101 lines
3.1 KiB
XML
101 lines
3.1 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
|
|
|
|
<!--
|
|
- Contacts web application
|
|
- $Id$
|
|
-->
|
|
|
|
<web-app>
|
|
|
|
<display-name>Contacts Sample Application</display-name>
|
|
|
|
<description>
|
|
Example of an application secured using Acegi Security System for Spring.
|
|
</description>
|
|
|
|
<filter>
|
|
<filter-name>Acegi Security System for Spring</filter-name>
|
|
<filter-class>net.sf.acegisecurity.adapters.AutoIntegrationFilter</filter-class>
|
|
</filter>
|
|
|
|
<filter-mapping>
|
|
<filter-name>Acegi Security System for Spring</filter-name>
|
|
<url-pattern>/*</url-pattern>
|
|
</filter-mapping>
|
|
|
|
<!--
|
|
- Servlet that dispatches request to registered handlers (Controller implementations).
|
|
- Has its own application context, by default defined in "{servlet-name}-servlet.xml",
|
|
- i.e. "contacts-servlet.xml".
|
|
-
|
|
- A web app can contain any number of such servlets.
|
|
- Note that this web app does not have a shared root application context,
|
|
- therefore the DispatcherServlet contexts do not have a common parent.
|
|
-->
|
|
<servlet>
|
|
<servlet-name>contacts</servlet-name>
|
|
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
|
|
<load-on-startup>1</load-on-startup>
|
|
</servlet>
|
|
|
|
<!--
|
|
- Maps the contacts dispatcher to /*.
|
|
-
|
|
-->
|
|
<servlet-mapping>
|
|
<servlet-name>contacts</servlet-name>
|
|
<url-pattern>*.htm</url-pattern>
|
|
</servlet-mapping>
|
|
|
|
<welcome-file-list>
|
|
<welcome-file>index.jsp</welcome-file>
|
|
</welcome-file-list>
|
|
|
|
<taglib>
|
|
<taglib-uri>/spring</taglib-uri>
|
|
<taglib-location>/WEB-INF/spring.tld</taglib-location>
|
|
</taglib>
|
|
|
|
<security-constraint>
|
|
<display-name>Secured Area Security Constraint</display-name>
|
|
<web-resource-collection>
|
|
<web-resource-name>Secured Area</web-resource-name>
|
|
<!-- Define the context-relative URL(s) to be protected -->
|
|
<url-pattern>/secure/*</url-pattern>
|
|
</web-resource-collection>
|
|
<auth-constraint>
|
|
<!-- Anyone with one of the listed roles may access this area -->
|
|
<role-name>ROLE_TELLER</role-name>
|
|
<role-name>ROLE_SUPERVISOR</role-name>
|
|
</auth-constraint>
|
|
</security-constraint>
|
|
|
|
<!-- Default login configuration using BASIC authentication -->
|
|
<!--
|
|
<login-config>
|
|
<auth-method>BASIC</auth-method>
|
|
<realm-name>Spring Powered Realm</realm-name>
|
|
</login-config>
|
|
-->
|
|
|
|
<!-- Default login configuration using form-based authentication -->
|
|
<login-config>
|
|
<auth-method>FORM</auth-method>
|
|
<realm-name>Spring Powered Realm</realm-name>
|
|
<form-login-config>
|
|
<form-login-page>/login.jsp</form-login-page>
|
|
<form-error-page>/login.jsp?login_error=1</form-error-page>
|
|
</form-login-config>
|
|
</login-config>
|
|
|
|
<!-- Security roles referenced by this web application -->
|
|
<security-role>
|
|
<role-name>ROLE_SUPERVISOR</role-name>
|
|
</security-role>
|
|
<security-role>
|
|
<role-name>ROLE_TELLER</role-name>
|
|
</security-role>
|
|
|
|
</web-app>
|