|
|
@@ -60,28 +60,41 @@
|
|
|
|
|
|
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHENTICATION DEFINITIONS ~~~~~~~~~~~~~~~~~~ -->
|
|
|
|
|
|
- <!-- We rely on the Because the web container to authenticate the user -->
|
|
|
-
|
|
|
- <!-- Authentication provider that accepts as valid our RunAsManagerImpl created tokens -->
|
|
|
<bean id="runAsAuthenticationProvider" class="net.sf.acegisecurity.runas.RunAsImplAuthenticationProvider">
|
|
|
<property name="key"><value>my_run_as_password</value></property>
|
|
|
</bean>
|
|
|
|
|
|
- <!-- Authentication provider that accepts as valid any adapter-created Authentication token -->
|
|
|
<bean id="authByAdapterProvider" class="net.sf.acegisecurity.adapters.AuthByAdapterProvider">
|
|
|
<property name="key"><value>my_password</value></property>
|
|
|
</bean>
|
|
|
|
|
|
- <!-- The authentication manager that iterates through our authentication providers -->
|
|
|
- <bean id="providerManager" class="net.sf.acegisecurity.providers.ProviderManager">
|
|
|
+ <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
|
|
|
<property name="providers">
|
|
|
<list>
|
|
|
<ref bean="runAsAuthenticationProvider"/>
|
|
|
<ref bean="authByAdapterProvider"/>
|
|
|
+ <ref bean="daoAuthenticationProvider"/>
|
|
|
</list>
|
|
|
</property>
|
|
|
</bean>
|
|
|
|
|
|
+ <bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
|
|
|
+ <property name="userMap">
|
|
|
+ <value>
|
|
|
+ marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
|
|
|
+ dianne=emu,ROLE_TELLER
|
|
|
+ scott=wombat,ROLE_TELLER
|
|
|
+ peter=opal,disabled,ROLE_TELLER
|
|
|
+ </value>
|
|
|
+ </property>
|
|
|
+ </bean>
|
|
|
+
|
|
|
+ <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
|
|
|
+ <property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
|
|
|
+ <property name="ignorePasswordCase"><value>false</value></property>
|
|
|
+ <property name="ignoreUsernameCase"><value>true</value></property>
|
|
|
+ </bean>
|
|
|
+
|
|
|
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ -->
|
|
|
|
|
|
<!-- An access decision voter that reads ROLE_* configuaration settings -->
|
|
|
@@ -91,7 +104,7 @@
|
|
|
<bean id="contactSecurityVoter" class="sample.contact.ContactSecurityVoter"/>
|
|
|
|
|
|
<!-- An affirmative access decision manager -->
|
|
|
- <bean id="affirmativeBased" class="net.sf.acegisecurity.vote.AffirmativeBased">
|
|
|
+ <bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
|
|
|
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
|
|
|
<property name="decisionVoters">
|
|
|
<list>
|
|
|
@@ -103,11 +116,11 @@
|
|
|
|
|
|
<!-- ===================== SECURITY DEFINITIONS ======================= -->
|
|
|
|
|
|
- <bean id="publicContactManagerSecurity" class="net.sf.acegisecurity.SecurityInterceptor">
|
|
|
- <property name="authenticationManager"><ref bean="providerManager"/></property>
|
|
|
- <property name="accessDecisionManager"><ref bean="affirmativeBased"/></property>
|
|
|
+ <bean id="publicContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
|
|
|
+ <property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
|
|
+ <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
|
|
|
<property name="runAsManager"><ref bean="runAsManager"/></property>
|
|
|
- <property name="methodDefinitionSource">
|
|
|
+ <property name="objectDefinitionSource">
|
|
|
<value>
|
|
|
sample.contact.ContactManager.delete=ROLE_SUPERVISOR,RUN_AS_SERVER
|
|
|
sample.contact.ContactManager.getAllByOwner=CONTACT_OWNED_BY_CURRENT_USER,RUN_AS_SERVER
|
|
|
@@ -118,11 +131,11 @@
|
|
|
</bean>
|
|
|
|
|
|
<!-- We expect all callers of the backend object to hold the role ROLE_RUN_AS_SERVER -->
|
|
|
- <bean id="backendContactManagerSecurity" class="net.sf.acegisecurity.SecurityInterceptor">
|
|
|
- <property name="authenticationManager"><ref bean="providerManager"/></property>
|
|
|
- <property name="accessDecisionManager"><ref bean="affirmativeBased"/></property>
|
|
|
+ <bean id="backendContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
|
|
|
+ <property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
|
|
+ <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
|
|
|
<property name="runAsManager"><ref bean="runAsManager"/></property>
|
|
|
- <property name="methodDefinitionSource">
|
|
|
+ <property name="objectDefinitionSource">
|
|
|
<value>
|
|
|
sample.contact.ContactManager.delete=ROLE_RUN_AS_SERVER
|
|
|
sample.contact.ContactManager.getAllByOwner=ROLE_RUN_AS_SERVER
|
Ben Alex