mirror of
https://bitbucket.org/wisemapping/wisemapping-open-source.git
synced 2024-10-23 18:12:32 +02:00
91 lines
4.5 KiB
XML
91 lines
4.5 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
|
xmlns:sec="http://www.springframework.org/schema/security"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
|
http://www.springframework.org/schema/beans/spring-beans.xsd
|
|
http://www.springframework.org/schema/security
|
|
http://www.springframework.org/schema/security/spring-security.xsd">
|
|
|
|
<bean id="custom-firewall" class="org.springframework.security.web.firewall.StrictHttpFirewall">
|
|
<property name="allowSemicolon" value="true"/>
|
|
</bean>
|
|
|
|
<sec:http-firewall ref="custom-firewall"/>
|
|
<sec:http pattern="/static/webapp/**" security="none"/>
|
|
<sec:http pattern="/static/mindplot/**" security="none"/>
|
|
<sec:http pattern="/css/**" security="none"/>
|
|
<sec:http pattern="/js/**" security="none"/>
|
|
<sec:http pattern="/images/**" security="none"/>
|
|
<sec:http pattern="/icons/**" security="none"/>
|
|
|
|
<sec:http pattern="/c/home" security="none"/>
|
|
|
|
<sec:http pattern="/c/maps/*/embed" security="none"/>
|
|
<sec:http pattern="/c/maps/*/try" security="none"/>
|
|
<sec:http pattern="/c/maps/*/public" security="none"/>
|
|
<sec:http pattern="/c/restful/maps/*/document/xml-pub" security="none"/>
|
|
|
|
<sec:http pattern="/c/termsOfUse" security="none"/>
|
|
<sec:http pattern="/c/activation" security="none"/>
|
|
|
|
<!-- Admin related services that required admin role-->
|
|
<sec:http use-expressions="true" create-session="stateless" pattern="/service/**">
|
|
<sec:csrf/>
|
|
|
|
<!-- Enabled only for cors -->
|
|
<sec:intercept-url pattern="/service/users" method="OPTIONS" access="permitAll"/>
|
|
<sec:intercept-url pattern="/service/users/resetPassword" method="OPTIONS" access="permitAll"/>
|
|
|
|
|
|
<sec:intercept-url pattern="/service/users/" method="POST" access="permitAll"/>
|
|
<sec:intercept-url pattern="/service/users/resetPassword" method="PUT" access="permitAll"/>
|
|
|
|
<sec:intercept-url pattern="/service/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
|
|
<sec:intercept-url pattern="/service/admin/database/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
|
|
<sec:intercept-url pattern="/service/**" access="isAuthenticated() and hasRole('ROLE_USER')"/>
|
|
|
|
<sec:http-basic/>
|
|
</sec:http>
|
|
|
|
<sec:http use-expressions="true" pattern="/c/**/*">
|
|
<sec:csrf request-matcher-ref="requestMatcher"/>
|
|
<sec:intercept-url pattern="/c/login" access="hasRole('ANONYMOUS')"/>
|
|
<sec:intercept-url pattern="/c/registration" access="hasRole('ANONYMOUS')"/>
|
|
<sec:intercept-url pattern="/c/registration-success" access="hasRole('ANONYMOUS')"/>
|
|
<sec:intercept-url pattern="/c/forgot-password" access="hasRole('ANONYMOUS')"/>
|
|
<sec:intercept-url pattern="/c/forgot-password-success" access="hasRole('ANONYMOUS')"/>
|
|
|
|
<sec:intercept-url pattern="/c/**/*" access="isAuthenticated() and hasRole('ROLE_USER')"/>
|
|
<sec:access-denied-handler error-page="/c/login"/>
|
|
<sec:form-login login-page="/c/login"
|
|
authentication-success-handler-ref="authenticationSuccessHandler"
|
|
always-use-default-target="false"
|
|
authentication-failure-url="/c/login?login_error=2"
|
|
login-processing-url="/c/perform-login"/>
|
|
|
|
<!-- Expire in 28 days -->
|
|
<sec:remember-me token-validity-seconds="2419200" remember-me-parameter="remember-me"/>
|
|
<sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>
|
|
</sec:http>
|
|
|
|
<!-- Extends CSFR match to get methods to have consistency in all errors. Otherwise, get requests are forward in some cases -->
|
|
<bean id="requestMatcher"
|
|
class="com.wisemapping.security.CSFRRequestMatcher">
|
|
<property name="prefix" value="/c/restful/"/>
|
|
</bean>
|
|
|
|
<import resource="wisemapping-security-${security.type}.xml"/>
|
|
|
|
<bean id="userDetailsService" class="com.wisemapping.security.UserDetailsService">
|
|
<property name="userService" ref="userService"/>
|
|
<property name="adminUser" value="${admin.user}"/>
|
|
</bean>
|
|
|
|
<bean id="authenticationSuccessHandler" class="com.wisemapping.security.AuthenticationSuccessHandler">
|
|
<property name="defaultTargetUrl" value="/c/maps/"/>
|
|
<property name="alwaysUseDefaultTargetUrl" value="false"/>
|
|
</bean>
|
|
|
|
</beans> |