wisemapping-open-source/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:sec="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <sec:http pattern="/css/**" security="none"/>
    <sec:http pattern="/js/**" security="none"/>
    <sec:http pattern="/images/**" security="none"/>
    <sec:http pattern="/icons/**" security="none"/>
    <sec:http pattern="/favicon.ico" security="none"/>

    <sec:http pattern="/c/login" security="none"/>
    <sec:http pattern="/c/loginOpenId" security="none"/>
    <sec:http pattern="/c/user/registration" security="none"/>
    <sec:http pattern="/c/user/resetpassword" security="none"/>
    <sec:http pattern="/c/home" security="none"/>

    <sec:http pattern="/c/maps/*/embed" security="none"/>
    <sec:http pattern="/c/maps/*/try" security="none"/>
    <sec:http pattern="/c/maps/*/public" security="none"/>
    <sec:http pattern="/c/GCFInstall" security="none"/>
    <sec:http pattern="/c/restful/maps/*/document/xml-pub" security="none"/>

    <sec:http pattern="/c/publicview.htm" security="none"/>
    <sec:http pattern="/c/embeddedview.htm" security="none"/>
    <sec:http pattern="/c/termsOfUse" security="none"/>
    <sec:http pattern="/c/keyboard" security="none"/>

    <sec:http pattern="/c/activation" security="none"/>
    <sec:http pattern="/c/try" security="none"/>


    <sec:http use-expressions="true" create-session="stateless" pattern="/service/**">
        <sec:intercept-url pattern="/service/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
        <sec:intercept-url pattern="/service/**" access="isAuthenticated() and hasRole('ROLE_USER')"/>
        <sec:http-basic/>
    </sec:http>

    <sec:http use-expressions="true" access-denied-page="/c/login">
        <sec:intercept-url pattern="/c/restful/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
        <sec:intercept-url pattern="/c/**/*" access="isAuthenticated() and hasRole('ROLE_USER')"/>

        <sec:form-login login-page="/c/login"
                        authentication-success-handler-ref="authenticationSuccessHandler"
                        always-use-default-target="false"
                        authentication-failure-url="/c/login?login_error=2"
                        login-processing-url="/c/j_spring_security_check"/>

        <sec:openid-login user-service-ref="userDetailsService"
                          authentication-failure-url="/c/login.jsp?login_error=true"
                          login-processing-url="/c/j_spring_openid_security_check">

            <sec:attribute-exchange identifier-match="https://www.google.com/.*">
                <sec:openid-attribute name="email" type="http://axschema.org/contact/email" required="true" count="1"/>
                <sec:openid-attribute name="firstname" type="http://axschema.org/namePerson/first" required="true"/>
                <sec:openid-attribute name="lastname" type="http://axschema.org/namePerson/last" required="true"/>
            </sec:attribute-exchange>

            <sec:attribute-exchange identifier-match=".*yahoo.com.*">
                <sec:openid-attribute name="email" type="http://axschema.org/contact/email" required="true"/>
                <sec:openid-attribute name="fullname" type="http://axschema.org/namePerson" required="true"/>
            </sec:attribute-exchange>

            <sec:attribute-exchange identifier-match=".*myopenid.com.*">
                <sec:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>
                <sec:openid-attribute name="fullname" type="http://schema.openid.net/namePerson" required="true"/>
            </sec:attribute-exchange>
        </sec:openid-login>
        <sec:remember-me key="wisemapping-hashed-key"/>
        <sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>
    </sec:http>

    <bean id="encoder" class="com.wisemapping.security.CustomPasswordEncoder"/>

    <import resource="wisemapping-security-${security.type}.xml"/>

    <bean id="userDetailsService" class="com.wisemapping.security.UserDetailsService">
        <property name="userService" ref="userService"/>
        <property name="adminUser" value="${admin.user}"/>
    </bean>

    <bean id="authenticationSuccessHandler" class="com.wisemapping.security.AuthenticationSuccessHandler">
        <property name="defaultTargetUrl" value="/c/maps/"/>
        <property name="alwaysUseDefaultTargetUrl" value="false"/>
    </bean>

</beans>
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`<?xml version="1.0" encoding="UTF-8"?>`

			`<beans xmlns="http://www.springframework.org/schema/beans"`
			`xmlns:sec="http://www.springframework.org/schema/security"`
			`xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"`
			`xsi:schemaLocation="http://www.springframework.org/schema/beans`
			`http://www.springframework.org/schema/beans/spring-beans-3.1.xsd`
			`http://www.springframework.org/schema/security`
Split rest authentication into two. For web apps integration url is /c/restful/ 2012-11-10 21:19:28 +01:00			`http://www.springframework.org/schema/security/spring-security-3.1.xsd">`
Add configurable support for admin profile. 2012-02-21 20:36:19 +01:00
- First REST operation working 2012-02-13 01:57:11 +01:00			`<sec:http pattern="/css/**" security="none"/>`
			`<sec:http pattern="/js/**" security="none"/>`
			`<sec:http pattern="/images/**" security="none"/>`
Update to HSQLDB driver Remove DWR Remove native SVG tables Add new REST services for persistence. 2012-02-21 18:22:43 +01:00			`<sec:http pattern="/icons/**" security="none"/>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`<sec:http pattern="/favicon.ico" security="none"/>`
- Remove .htm - Keep working on export. 2012-06-03 16:16:38 +02:00
			`<sec:http pattern="/c/login" security="none"/>`
Login page completed. 2013-03-17 20:39:50 +01:00			`<sec:http pattern="/c/loginOpenId" security="none"/>`
Migrate UserRegitration to MVC 3.0. wisemapping-servlet.xml is not used anymore. 2012-06-17 00:27:22 +02:00			`<sec:http pattern="/c/user/registration" security="none"/>`
- Fix forgot password email - Rewrite forgot password to use the new MVC model. - Show a dialog when the password has been sent. 2012-06-16 20:59:59 +02:00			`<sec:http pattern="/c/user/resetpassword" security="none"/>`
- Remove .htm - Keep working on export. 2012-06-03 16:16:38 +02:00			`<sec:http pattern="/c/home" security="none"/>`
Add embedded and public view compatibility. Remove Utils method 2012-06-18 05:40:42 +02:00
Add zoom support for embedded maps. Add new url to embedded maps 2012-06-04 01:23:31 +02:00			`<sec:http pattern="/c/maps/*/embed" security="none"/>`
Several fixes. 2012-08-26 21:53:33 +02:00			`<sec:http pattern="/c/maps/*/try" security="none"/>`
Add embedded and public view compatibility. Remove Utils method 2012-06-18 05:40:42 +02:00			`<sec:http pattern="/c/maps/*/public" security="none"/>`
Add Google Crome Frame support. 2012-06-22 03:18:04 +02:00			`<sec:http pattern="/c/GCFInstall" security="none"/>`
- Fix security issues when the map is loaded from the rest service. Two URL has been defined for each type of access. 2013-02-08 01:44:20 +01:00			`<sec:http pattern="/c/restful/maps/*/document/xml-pub" security="none"/>`
Add Google Crome Frame support. 2012-06-22 03:18:04 +02:00
Add embedded and public view compatibility. Remove Utils method 2012-06-18 05:40:42 +02:00			`<sec:http pattern="/c/publicview.htm" security="none"/>`
			`<sec:http pattern="/c/embeddedview.htm" security="none"/>`
			`<sec:http pattern="/c/termsOfUse" security="none"/>`
			`<sec:http pattern="/c/keyboard" security="none"/>`
Add zoom support for embedded maps. Add new url to embedded maps 2012-06-04 01:23:31 +02:00
			`<sec:http pattern="/c/activation" security="none"/>`
- Remove .htm - Keep working on export. 2012-06-03 16:16:38 +02:00			`<sec:http pattern="/c/try" security="none"/>`
Add embedded and public view compatibility. Remove Utils method 2012-06-18 05:40:42 +02:00
- Remove old ExportController - Add support for simple REST transformation 2012-02-20 01:07:24 +01:00
Split rest authentication into two. For web apps integration url is /c/restful/ 2012-11-10 21:19:28 +01:00			`<sec:http use-expressions="true" create-session="stateless" pattern="/service/**">`
Update to HSQLDB driver Remove DWR Remove native SVG tables Add new REST services for persistence. 2012-02-21 18:22:43 +01:00			`<sec:intercept-url pattern="/service/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>`
Fix remember me issue. 2012-06-18 06:15:46 +02:00			`<sec:intercept-url pattern="/service/**" access="isAuthenticated() and hasRole('ROLE_USER')"/>`
- First REST operation working 2012-02-13 01:57:11 +01:00			`<sec:http-basic/>`
			`</sec:http>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00
- Remove .htm - Keep working on export. 2012-06-03 16:16:38 +02:00			`<sec:http use-expressions="true" access-denied-page="/c/login">`
Split rest authentication into two. For web apps integration url is /c/restful/ 2012-11-10 21:19:28 +01:00			`<sec:intercept-url pattern="/c/restful/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>`
Fix remember me issue. 2012-06-18 06:15:46 +02:00			`<sec:intercept-url pattern="/c/*/" access="isAuthenticated() and hasRole('ROLE_USER')"/>`
Split rest authentication into two. For web apps integration url is /c/restful/ 2012-11-10 21:19:28 +01:00
- Remove .htm - Keep working on export. 2012-06-03 16:16:38 +02:00			`<sec:form-login login-page="/c/login"`
Split rest authentication into two. For web apps integration url is /c/restful/ 2012-11-10 21:19:28 +01:00			`authentication-success-handler-ref="authenticationSuccessHandler"`
			`always-use-default-target="false"`
- Remove .htm - Keep working on export. 2012-06-03 16:16:38 +02:00			`authentication-failure-url="/c/login?login_error=2"`
- Change login action prefix. - Hide/Display buttons based on the selected items. 2012-05-13 23:28:00 +02:00			`login-processing-url="/c/j_spring_security_check"/>`
Fix open id. 2013-03-10 23:07:52 +01:00
Login page completed. 2013-03-17 20:39:50 +01:00			`<sec:openid-login user-service-ref="userDetailsService"`
			`authentication-failure-url="/c/login.jsp?login_error=true"`
			`login-processing-url="/c/j_spring_openid_security_check">`

			`<sec:attribute-exchange identifier-match="https://www.google.com/.*">`
			`<sec:openid-attribute name="email" type="http://axschema.org/contact/email" required="true" count="1"/>`
			`<sec:openid-attribute name="firstname" type="http://axschema.org/namePerson/first" required="true"/>`
			`<sec:openid-attribute name="lastname" type="http://axschema.org/namePerson/last" required="true"/>`
			`</sec:attribute-exchange>`

			`<sec:attribute-exchange identifier-match=".yahoo.com.">`
			`<sec:openid-attribute name="email" type="http://axschema.org/contact/email" required="true"/>`
			`<sec:openid-attribute name="fullname" type="http://axschema.org/namePerson" required="true"/>`
			`</sec:attribute-exchange>`

			`<sec:attribute-exchange identifier-match=".myopenid.com.">`
			`<sec:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>`
			`<sec:openid-attribute name="fullname" type="http://schema.openid.net/namePerson" required="true"/>`
			`</sec:attribute-exchange>`
			`</sec:openid-login>`
Fix partially remember me. 2012-04-05 05:40:39 +02:00			`<sec:remember-me key="wisemapping-hashed-key"/>`
- Remove .htm - Keep working on export. 2012-06-03 16:16:38 +02:00			`<sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`</sec:http>`

Enable security configuration from properties. 2013-02-18 03:10:04 +01:00			`<bean id="encoder" class="com.wisemapping.security.CustomPasswordEncoder"/>`

			`<import resource="wisemapping-security-${security.type}.xml"/>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00
Add configurable support for admin profile. 2012-02-21 20:36:19 +01:00			`<bean id="userDetailsService" class="com.wisemapping.security.UserDetailsService">`
Audith login operations. 2012-06-23 21:15:59 +02:00			`<property name="userService" ref="userService"/>`
Add configurable support for admin profile. 2012-02-21 20:36:19 +01:00			`<property name="adminUser" value="${admin.user}"/>`
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`</bean>`
Split rest authentication into two. For web apps integration url is /c/restful/ 2012-11-10 21:19:28 +01:00
			`<bean id="authenticationSuccessHandler" class="com.wisemapping.security.AuthenticationSuccessHandler">`
			`<property name="defaultTargetUrl" value="/c/maps/"/>`
			`<property name="alwaysUseDefaultTargetUrl" value="false"/>`
			`</bean>`
Add LDAP support. 2013-02-18 01:00:08 +01:00
- Migrate to Spring 3.1 - Remove Acegy - Fix editor partially 2012-02-12 06:55:42 +01:00			`</beans>`