Information

0
Story Points

Technologies

Spring XML
<?xml version="1.0" encoding="UTF-8"?>
<!--

 $Id: applicationContext-security.xml 4315 2013-07-01 20:31:21Z mitcje $
 $URL: https://open.jira.com/svn/IKASAN/tags/ikasaneip-0.9.0/console/war/src/main/webapp/WEB-INF/applicationContext-security.xml $

 ====================================================================
 Ikasan Enterprise Integration Platform

 Distributed under the Modified BSD License.
 Copyright notice: The copyright for this software and a full listing
 of individual contributors are as shown in the packaged copyright.txt
 file.

 All rights reserved.

 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:

  - Redistributions of source code must retain the above copyright notice,
    this list of conditions and the following disclaimer.

  - Redistributions in binary form must reproduce the above copyright notice,
    this list of conditions and the following disclaimer in the documentation
    and/or other materials provided with the distribution.

  - Neither the name of the ORGANIZATION nor the names of its contributors may
    be used to endorse or promote products derived from this software without
    specific prior written permission.

 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ====================================================================

 Author:  Ikasan Development Team

-->
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <!-- Automatically receives AuthenticationEvent messages
     IKASAN-240 Disabled LoggerListener because it logs everything at WARN and the log messages
     aren't useful either
    <beans:bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener" />
    -->
    <!-- The access decision manager -->
    <global-method-security access-decision-manager-ref="accessDecisionManager">

        <!--
            AspectJ pointcut expressions that locates our "post" method and
            applies security to that call.
        -->
        <!-- TODO: Temporarily unblock the service and block the admin controller instead -->
        <!--
        <protect-pointcut
            expression="execution(* org.ikasan.framework.security.service.UserService.changeUsersPassword(..))"
            access="ROLE_ADMIN" />
        -->
        <protect-pointcut
            expression="execution(* org.ikasan.console.web.controller.UsersController.changePassword(..))"
            access="ROLE_ADMIN" />
        <protect-pointcut
            expression="execution(* org.ikasan.security.service.UserService.grantAuthority(..))"
            access="ROLE_ADMIN" />
        <protect-pointcut
            expression="execution(* org.ikasan.security.service.UserService.revokeAuthority(..))"
            access="ROLE_ADMIN" />
        <!-- Gaining access to a Module requires security check -->
        <!--
        <protect-pointcut
            expression="execution(* org.ikasan.framework.module.service.ModuleService.getModule(..))"
            access="ROLE_USER,AFTER_MODULE_READ" />
        -->
        <protect-pointcut
            expression="execution(* org.ikasan.console.module.service.ModuleService.getAllModules())"
            access="ROLE_USER,AFTER_MODULE_COLLECTION_READ" />
        <protect-pointcut
            expression="execution(* org.ikasan.console.pointtopointflow.service.PointToPointFlowProfileService.getAllPointToPointFlowProfiles(..))"
            access="ROLE_USER,AFTER_POINT_TO_POINT_FLOW_PROFILE_COLLECTION_READ" />
        <protect-pointcut
            expression="execution(* org.ikasan.console.pointtopointflow.dao.PointToPointFlowProfileDao.findPointToPointFlowProfiles(..))"
            access="ROLE_USER,AFTER_POINT_TO_POINT_FLOW_PROFILE_COLLECTION_READ" />

        <after-invocation-provider ref="moduleCollectionFilteringAfterInvocationProvider"/>
        <after-invocation-provider ref="pointToPointFlowProfileCollectionFilteringAfterInvocationProvider"/>

    </global-method-security>

	<!--
        Declare the access denied page & force people to go to the login screen
        if they try to go elsewhere first.
     -->
    <http pattern="/login.jsp*" security="none" />
    <http pattern="/users/forgotPassword.htm" security="none" />
    <http pattern="/users/sendPassword.htm" security="none" />
    <http pattern="/css/*"  security="none" />
    <http pattern="/images/*" security="none" />
    <http pattern="/js/*" security="none" />

    <http access-denied-page="/accessDenied.jsp" auto-config='true'>
        <!-- For login.jsp, changePassword.jsp, sendPassword.htm, css and images we don't apply security -->
        <!-- You need ROLE_ADMIN for admin pages -->
        <intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
        <!-- You need ROLE_USER for all pages -->
    	<intercept-url pattern="/**" access="ROLE_USER" />
        <!-- If you fail login then redirect to the login.jsp page but with the extra parameter indicating failure -->
    	<form-login login-page='/login.jsp'	authentication-failure-url='/login.jsp?login_error=1' />
	</http>

    <!-- The authentication provider, use the SHA1 encoding for password obscuring -->
    <authentication-manager>
	    <authentication-provider user-service-ref="userDetailsService">
	        <password-encoder ref="sha1PasswordEncoder" />
	    </authentication-provider>
    </authentication-manager>

    <!-- The SHA1 password encoder provider -->
    <beans:bean id="sha1PasswordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>

    <!-- The user details service -->
	<beans:bean id="userDetailsService" class="org.ikasan.security.service.UserServiceImpl">
		<beans:constructor-arg ref="userDao"/>
		<beans:constructor-arg ref="authorityDao"/>
		<beans:constructor-arg ref="sha1PasswordEncoder"/>
	</beans:bean>

    <!-- The User DAO -->
	<beans:bean id="userDao" class="org.ikasan.security.dao.HibernateUserDao">
        <beans:property name="sessionFactory" ref="securitySessionFactory"/>
    </beans:bean>

    <!-- The Authority DAO -->
    <beans:bean id="authorityDao" class="org.ikasan.security.dao.HibernateAuthorityDao">
        <beans:property name="sessionFactory" ref="securitySessionFactory"/>
    </beans:bean>

    <!-- The security session factory -->
    <beans:bean id="securitySessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
        <beans:property name="dataSource" ref="eai.ds" />
        <beans:property name="mappingResources">
            <beans:list>
                <beans:value>org/ikasan/security/model/User.hbm.xml</beans:value>
                <beans:value>org/ikasan/security/model/Authority.hbm.xml</beans:value>
            </beans:list>
        </beans:property>
        <beans:property name="hibernateProperties" ref="platformHibernateProperties"/>
    </beans:bean>

    <!-- The access decision manager -->
	<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
    	<beans:property name="allowIfAllAbstainDecisions" value="true"/>
	    <beans:property name="decisionVoters">
	       <beans:list>
	           <beans:bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/>
	       </beans:list>
	   </beans:property>
	</beans:bean>

    <!-- The access decision manager for what modules are allowed to be viewed by a user -->
    <beans:bean id="moduleCollectionFilteringAfterInvocationProvider"
        class="org.ikasan.console.security.AfterInvocationModuleCollectionFilteringProvider">
    </beans:bean>

    <!-- The access decision manager for what point to point flow profiles are allowed to be viewed by a user -->
    <beans:bean id="pointToPointFlowProfileCollectionFilteringAfterInvocationProvider"
        class="org.ikasan.console.security.AfterInvocationPointToPointFlowProfileCollectionFilteringProvider">
    </beans:bean>

</beans:beans>
Page generated: 9 Apr 2019, 10:30:13