,RUN_AS_SERVER
|
sample.contact.ContactManager.getById=ROLE_TELLER,RUN_AS_SERVER
|
||||||
</value>
|
</value>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<!-- We expect all callers of the backend object to hold the role ROLE_RUN_AS_SERVER -->
|
<!-- We expect all callers of the backend object to hold the role ROLE_RUN_AS_SERVER -->
|
||||||
<bean id="backendContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
|
<bean id="backendContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
|
||||||
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
||||||
<property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
|
<property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
|
||||||
<property name="runAsManager"><ref bean="runAsManager"/></property>
|
<property name="runAsManager"><ref bean="runAsManager"/></property>
|
||||||
<property name="objectDefinitionSource">
|
<property name="objectDefinitionSource">
|
||||||
<value>
|
<value>
|
||||||
sample.contact.ContactManager.delete=ROLE_RUN_AS_SERVER
|
sample.contact.ContactManager.delete=ROLE_RUN_AS_SERVER
|
||||||
sample.contact.ContactManager.getAllByOwner=ROLE_RUN_AS_SERVER
|
sample.contact.ContactManager.getAllByOwner=ROLE_RUN_AS_SERVER
|
||||||
sample.contact.ContactManager.save=ROLE_RUN_AS_SERVER
|
sample.contact.ContactManager.save=ROLE_RUN_AS_SERVER
|
||||||
sample.contact.ContactManager.getById=ROLE_RUN_AS_SERVER
|
sample.contact.ContactManager.getById=ROLE_RUN_AS_SERVER
|
||||||
</value>
|
</value>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<!-- ======================= BUSINESS DEFINITIONS ===================== -->
|
<!-- ======================= BUSINESS DEFINITIONS ===================== -->
|
||||||
|
|
||||||
<bean id="contactManager" class="org.springframework.aop.framework.ProxyFactoryBean">
|
<bean id="contactManager" class="org.springframework.aop.framework.ProxyFactoryBean">
|
||||||
<property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
|
<property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
|
||||||
<property name="interceptorNames">
|
<property name="interceptorNames">
|
||||||
<list>
|
<list>
|
||||||
<value>publicContactManagerSecurity</value>
|
<value>publicContactManagerSecurity</value>
|
||||||
<value>publicContactManagerTarget</value>
|
<value>publicContactManagerTarget</value>
|
||||||
</list>
|
</list>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="publicContactManagerTarget" class="sample.contact.ContactManagerFacade">
|
<bean id="publicContactManagerTarget" class="sample.contact.ContactManagerFacade">
|
||||||
<property name="backend"><ref bean="backendContactManager"/></property>
|
<property name="backend"><ref bean="backendContactManager"/></property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="backendContactManager" class="org.springframework.aop.framework.ProxyFactoryBean">
|
<bean id="backendContactManager" class="org.springframework.aop.framework.ProxyFactoryBean">
|
||||||
<property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
|
<property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
|
||||||
<property name="interceptorNames">
|
<property name="interceptorNames">
|
||||||
<list>
|
<list>
|
||||||
<value>backendContactManagerSecurity</value>
|
<value>backendContactManagerSecurity</value>
|
||||||
<value>backendContactManagerTarget</value>
|
<value>backendContactManagerTarget</value>
|
||||||
</list>
|
</list>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="backendContactManagerTarget" class="sample.contact.ContactManagerBackend"/>
|
<bean id="backendContactManagerTarget" class="sample.contact.ContactManagerBackend"/>
|
||||||
|
|
||||||
<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
|
<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
|
||||||
|
|
||||||
<!-- You will need to uncomment the "Acegi Channel Processing Filter"
|
|
||||||
<filter-mapping> in web.xml for the following beans to be used -->
|
|
||||||
|
|
||||||
<bean id="channelProcessingFilter" class="net.sf.acegisecurity.securechannel.ChannelProcessingFilter">
|
<!-- You will need to uncomment the "Acegi Channel Processing Filter"
|
||||||
<property name="channelDecisionManager"><ref bean="channelDecisionManager"/></property>
|
<filter-mapping> in web.xml for the following beans to be used -->
|
||||||
<property name="filterInvocationDefinitionSource">
|
|
||||||
<value>
|
<bean id="channelProcessingFilter" class="net.sf.acegisecurity.securechannel.ChannelProcessingFilter">
|
||||||
|
<property name="channelDecisionManager"><ref bean="channelDecisionManager"/></property>
|
||||||
|
<property name="filterInvocationDefinitionSource">
|
||||||
|
<value>
|
||||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||||
\A/secure/.*\Z=REQUIRES_SECURE_CHANNEL
|
\A/secure/.*\Z=REQUIRES_SECURE_CHANNEL
|
||||||
\A/acegilogin.jsp.*\Z=REQUIRES_SECURE_CHANNEL
|
\A/acegilogin.jsp.*\Z=REQUIRES_SECURE_CHANNEL
|
||||||
\A/j_acegi_security_check.*\Z=REQUIRES_SECURE_CHANNEL
|
\A/j_acegi_security_check.*\Z=REQUIRES_SECURE_CHANNEL
|
||||||
\A.*\Z=REQUIRES_INSECURE_CHANNEL
|
\A.*\Z=REQUIRES_INSECURE_CHANNEL
|
||||||
</value>
|
</value>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="channelDecisionManager" class="net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl">
|
<bean id="channelDecisionManager" class="net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl">
|
||||||
<property name="channelProcessors">
|
<property name="channelProcessors">
|
||||||
<list>
|
<list>
|
||||||
<ref bean="secureChannelProcessor"/>
|
<ref bean="secureChannelProcessor"/>
|
||||||
<ref bean="insecureChannelProcessor"/>
|
<ref bean="insecureChannelProcessor"/>
|
||||||
</list>
|
</list>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="secureChannelProcessor" class="net.sf.acegisecurity.securechannel.SecureChannelProcessor"/>
|
<bean id="secureChannelProcessor" class="net.sf.acegisecurity.securechannel.SecureChannelProcessor"/>
|
||||||
<bean id="insecureChannelProcessor" class="net.sf.acegisecurity.securechannel.InsecureChannelProcessor"/>
|
<bean id="insecureChannelProcessor" class="net.sf.acegisecurity.securechannel.InsecureChannelProcessor"/>
|
||||||
|
|
||||||
<!-- ===================== HTTP REQUEST SECURITY ==================== -->
|
<!-- ===================== HTTP REQUEST SECURITY ==================== -->
|
||||||
|
|
||||||
<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
|
<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
|
||||||
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
||||||
<property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
|
<property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
|
||||||
<property name="defaultTargetUrl"><value>/</value></property>
|
<property name="defaultTargetUrl"><value>/</value></property>
|
||||||
<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
|
<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
|
<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
|
||||||
<property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property>
|
<property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property>
|
||||||
<property name="authenticationEntryPoint"><ref bean="authenticationProcessingFilterEntryPoint"/></property>
|
<property name="authenticationEntryPoint"><ref bean="authenticationProcessingFilterEntryPoint"/></property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
|
<bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
|
||||||
<property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
|
<property name="loginFormUrl"><value>/acegilogin.jsp</value></property>
|
||||||
<property name="forceHttps"><value>false</value></property>
|
<property name="forceHttps"><value>false</value></property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
|
<bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
|
||||||
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
|
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
|
||||||
<property name="decisionVoters">
|
<property name="decisionVoters">
|
||||||
<list>
|
<list>
|
||||||
<ref bean="roleVoter"/>
|
<ref bean="roleVoter"/>
|
||||||
</list>
|
</list>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<!-- Note the order that entries are placed against the objectDefinitionSource is critical.
|
<!-- Note the order that entries are placed against the objectDefinitionSource is critical.
|
||||||
The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
|
The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
|
||||||
Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
|
Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
|
||||||
<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
|
<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
|
||||||
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
||||||
<property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property>
|
<property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property>
|
||||||
<property name="runAsManager"><ref bean="runAsManager"/></property>
|
<property name="runAsManager"><ref bean="runAsManager"/></property>
|
||||||
<property name="objectDefinitionSource">
|
<property name="objectDefinitionSource">
|
||||||
<value>
|
<value>
|
||||||
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
|
||||||
\A/secure/super.*\Z=ROLE_WE_DONT_HAVE
|
\A/secure/super.*\Z=ROLE_WE_DONT_HAVE
|
||||||
\A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER
|
\A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER
|
||||||
</value>
|
</value>
|
||||||
</property>
|
</property>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<!-- BASIC Regular Expression Syntax (for beginners):
|
<!-- BASIC Regular Expression Syntax (for beginners):
|
||||||
|
|
||||||
\A means the start of the string (ie the beginning of the URL)
|
\A means the start of the string (ie the beginning of the URL)
|
||||||
\Z means the end of the string (ie the end of the URL)
|
\Z means the end of the string (ie the end of the URL)
|
||||||
. means any single character
|
. means any single character
|
||||||
* means null or any number of repetitions of the last expression (so .* means zero or more characters)
|
* means null or any number of repetitions of the last expression (so .* means zero or more characters)
|
||||||
|
|
||||||
Some examples:
|
Some examples:
|
||||||
|
|
||||||
Expression: \A/my/directory/.*\Z
|
Expression: \A/my/directory/.*\Z
|
||||||
Would match: /my/directory/
|
Would match: /my/directory/
|
||||||
/my/directory/hello.html
|
/my/directory/hello.html
|
||||||
|
|
||||||
Expression: \A/.*\Z
|
Expression: \A/.*\Z
|
||||||
Would match: /hello.html
|
Would match: /hello.html
|
||||||
/
|
/
|
||||||
|
|
||||||
Expression: \A/.*/secret.html\Z
|
Expression: \A/.*/secret.html\Z
|
||||||
Would match: /some/directory/secret.html
|
Would match: /some/directory/secret.html
|
||||||
/another/secret.html
|
/another/secret.html
|
||||||
Not match: /anothersecret.html (missing required /)
|
Not match: /anothersecret.html (missing required /)
|
||||||
-->
|
-->
|
||||||
|
|
||||||
</beans>
|
</beans>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue