1 <?xml version=
"1.0" encoding=
"UTF-8"?>
2 <beans xmlns=
"http://www.springframework.org/schema/beans"
3 xmlns:
xsi=
"http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:
context=
"http://www.springframework.org/schema/context"
5 xmlns:
security=
"http://www.springframework.org/schema/security"
6 xsi:
schemaLocation=
"http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
7 http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
8 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
9 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"
12 <import resource=
"classpath:/eu/etaxonomy/cdm/remoting_persistence_security.xml"/>
14 ======================================================================
15 security specific configuration
16 ======================================================================
18 <security:global-method-security pre-post-annotations=
"enabled" run-as-manager-ref=
"runAsManager" >
19 <security:expression-handler ref=
"expressionHandler" />
20 </security:global-method-security>
23 To use "hasPermission()" in the Spring EL method annotations like @PreAuthorize we explicitly configure the permissionEvaluator
24 the cdmPermissionEvaluator is already defined in the persistence security context
26 <bean id=
"expressionHandler" class=
"org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
27 <property name=
"permissionEvaluator" ref=
"cdmPermissionEvaluator" />
30 <bean id=
"authenticationManager" class=
"org.springframework.security.authentication.ProviderManager">
31 <property name=
"providers">
33 <ref local=
"daoAuthenticationProvider"/>
38 <bean id=
"daoAuthenticationProvider" class=
"org.springframework.security.authentication.dao.DaoAuthenticationProvider">
39 <property name=
"userDetailsService" ref=
"userService"/>
40 <property name=
"saltSource" ref=
"saltSource"/>
41 <property name=
"passwordEncoder" ref=
"passwordEncoder"/>
44 <bean id=
"passwordEncoder" class=
"org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
46 <bean id=
"saltSource" class=
"org.springframework.security.authentication.dao.ReflectionSaltSource">
47 <property name=
"userPropertyToUse" value=
"getUsername"/>
51 Run-As Authentication Replacement for system operations
52 as e.g. performed by the eu.etaxonomy.cdm.api.application.FirstDataInserter
54 the key must match FirstDataInserter.RUN_AS_KEY
56 <bean id=
"runAsManager"
57 class=
"org.springframework.security.access.intercept.RunAsManagerImpl">
58 <property name=
"key" value=
"TtlCx3pgKC4l"/>