eu.etaxonomy.taxeditor.remoting/src/main/resources/eu/etaxonomy/cdm/remoting_services_security.xml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <beans xmlns="http://www.springframework.org/schema/beans"
   3   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   4   xmlns:context="http://www.springframework.org/schema/context"
   5   xmlns:security="http://www.springframework.org/schema/security"
   6   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
   7     http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
   8     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
   9     http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"
  10     >
  11
  12     <import resource="classpath:/eu/etaxonomy/cdm/remoting_persistence_security.xml"/>
  13     <!--
  14         ======================================================================
  15           security specific configuration
  16         ======================================================================
  17      -->
  18     <security:global-method-security pre-post-annotations="enabled" run-as-manager-ref="runAsManager" >
  19         <security:expression-handler ref="expressionHandler" />
  20     </security:global-method-security>
  21
  22     <!--
  23         To use "hasPermission()" in the Spring EL method annotations like @PreAuthorize we explicitly configure the permissionEvaluator
  24         the cdmPermissionEvaluator is already defined in the persistence security context
  25     -->
  26     <bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
  27         <property name="permissionEvaluator" ref="cdmPermissionEvaluator" />
  28     </bean>
  29
  30     <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
  31         <property name="providers">
  32             <list>
  33                 <ref local="daoAuthenticationProvider"/>
  34             </list>
  35         </property>
  36     </bean>
  37
  38     <bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
  39         <property name="userDetailsService" ref="userService"/>
  40         <property name="saltSource" ref="saltSource"/>
  41         <property name="passwordEncoder" ref="passwordEncoder"/>
  42     </bean>
  43
  44     <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
  45
  46     <bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">
  47         <property name="userPropertyToUse" value="getUsername"/>
  48     </bean>
  49
  50     <!--
  51         Run-As Authentication Replacement for system operations
  52         as e.g. performed by the eu.etaxonomy.cdm.api.application.FirstDataInserter
  53
  54         the key must match FirstDataInserter.RUN_AS_KEY
  55      -->
  56     <bean id="runAsManager"
  57         class="org.springframework.security.access.intercept.RunAsManagerImpl">
  58       <property name="key" value="TtlCx3pgKC4l"/>
  59     </bean>
  60
  61
  62 </beans>