wisemapping-open-source/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:sec="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-4.2.xsd">

    <sec:http pattern="/css/**" security="none"/>
    <sec:http pattern="/js/**" security="none"/>
    <sec:http pattern="/images/**" security="none"/>
    <sec:http pattern="/icons/**" security="none"/>
    <sec:http pattern="/favicon.ico" security="none"/>

    <sec:http pattern="/c/login" security="none"/>
    <sec:http pattern="/c/loginopenid" security="none"/>
    <sec:http pattern="/c/user/registration" security="none"/>
    <sec:http pattern="/c/user/resetPassword" security="none"/>
    <sec:http pattern="/c/home" security="none"/>

    <sec:http pattern="/c/maps/*/embed" security="none"/>
    <sec:http pattern="/c/maps/*/try" security="none"/>
    <sec:http pattern="/c/maps/*/public" security="none"/>
    <sec:http pattern="/c/GCFInstall" security="none"/>
    <sec:http pattern="/c/restful/maps/*/document/xml-pub" security="none"/>

    <sec:http pattern="/c/publicview.htm" security="none"/>
    <sec:http pattern="/c/embeddedview.htm" security="none"/>
    <sec:http pattern="/c/termsOfUse" security="none"/>
    <sec:http pattern="/c/keyboard" security="none"/>

    <sec:http pattern="/c/activation" security="none"/>
    <sec:http pattern="/c/try" security="none"/>


    <sec:http use-expressions="true" create-session="stateless" pattern="/service/**">
        <sec:csrf disabled="true"/>

        <sec:intercept-url pattern="/service/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
        <sec:intercept-url pattern="/service/admin/database/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
        <sec:intercept-url pattern="/service/**" access="isAuthenticated() and hasRole('ROLE_USER')"/>
        <sec:http-basic/>
    </sec:http>

    <sec:http use-expressions="true">
        <sec:csrf disabled="true"/>
        <sec:access-denied-handler error-page="/c/login"/>

        <sec:intercept-url pattern="/c/restful/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
        <sec:intercept-url pattern="/c/restful/admin/database/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
        <sec:intercept-url pattern="/c/**/*" access="isAuthenticated() and hasRole('ROLE_USER')"/>

        <sec:form-login login-page="/c/login"
                        authentication-success-handler-ref="authenticationSuccessHandler"
                        always-use-default-target="false"
                        authentication-failure-url="/c/login?login_error=2"
                        login-processing-url="/c/perform-login"/>

        <sec:openid-login user-service-ref="userDetailsService"
                          authentication-failure-url="/c/login.jsp?login_error=true"
                          login-processing-url="/c/j_spring_openid_security_check">

            <sec:attribute-exchange identifier-match="https://www.google.com/.*">
                <sec:openid-attribute name="email" type="http://axschema.org/contact/email" required="true" count="1"/>
                <sec:openid-attribute name="firstname" type="http://axschema.org/namePerson/first" required="true"/>
                <sec:openid-attribute name="lastname" type="http://axschema.org/namePerson/last" required="true"/>
            </sec:attribute-exchange>

            <sec:attribute-exchange identifier-match=".*yahoo.com.*">
                <sec:openid-attribute name="email" type="http://axschema.org/contact/email" required="true"/>
                <sec:openid-attribute name="fullname" type="http://axschema.org/namePerson" required="true"/>
            </sec:attribute-exchange>

            <sec:attribute-exchange identifier-match=".*yahoo.com.*">
                <sec:openid-attribute name="email" type="http://axschema.org/contact/email" required="true"/>
                <sec:openid-attribute name="fullname" type="http://axschema.org/namePerson" required="true"/>
            </sec:attribute-exchange>

            <sec:attribute-exchange identifier-match=".*myopenid.com.*">
                <sec:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true"/>
                <sec:openid-attribute name="fullname" type="http://schema.openid.net/namePerson" required="true"/>
            </sec:attribute-exchange>
        </sec:openid-login>
        <sec:remember-me key="wisemapping-hashed-key"/>
        <sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>
    </sec:http>

    <bean id="encoder" class="com.wisemapping.security.CustomPasswordEncoder"/>

    <import resource="wisemapping-security-${security.type}.xml"/>

    <bean id="userDetailsService" class="com.wisemapping.security.UserDetailsService">
        <property name="userService" ref="userService"/>
        <property name="adminUser" value="${admin.user}"/>
    </bean>

    <bean id="authenticationSuccessHandler" class="com.wisemapping.security.AuthenticationSuccessHandler">
        <property name="defaultTargetUrl" value="/c/maps/"/>
        <property name="alwaysUseDefaultTargetUrl" value="false"/>
    </bean>

</beans>