123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 |
- <?xml version="1.0" encoding="UTF-8"?>
- <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
- <!--
- - Application context loaded by ContextLoaderListener if using container adapters
- - $Id$
- -->
- <beans>
- <!-- =================== SECURITY SYSTEM DEFINITIONS ================== -->
-
- <!-- RunAsManager -->
- <bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
- <property name="key"><value>my_run_as_password</value></property>
- </bean>
- <!-- ~~~~~~~~~~~~~~~~~~~~ AUTHENTICATION DEFINITIONS ~~~~~~~~~~~~~~~~~~ -->
-
- <bean id="runAsAuthenticationProvider" class="net.sf.acegisecurity.runas.RunAsImplAuthenticationProvider">
- <property name="key"><value>my_run_as_password</value></property>
- </bean>
- <bean id="authByAdapterProvider" class="net.sf.acegisecurity.adapters.AuthByAdapterProvider">
- <property name="key"><value>my_password</value></property>
- </bean>
- <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
- <property name="providers">
- <list>
- <ref bean="runAsAuthenticationProvider"/>
- <ref bean="authByAdapterProvider"/>
- <ref bean="daoAuthenticationProvider"/>
- </list>
- </property>
- </bean>
- <bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
- <property name="userMap">
- <value>
- marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
- dianne=emu,ROLE_TELLER
- scott=wombat,ROLE_TELLER
- peter=opal,disabled,ROLE_TELLER
- </value>
- </property>
- </bean>
-
- <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
- <property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
- <property name="ignorePasswordCase"><value>false</value></property>
- <property name="ignoreUsernameCase"><value>true</value></property>
- </bean>
- <!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ -->
- <!-- An access decision voter that reads ROLE_* configuaration settings -->
- <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
- <!-- An access decision voter that reads CONTACT_OWNED_BY_CURRENT_USER configuaration settings -->
- <bean id="contactSecurityVoter" class="sample.contact.ContactSecurityVoter"/>
- <!-- An access decision manager used by the business objects -->
- <bean id="businessAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
- <property name="allowIfAllAbstainDecisions"><value>false</value></property>
- <property name="decisionVoters">
- <list>
- <ref bean="roleVoter"/>
- <ref bean="contactSecurityVoter"/>
- </list>
- </property>
- </bean>
- <!-- ===================== SECURITY DEFINITIONS ======================= -->
-
- <bean id="publicContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
- <property name="authenticationManager"><ref bean="authenticationManager"/></property>
- <property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
- <property name="runAsManager"><ref bean="runAsManager"/></property>
- <property name="objectDefinitionSource">
- <value>
- sample.contact.ContactManager.delete=ROLE_SUPERVISOR,RUN_AS_SERVER
- sample.contact.ContactManager.getAllByOwner=CONTACT_OWNED_BY_CURRENT_USER,RUN_AS_SERVER
- sample.contact.ContactManager.save=CONTACT_OWNED_BY_CURRENT_USER,RUN_AS_SERVER
- sample.contact.ContactManager.getById=ROLE_TELLER,RUN_AS_SERVER
- </value>
- </property>
- </bean>
- <!-- We expect all callers of the backend object to hold the role ROLE_RUN_AS_SERVER -->
- <bean id="backendContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
- <property name="authenticationManager"><ref bean="authenticationManager"/></property>
- <property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
- <property name="runAsManager"><ref bean="runAsManager"/></property>
- <property name="objectDefinitionSource">
- <value>
- sample.contact.ContactManager.delete=ROLE_RUN_AS_SERVER
- sample.contact.ContactManager.getAllByOwner=ROLE_RUN_AS_SERVER
- sample.contact.ContactManager.save=ROLE_RUN_AS_SERVER
- sample.contact.ContactManager.getById=ROLE_RUN_AS_SERVER
- </value>
- </property>
- </bean>
- <!-- ======================= BUSINESS DEFINITIONS ===================== -->
- <bean id="contactManager" class="org.springframework.aop.framework.ProxyFactoryBean">
- <property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
- <property name="interceptorNames">
- <list>
- <value>publicContactManagerSecurity</value>
- <value>publicContactManagerTarget</value>
- </list>
- </property>
- </bean>
- <bean id="publicContactManagerTarget" class="sample.contact.ContactManagerFacade">
- <property name="backend"><ref bean="backendContactManager"/></property>
- </bean>
- <bean id="backendContactManager" class="org.springframework.aop.framework.ProxyFactoryBean">
- <property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
- <property name="interceptorNames">
- <list>
- <value>backendContactManagerSecurity</value>
- <value>backendContactManagerTarget</value>
- </list>
- </property>
- </bean>
- <bean id="backendContactManagerTarget" class="sample.contact.ContactManagerBackend"/>
- </beans>
|