wisemapping-open-source/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:sec="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <bean id="encoder"
          class="com.wisemapping.security.CustomPasswordEncoder"/>

    <sec:http pattern="/css/**" security="none"/>
    <sec:http pattern="/js/**" security="none"/>
    <sec:http pattern="/images/**" security="none"/>
    <sec:http pattern="/icons/**" security="none"/>
    <sec:http pattern="/favicon.ico" security="none"/>

    <sec:http pattern="/c/login" security="none"/>
    <sec:http pattern="/c/user/registration" security="none"/>
    <sec:http pattern="/c/user/resetpassword" security="none"/>
    <sec:http pattern="/c/home" security="none"/>

    <sec:http pattern="/c/maps/*/embed" security="none"/>
    <sec:http pattern="/c/maps/*/try" security="none"/>
    <sec:http pattern="/c/maps/*/print" security="none"/>
    <sec:http pattern="/c/maps/*/public" security="none"/>
    <sec:http pattern="/c/GCFInstall" security="none"/>
    <sec:http pattern="/c/restful/maps/*/document/xml " security="none"/>


    <sec:http pattern="/c/publicview.htm" security="none"/>
    <sec:http pattern="/c/embeddedview.htm" security="none"/>
    <sec:http pattern="/c/termsOfUse" security="none"/>
    <sec:http pattern="/c/keyboard" security="none"/>

    <sec:http pattern="/c/activation" security="none"/>
    <sec:http pattern="/c/try" security="none"/>


    <sec:http use-expressions="true" create-session="stateless" pattern="/service/**">
        <sec:intercept-url pattern="/service/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
        <sec:intercept-url pattern="/service/**" access="isAuthenticated() and hasRole('ROLE_USER')"/>
        <sec:http-basic/>
    </sec:http>

    <sec:http use-expressions="true" access-denied-page="/c/login">
        <sec:intercept-url pattern="/c/restful/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
        <sec:intercept-url pattern="/c/**/*" access="isAuthenticated() and hasRole('ROLE_USER')"/>

        <sec:form-login login-page="/c/login"
                        authentication-success-handler-ref="authenticationSuccessHandler"
                        always-use-default-target="false"
                        authentication-failure-url="/c/login?login_error=2"
                        login-processing-url="/c/j_spring_security_check"/>
        <sec:remember-me key="wisemapping-hashed-key"/>
        <sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>
    </sec:http>

    <sec:authentication-manager alias="authenticationManager">
        <sec:authentication-provider ref="dbAuthenticationProvider"/>
        <sec:authentication-provider user-service-ref="userDetailsService"/>
    </sec:authentication-manager>

    <bean id="dbAuthenticationProvider" class="com.wisemapping.security.AuthenticationProvider">
        <property name="userDetailsService" ref="userDetailsService"/>
        <property name="encoder" ref="encoder"/>
    </bean>

    <bean id="userDetailsService" class="com.wisemapping.security.UserDetailsService">
        <!--suppress SpringModelInspection -->
        <property name="userService" ref="userService"/>
        <property name="adminUser" value="${admin.user}"/>
    </bean>

    <bean id="authenticationSuccessHandler" class="com.wisemapping.security.AuthenticationSuccessHandler">
        <property name="defaultTargetUrl" value="/c/maps/"/>
        <property name="alwaysUseDefaultTargetUrl" value="false"/>
    </bean>
</beans>
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`<?xml version="1.0" encoding="UTF-8"?>`

			`<beans xmlns="http://www.springframework.org/schema/beans"`
			`xmlns:sec="http://www.springframework.org/schema/security"`
			`xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"`
			`xsi:schemaLocation="http://www.springframework.org/schema/beans`
			`http://www.springframework.org/schema/beans/spring-beans-3.1.xsd`
			`http://www.springframework.org/schema/security`
Split rest authentication into two. For web apps integration url is /c/restful/ 2012-11-10 21:19:28 +01:00			`http://www.springframework.org/schema/security/spring-security-3.1.xsd">`
Add configurable support for admin profile. 2012-02-21 20:36:19 +01:00
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`<bean id="encoder"`
			`class="com.wisemapping.security.CustomPasswordEncoder"/>`

- First REST operation working 2012-02-13 01:57:11 +01:00			`<sec:http pattern="/css/**" security="none"/>`
			`<sec:http pattern="/js/**" security="none"/>`
			`<sec:http pattern="/images/**" security="none"/>`
Update to HSQLDB driver Remove DWR Remove native SVG tables Add new REST services for persistence. 2012-02-21 18:22:43 +01:00			`<sec:http pattern="/icons/**" security="none"/>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`<sec:http pattern="/favicon.ico" security="none"/>`
- Remove .htm - Keep working on export. 2012-06-03 16:16:38 +02:00
			`<sec:http pattern="/c/login" security="none"/>`
Migrate UserRegitration to MVC 3.0. wisemapping-servlet.xml is not used anymore. 2012-06-17 00:27:22 +02:00			`<sec:http pattern="/c/user/registration" security="none"/>`
- Fix forgot password email - Rewrite forgot password to use the new MVC model. - Show a dialog when the password has been sent. 2012-06-16 20:59:59 +02:00			`<sec:http pattern="/c/user/resetpassword" security="none"/>`
- Remove .htm - Keep working on export. 2012-06-03 16:16:38 +02:00			`<sec:http pattern="/c/home" security="none"/>`
Add embedded and public view compatibility. Remove Utils method 2012-06-18 05:40:42 +02:00
Add zoom support for embedded maps. Add new url to embedded maps 2012-06-04 01:23:31 +02:00			`<sec:http pattern="/c/maps/*/embed" security="none"/>`
Several fixes. 2012-08-26 21:53:33 +02:00			`<sec:http pattern="/c/maps/*/try" security="none"/>`
- Print is not public - Public maps now are shared using REST 2013-02-03 21:33:19 +01:00			`<sec:http pattern="/c/maps/*/print" security="none"/>`
Add embedded and public view compatibility. Remove Utils method 2012-06-18 05:40:42 +02:00			`<sec:http pattern="/c/maps/*/public" security="none"/>`
Add Google Crome Frame support. 2012-06-22 03:18:04 +02:00			`<sec:http pattern="/c/GCFInstall" security="none"/>`
- Print is not public - Public maps now are shared using REST 2013-02-03 21:33:19 +01:00			`<sec:http pattern="/c/restful/maps/*/document/xml " security="none"/>`

Add Google Crome Frame support. 2012-06-22 03:18:04 +02:00
Add embedded and public view compatibility. Remove Utils method 2012-06-18 05:40:42 +02:00			`<sec:http pattern="/c/publicview.htm" security="none"/>`
			`<sec:http pattern="/c/embeddedview.htm" security="none"/>`
			`<sec:http pattern="/c/termsOfUse" security="none"/>`
			`<sec:http pattern="/c/keyboard" security="none"/>`
Add zoom support for embedded maps. Add new url to embedded maps 2012-06-04 01:23:31 +02:00
			`<sec:http pattern="/c/activation" security="none"/>`
- Remove .htm - Keep working on export. 2012-06-03 16:16:38 +02:00			`<sec:http pattern="/c/try" security="none"/>`
Add embedded and public view compatibility. Remove Utils method 2012-06-18 05:40:42 +02:00
- Remove old ExportController - Add support for simple REST transformation 2012-02-20 01:07:24 +01:00
Split rest authentication into two. For web apps integration url is /c/restful/ 2012-11-10 21:19:28 +01:00			`<sec:http use-expressions="true" create-session="stateless" pattern="/service/**">`
Update to HSQLDB driver Remove DWR Remove native SVG tables Add new REST services for persistence. 2012-02-21 18:22:43 +01:00			`<sec:intercept-url pattern="/service/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>`
Fix remember me issue. 2012-06-18 06:15:46 +02:00			`<sec:intercept-url pattern="/service/**" access="isAuthenticated() and hasRole('ROLE_USER')"/>`
- First REST operation working 2012-02-13 01:57:11 +01:00			`<sec:http-basic/>`
			`</sec:http>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00
- Remove .htm - Keep working on export. 2012-06-03 16:16:38 +02:00			`<sec:http use-expressions="true" access-denied-page="/c/login">`
Split rest authentication into two. For web apps integration url is /c/restful/ 2012-11-10 21:19:28 +01:00			`<sec:intercept-url pattern="/c/restful/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>`
Fix remember me issue. 2012-06-18 06:15:46 +02:00			`<sec:intercept-url pattern="/c/*/" access="isAuthenticated() and hasRole('ROLE_USER')"/>`
Split rest authentication into two. For web apps integration url is /c/restful/ 2012-11-10 21:19:28 +01:00
- Remove .htm - Keep working on export. 2012-06-03 16:16:38 +02:00			`<sec:form-login login-page="/c/login"`
Split rest authentication into two. For web apps integration url is /c/restful/ 2012-11-10 21:19:28 +01:00			`authentication-success-handler-ref="authenticationSuccessHandler"`
			`always-use-default-target="false"`
- Remove .htm - Keep working on export. 2012-06-03 16:16:38 +02:00			`authentication-failure-url="/c/login?login_error=2"`
- Change login action prefix. - Hide/Display buttons based on the selected items. 2012-05-13 23:28:00 +02:00			`login-processing-url="/c/j_spring_security_check"/>`
Fix partially remember me. 2012-04-05 05:40:39 +02:00			`<sec:remember-me key="wisemapping-hashed-key"/>`
- Remove .htm - Keep working on export. 2012-06-03 16:16:38 +02:00			`<sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`</sec:http>`

- First REST operation working 2012-02-13 01:57:11 +01:00			`<sec:authentication-manager alias="authenticationManager">`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`<sec:authentication-provider ref="dbAuthenticationProvider"/>`
			`<sec:authentication-provider user-service-ref="userDetailsService"/>`
			`</sec:authentication-manager>`

			`<bean id="dbAuthenticationProvider" class="com.wisemapping.security.AuthenticationProvider">`
Add configurable support for admin profile. 2012-02-21 20:36:19 +01:00			`<property name="userDetailsService" ref="userDetailsService"/>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`<property name="encoder" ref="encoder"/>`
			`</bean>`

Add configurable support for admin profile. 2012-02-21 20:36:19 +01:00			`<bean id="userDetailsService" class="com.wisemapping.security.UserDetailsService">`
Split rest authentication into two. For web apps integration url is /c/restful/ 2012-11-10 21:19:28 +01:00			`<!--suppress SpringModelInspection -->`
Audith login operations. 2012-06-23 21:15:59 +02:00			`<property name="userService" ref="userService"/>`
Add configurable support for admin profile. 2012-02-21 20:36:19 +01:00			`<property name="adminUser" value="${admin.user}"/>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`</bean>`
Split rest authentication into two. For web apps integration url is /c/restful/ 2012-11-10 21:19:28 +01:00
			`<bean id="authenticationSuccessHandler" class="com.wisemapping.security.AuthenticationSuccessHandler">`
			`<property name="defaultTargetUrl" value="/c/maps/"/>`
			`<property name="alwaysUseDefaultTargetUrl" value="false"/>`
			`</bean>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`</beans>`