bootstrapping of this web application see:
http://dev.e-taxonomy.eu/trac/wiki/cdmlib-remote-webappConfigurationAndBootstrapping
-->
+
+ <context:annotation-config />
<!-- include default application context and customization -->
<import resource="classpath:/eu/etaxonomy/cdm/defaultApplicationContext.xml" />
</bean>
<context:component-scan base-package="eu/etaxonomy/cdm/ext" />
- <!-- <import resource="classpath:/eu/etaxonomy/cdm/remote.xml"/> -->
- <import resource="classpath:/eu/etaxonomy/cdm/remote-security.xml" />
+ <import resource="classpath:/eu/etaxonomy/cdm/remote.xml"/>
<context:component-scan base-package="eu/etaxonomy/cdm/io">
<context:exclude-filter type="regex"
expression="eu\.etaxonomy\.cdm\.io\.pesi.*" />
<!-- CONFIGURE WEB APPLICATION HERE -->
<import resource="datasources/configurable.xml" />
+
+ <!-- bootstrap the WebSecurityConfiguration -->
+ <bean class="eu.etaxonomy.cdm.remote.config.MultiWebSecurityConfiguration"></bean>
- <context:annotation-config />
<bean class="eu.etaxonomy.cdm.remote.config.LoggingConfigurer">
</bean>
--- /dev/null
+/**
+ * Copyright (C) 2016 EDIT
+ * European Distributed Institute of Taxonomy
+ * http://www.e-taxonomy.eu
+ *
+ * The contents of this file are subject to the Mozilla Public License Version 1.1
+ * See LICENSE.TXT at the top of this package for the full license terms.
+ */
+package eu.etaxonomy.cdm.remote.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+/**
+ * @author a.kohlbecker
+ * @date Oct 6, 2016
+ *
+ */
+@EnableWebSecurity
+public class MultiWebSecurityConfiguration {
+
+ /**
+ * Check for full authentication for remoting services
+ * @author a.kohlbecker
+ * @date Oct 6, 2016
+ *
+ */
+ @Configuration
+ @Order(1)
+ public static class RemotingWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ // @formatter:off
+ http
+ .anonymous().disable()
+ .antMatcher("/remoting/**")
+ .authorizeRequests().anyRequest().fullyAuthenticated()
+ .and()
+ .csrf().disable()
+ .httpBasic();
+ // @formatter:on
+ }
+ }
+
+ /**
+ * Allow anonymous authentication for all other services
+ * @author a.kohlbecker
+ * @date Oct 6, 2016
+ *
+ */
+ @Configuration
+ public static class DefaultWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ // @formatter:off
+ http
+ .anonymous().and()
+ .antMatcher("/**").authorizeRequests().anyRequest().hasAnyRole("ANONYMOUS", "USER", "ADMIN")
+ .and()
+ .csrf()
+ .disable()
+ .httpBasic();
+ // @formatter:on
+ }
+ }
+
+}
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
- xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
-
- <import resource="remote.xml" />
-
- <!-- Pattern to intercept URL requests -->
-
- <security:http auto-config="true" authentication-manager-ref="authenticationManager" use-expressions="true">
- <!-- check for full authentication for remoting services -->
- <!-- (from http://docs.spring.io/spring-security/site/docs/3.0.x/reference/springsecurity-single.html#el-access) -->
- <security:intercept-url pattern="/remoting/**" access="isFullyAuthenticated()" />
- <security:http-basic />
- <security:csrf disabled="true"/>
- </security:http>
-</beans>
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
">
-
<bean id="marshaller" name="marshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
<property name="classesToBeBound">
<list>