wisemapping-open-source/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:sec="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <bean id="encoder"
          class="com.wisemapping.security.CustomPasswordEncoder"/>

    <sec:http pattern="/css/**" security="none"/>
    <sec:http pattern="/js/**" security="none"/>
    <sec:http pattern="/images/**" security="none"/>
    <sec:http pattern="/favicon.ico" security="none"/>
    <sec:http pattern="/c/login.htm" security="none"/>
    <sec:http pattern="/c/userregistration.htm" security="none"/>
    <sec:http pattern="/c/activation.htm" security="none"/>
    <sec:http pattern="/c/forgotpassword.htm" security="none"/>
    <sec:http pattern="/c/home.htm" security="none"/>
    <sec:http pattern="/c/try.htm" security="none"/>
    <sec:http pattern="/c/search.htm" security="none"/>
    <sec:http pattern="/c/keyboard.htm" security="none"/>
    <sec:http pattern="/c/embeddedview.htm" security="none"/>
    <sec:http pattern="/c/export.htm" security="none"/>
    <sec:http pattern="/c/publicview.htm" security="none"/>
    <sec:http pattern="/dwr/engine.js" security="none"/>
    <sec:http pattern="/dwr/interface/loggerservice.js" security="none"/>
    <sec:http pattern="/dwr/call/plaincall/loggerservice.logerror.dwr" security="none"/>

    <sec:http pattern="/service/transform.*" security="none"/>
    <sec:http use-expressions="true" create-session="stateless" entry-point-ref="digestEntryPoint"
              pattern="/service/**">
        <sec:intercept-url pattern="/service/**" access="isAuthenticated()"/>

        <sec:http-basic/>
        <sec:custom-filter ref="digestFilter" after="BASIC_AUTH_FILTER"/>
    </sec:http>

    <sec:http use-expressions="true">
        <sec:intercept-url pattern="/c/*.htm" access="isFullyAuthenticated()"/>
        <sec:form-login login-page="/c/login.htm" default-target-url='/c/mymaps.htm'
                        always-use-default-target='true' authentication-failure-url="/c/login.htm?login_error=2"
                        login-processing-url="/j_spring_security_check"/>
        <sec:remember-me key="rememberMeKey" user-service-ref="userDetailsService"/>
        <sec:logout logout-url="/c/logout.htm" invalidate-session="true" logout-success-url="/c/login.htm"/>
    </sec:http>

    <sec:authentication-manager alias="authenticationManager">
        <sec:authentication-provider ref="dbAuthenticationProvider"/>
        <sec:authentication-provider user-service-ref="userDetailsService"/>
    </sec:authentication-manager>

    <bean id="dbAuthenticationProvider" class="com.wisemapping.security.AuthenticationProvider">
        <property name="userManager" ref="userManager"/>
        <property name="encoder" ref="encoder"/>
    </bean>

    <bean id="userDetailsService" class="com.wisemapping.security.UserDetailService">
        <property name="userManager" ref="userManager"/>
    </bean>

    <bean id="digestFilter" class="org.springframework.security.web.authentication.www.DigestAuthenticationFilter">
        <property name="userDetailsService" ref="userDetailsService"/>
        <property name="authenticationEntryPoint" ref="digestEntryPoint"/>
    </bean>

    <bean id="digestEntryPoint"
          class="org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint">
        <property name="realmName" value="Wise Contacts Realm via Digest Authentication"/>
        <property name="key" value="wisemapping-digest"/>
        <property name="nonceValiditySeconds" value="10"/>

    </bean>
</beans>
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`<?xml version="1.0" encoding="UTF-8"?>`

			`<beans xmlns="http://www.springframework.org/schema/beans"`
			`xmlns:sec="http://www.springframework.org/schema/security"`
			`xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"`
			`xsi:schemaLocation="http://www.springframework.org/schema/beans`
			`http://www.springframework.org/schema/beans/spring-beans-3.1.xsd`
			`http://www.springframework.org/schema/security`
			`http://www.springframework.org/schema/security/spring-security-3.1.xsd">`

			`<bean id="encoder"`
			`class="com.wisemapping.security.CustomPasswordEncoder"/>`

- First REST operation working 2012-02-13 01:57:11 +01:00			`<sec:http pattern="/css/**" security="none"/>`
			`<sec:http pattern="/js/**" security="none"/>`
			`<sec:http pattern="/images/**" security="none"/>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`<sec:http pattern="/favicon.ico" security="none"/>`
- First REST operation working 2012-02-13 01:57:11 +01:00			`<sec:http pattern="/c/login.htm" security="none"/>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`<sec:http pattern="/c/userregistration.htm" security="none"/>`
			`<sec:http pattern="/c/activation.htm" security="none"/>`
			`<sec:http pattern="/c/forgotpassword.htm" security="none"/>`
			`<sec:http pattern="/c/home.htm" security="none"/>`
			`<sec:http pattern="/c/try.htm" security="none"/>`
			`<sec:http pattern="/c/search.htm" security="none"/>`
			`<sec:http pattern="/c/keyboard.htm" security="none"/>`
- First REST operation working 2012-02-13 01:57:11 +01:00			`<sec:http pattern="/c/embeddedview.htm" security="none"/>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`<sec:http pattern="/c/export.htm" security="none"/>`
			`<sec:http pattern="/c/publicview.htm" security="none"/>`
			`<sec:http pattern="/dwr/engine.js" security="none"/>`
			`<sec:http pattern="/dwr/interface/loggerservice.js" security="none"/>`
			`<sec:http pattern="/dwr/call/plaincall/loggerservice.logerror.dwr" security="none"/>`

- Remove old ExportController - Add support for simple REST transformation 2012-02-20 01:07:24 +01:00			`<sec:http pattern="/service/transform.*" security="none"/>`
- First REST operation working 2012-02-13 01:57:11 +01:00			`<sec:http use-expressions="true" create-session="stateless" entry-point-ref="digestEntryPoint"`
			`pattern="/service/**">`
			`<sec:intercept-url pattern="/service/**" access="isAuthenticated()"/>`
- Remove old ExportController - Add support for simple REST transformation 2012-02-20 01:07:24 +01:00
- First REST operation working 2012-02-13 01:57:11 +01:00			`<sec:http-basic/>`
			`<sec:custom-filter ref="digestFilter" after="BASIC_AUTH_FILTER"/>`
			`</sec:http>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00
- First REST operation working 2012-02-13 01:57:11 +01:00			`<sec:http use-expressions="true">`
			`<sec:intercept-url pattern="/c/*.htm" access="isFullyAuthenticated()"/>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`<sec:form-login login-page="/c/login.htm" default-target-url='/c/mymaps.htm'`
			`always-use-default-target='true' authentication-failure-url="/c/login.htm?login_error=2"`
			`login-processing-url="/j_spring_security_check"/>`
			`<sec:remember-me key="rememberMeKey" user-service-ref="userDetailsService"/>`
			`<sec:logout logout-url="/c/logout.htm" invalidate-session="true" logout-success-url="/c/login.htm"/>`
			`</sec:http>`

- First REST operation working 2012-02-13 01:57:11 +01:00			`<sec:authentication-manager alias="authenticationManager">`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`<sec:authentication-provider ref="dbAuthenticationProvider"/>`
			`<sec:authentication-provider user-service-ref="userDetailsService"/>`
			`</sec:authentication-manager>`

			`<bean id="dbAuthenticationProvider" class="com.wisemapping.security.AuthenticationProvider">`
			`<property name="userManager" ref="userManager"/>`
			`<property name="encoder" ref="encoder"/>`
			`</bean>`

- First REST operation working 2012-02-13 01:57:11 +01:00			`<bean id="userDetailsService" class="com.wisemapping.security.UserDetailService">`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`<property name="userManager" ref="userManager"/>`
			`</bean>`

- First REST operation working 2012-02-13 01:57:11 +01:00			`<bean id="digestFilter" class="org.springframework.security.web.authentication.www.DigestAuthenticationFilter">`
			`<property name="userDetailsService" ref="userDetailsService"/>`
			`<property name="authenticationEntryPoint" ref="digestEntryPoint"/>`
			`</bean>`

			`<bean id="digestEntryPoint"`
			`class="org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint">`
			`<property name="realmName" value="Wise Contacts Realm via Digest Authentication"/>`
			`<property name="key" value="wisemapping-digest"/>`
			`<property name="nonceValiditySeconds" value="10"/>`

			`</bean>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`</beans>`