applicationContext.xml 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
  3. <!--
  4. - Application context loaded by ContextLoaderListener if using container adapters
  5. - $Id$
  6. -->
  7. <beans>
  8. <!-- =================== SECURITY SYSTEM DEFINITIONS ================== -->
  9. <!-- RunAsManager -->
  10. <bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
  11. <property name="key"><value>my_run_as_password</value></property>
  12. </bean>
  13. <!-- ~~~~~~~~~~~~~~~~~~~~ AUTHENTICATION DEFINITIONS ~~~~~~~~~~~~~~~~~~ -->
  14. <bean id="runAsAuthenticationProvider" class="net.sf.acegisecurity.runas.RunAsImplAuthenticationProvider">
  15. <property name="key"><value>my_run_as_password</value></property>
  16. </bean>
  17. <bean id="authByAdapterProvider" class="net.sf.acegisecurity.adapters.AuthByAdapterProvider">
  18. <property name="key"><value>my_password</value></property>
  19. </bean>
  20. <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
  21. <property name="providers">
  22. <list>
  23. <ref bean="runAsAuthenticationProvider"/>
  24. <ref bean="authByAdapterProvider"/>
  25. <ref bean="daoAuthenticationProvider"/>
  26. </list>
  27. </property>
  28. </bean>
  29. <bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
  30. <property name="userMap">
  31. <value>
  32. marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
  33. dianne=emu,ROLE_TELLER
  34. scott=wombat,ROLE_TELLER
  35. peter=opal,disabled,ROLE_TELLER
  36. </value>
  37. </property>
  38. </bean>
  39. <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
  40. <property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
  41. <property name="ignorePasswordCase"><value>false</value></property>
  42. <property name="ignoreUsernameCase"><value>true</value></property>
  43. </bean>
  44. <!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ -->
  45. <!-- An access decision voter that reads ROLE_* configuaration settings -->
  46. <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
  47. <!-- An access decision voter that reads CONTACT_OWNED_BY_CURRENT_USER configuaration settings -->
  48. <bean id="contactSecurityVoter" class="sample.contact.ContactSecurityVoter"/>
  49. <!-- An access decision manager used by the business objects -->
  50. <bean id="businessAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
  51. <property name="allowIfAllAbstainDecisions"><value>false</value></property>
  52. <property name="decisionVoters">
  53. <list>
  54. <ref bean="roleVoter"/>
  55. <ref bean="contactSecurityVoter"/>
  56. </list>
  57. </property>
  58. </bean>
  59. <!-- ===================== SECURITY DEFINITIONS ======================= -->
  60. <bean id="publicContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
  61. <property name="authenticationManager"><ref bean="authenticationManager"/></property>
  62. <property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
  63. <property name="runAsManager"><ref bean="runAsManager"/></property>
  64. <property name="objectDefinitionSource">
  65. <value>
  66. sample.contact.ContactManager.delete=ROLE_SUPERVISOR,RUN_AS_SERVER
  67. sample.contact.ContactManager.getAllByOwner=CONTACT_OWNED_BY_CURRENT_USER,RUN_AS_SERVER
  68. sample.contact.ContactManager.save=CONTACT_OWNED_BY_CURRENT_USER,RUN_AS_SERVER
  69. sample.contact.ContactManager.getById=ROLE_TELLER,RUN_AS_SERVER
  70. </value>
  71. </property>
  72. </bean>
  73. <!-- We expect all callers of the backend object to hold the role ROLE_RUN_AS_SERVER -->
  74. <bean id="backendContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
  75. <property name="authenticationManager"><ref bean="authenticationManager"/></property>
  76. <property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
  77. <property name="runAsManager"><ref bean="runAsManager"/></property>
  78. <property name="objectDefinitionSource">
  79. <value>
  80. sample.contact.ContactManager.delete=ROLE_RUN_AS_SERVER
  81. sample.contact.ContactManager.getAllByOwner=ROLE_RUN_AS_SERVER
  82. sample.contact.ContactManager.save=ROLE_RUN_AS_SERVER
  83. sample.contact.ContactManager.getById=ROLE_RUN_AS_SERVER
  84. </value>
  85. </property>
  86. </bean>
  87. <!-- ======================= BUSINESS DEFINITIONS ===================== -->
  88. <bean id="contactManager" class="org.springframework.aop.framework.ProxyFactoryBean">
  89. <property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
  90. <property name="interceptorNames">
  91. <list>
  92. <value>publicContactManagerSecurity</value>
  93. <value>publicContactManagerTarget</value>
  94. </list>
  95. </property>
  96. </bean>
  97. <bean id="publicContactManagerTarget" class="sample.contact.ContactManagerFacade">
  98. <property name="backend"><ref bean="backendContactManager"/></property>
  99. </bean>
  100. <bean id="backendContactManager" class="org.springframework.aop.framework.ProxyFactoryBean">
  101. <property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
  102. <property name="interceptorNames">
  103. <list>
  104. <value>backendContactManagerSecurity</value>
  105. <value>backendContactManagerTarget</value>
  106. </list>
  107. </property>
  108. </bean>
  109. <bean id="backendContactManagerTarget" class="sample.contact.ContactManagerBackend"/>
  110. </beans>