github
/
spring-security
mirror of https://github.com/spring-projects/spring-security


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131
							<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<!--
  - Application context loaded by ContextLoaderListener if using container adapters
  - $Id$
  -->

<beans>

	<!-- =================== SECURITY SYSTEM DEFINITIONS ================== -->
	
	<!-- RunAsManager -->
	<bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
     	<property name="key"><value>my_run_as_password</value></property>
 	</bean>

	<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHENTICATION DEFINITIONS ~~~~~~~~~~~~~~~~~~ -->
	
	<bean id="runAsAuthenticationProvider" class="net.sf.acegisecurity.runas.RunAsImplAuthenticationProvider">
     	<property name="key"><value>my_run_as_password</value></property>
 	</bean>

	<bean id="authByAdapterProvider" class="net.sf.acegisecurity.adapters.AuthByAdapterProvider">
  		<property name="key"><value>my_password</value></property>
 	</bean>

	<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
		<property name="providers">
		  <list>
		    <ref bean="runAsAuthenticationProvider"/>
		    <ref bean="authByAdapterProvider"/>
		    <ref bean="daoAuthenticationProvider"/>
		  </list>
		</property>
	</bean>

	<bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
  		<property name="userMap">
			<value>
				marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
				dianne=emu,ROLE_TELLER
				scott=wombat,ROLE_TELLER
				peter=opal,disabled,ROLE_TELLER
			</value>
		</property>
	</bean>
	
	<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
     	<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
	</bean>

	<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ -->

	<!-- An access decision voter that reads ROLE_* configuaration settings -->
	<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>

	<!-- An access decision voter that reads CONTACT_OWNED_BY_CURRENT_USER configuaration settings -->
	<bean id="contactSecurityVoter" class="sample.contact.ContactSecurityVoter"/>

	<!-- An access decision manager used by the business objects -->
	<bean id="businessAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
   		<property name="allowIfAllAbstainDecisions"><value>false</value></property>
		<property name="decisionVoters">
		  <list>
		    <ref bean="roleVoter"/>
		    <ref bean="contactSecurityVoter"/>
		  </list>
		</property>
	</bean>

	<!-- ===================== SECURITY DEFINITIONS ======================= -->
	
	<bean id="publicContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
    	<property name="authenticationManager"><ref bean="authenticationManager"/></property>
    	<property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
    	<property name="runAsManager"><ref bean="runAsManager"/></property>
 		<property name="objectDefinitionSource">
			<value>
				sample.contact.ContactManager.delete=ROLE_SUPERVISOR,RUN_AS_SERVER
				sample.contact.ContactManager.getAllByOwner=CONTACT_OWNED_BY_CURRENT_USER,RUN_AS_SERVER
				sample.contact.ContactManager.save=CONTACT_OWNED_BY_CURRENT_USER,RUN_AS_SERVER
				sample.contact.ContactManager.getById=ROLE_TELLER,RUN_AS_SERVER
			</value>
		</property>
	</bean>

	<!-- We expect all callers of the backend object to hold the role ROLE_RUN_AS_SERVER -->
	<bean id="backendContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
    	<property name="authenticationManager"><ref bean="authenticationManager"/></property>
    	<property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
    	<property name="runAsManager"><ref bean="runAsManager"/></property>
 		<property name="objectDefinitionSource">
			<value>
				sample.contact.ContactManager.delete=ROLE_RUN_AS_SERVER
				sample.contact.ContactManager.getAllByOwner=ROLE_RUN_AS_SERVER
				sample.contact.ContactManager.save=ROLE_RUN_AS_SERVER
				sample.contact.ContactManager.getById=ROLE_RUN_AS_SERVER
			</value>
		</property>
	</bean>

	<!-- ======================= BUSINESS DEFINITIONS ===================== -->

	<bean id="contactManager" class="org.springframework.aop.framework.ProxyFactoryBean">
    	<property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
	    <property name="interceptorNames">
      	<list>
        	<value>publicContactManagerSecurity</value>
 	        <value>publicContactManagerTarget</value>
    	</list>
	    </property>
  	</bean>

	<bean id="publicContactManagerTarget" class="sample.contact.ContactManagerFacade">
    	<property name="backend"><ref bean="backendContactManager"/></property>
	</bean>

	<bean id="backendContactManager" class="org.springframework.aop.framework.ProxyFactoryBean">
    	<property name="proxyInterfaces"><value>sample.contact.ContactManager</value></property>
	    <property name="interceptorNames">
      	<list>
        	<value>backendContactManagerSecurity</value>
 	        <value>backendContactManagerTarget</value>
    	</list>
	    </property>
  	</bean>

	<bean id="backendContactManagerTarget" class="sample.contact.ContactManagerBackend"/>

</beans>