Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fixes to sample app context files

Luke Taylor 16 years ago
parent
1788dfdba0
commit
f976080d1d
2 changed files with 11 additions and 16 deletions
Unified View Show Diff Stats
  1. 7 6
      samples/contacts/src/main/webapp/WEB-INF/applicationContext-security.xml
  2. 4 10
      samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml

+ 7 - 6
samples/contacts/src/main/webapp/WEB-INF/applicationContext-security.xml
View File 

@@ -18,7 +18,7 @@
 
         <expression-handler ref="expressionHandler"/>
 
         <expression-handler ref="expressionHandler"/>
 
     </global-method-security>
 
     </global-method-security>
 
 
 
-    <http auto-config="true" realm="Contacts Realm">
 
+    <http realm="Contacts Realm">
 
         <intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
 
         <intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
 
         <intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
 
         <intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
 
         <intercept-url pattern="/hello.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
 
         <intercept-url pattern="/hello.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
 
@@ -28,6 +28,7 @@
 
         <intercept-url pattern="/**" access="ROLE_USER"/>
 
         <intercept-url pattern="/**" access="ROLE_USER"/>
 
 
 
         <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1"/>
 
         <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1"/>
 
+        <http-basic/>
 
         <logout logout-success-url="/index.jsp"/>
 
         <logout logout-success-url="/index.jsp"/>
 
         <remember-me />
 
         <remember-me />
 
     </http>
 
     </http>
 
@@ -49,10 +50,10 @@
 
     </b:bean>
 
     </b:bean>
 
 
 
     <b:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
 
     <b:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
 
-        <b:property name="permissionEvaluator">
 
-            <b:bean class="org.springframework.security.acls.AclPermissionEvaluator">
 
-                <b:constructor-arg ref="aclService"/>
 
-            </b:bean>
 
-        </b:property>
 
+        <b:property name="permissionEvaluator" ref="permissionEvaluator"/>
 
+    </b:bean>
 
+
 
+    <b:bean id="permissionEvaluator" class="org.springframework.security.acls.AclPermissionEvaluator">
 
+        <b:constructor-arg ref="aclService"/>
 
     </b:bean>
 
     </b:bean>
 
 </b:beans>
 
 </b:beans>

+ 4 - 10
samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
View File 

@@ -12,13 +12,13 @@
 
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd

     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd

                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

 

 

-    <global-method-security prepost-annotations="enabled">

+    <global-method-security pre-post-annotations="enabled">

         <!-- AspectJ pointcut expression that locates our "post" method and applies security that way

         <!-- AspectJ pointcut expression that locates our "post" method and applies security that way

         <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>

         <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>

         -->

         -->

     </global-method-security>

     </global-method-security>

 

 

-    <http auto-config="true" use-expressions="true">

+    <http use-expressions="true">

         <intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_SUPERVISOR')"/>

         <intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_SUPERVISOR')"/>

         <intercept-url pattern="/secure/**" access="isAuthenticated()" />

         <intercept-url pattern="/secure/**" access="isAuthenticated()" />

         <!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead

         <!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead

@@ -26,19 +26,13 @@
 
         <intercept-url pattern="/post.html" access="ROLE_TELLER" />

         <intercept-url pattern="/post.html" access="ROLE_TELLER" />

         -->

         -->

         <intercept-url pattern="/**" access="permitAll" />

         <intercept-url pattern="/**" access="permitAll" />

+        <form-login />

+        <logout />

         <remember-me />

         <remember-me />

 <!--

 <!--

     Uncomment to enable X509 client authentication support

     Uncomment to enable X509 client authentication support

         <x509 />

         <x509 />

 -->

 -->

-

-<!-- All of this is unnecessary if auto-config="true"

-        <form-login />

-        <anonymous />

-        <http-basic />

-        <logout />

--->

-

         <!-- Uncomment to limit the number of sessions a user can have

         <!-- Uncomment to limit the number of sessions a user can have

         <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>

         <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>

         -->

         -->