1 |
2638be38
|
Andreas Müller
|
<?xml version="1.0" encoding="UTF-8"?>
|
2 |
|
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
3 |
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
4 |
|
|
xmlns:context="http://www.springframework.org/schema/context"
|
5 |
|
|
xmlns:security="http://www.springframework.org/schema/security"
|
6 |
|
|
xsi:schemaLocation="
|
7 |
19d5d18b
|
Andreas Müller
|
http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans-4.3.xsd
|
8 |
|
|
http://www.springframework.org/schema/tx https://www.springframework.org/schema/tx/spring-tx-4.3.xsd
|
9 |
|
|
http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context-4.3.xsd
|
10 |
|
|
http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security-4.2.xsd"
|
11 |
2638be38
|
Andreas Müller
|
>
|
12 |
|
|
|
13 |
|
|
<!--
|
14 |
|
|
======================================================================
|
15 |
|
|
security specific configuration
|
16 |
|
|
======================================================================
|
17 |
|
|
-->
|
18 |
|
|
<security:global-method-security pre-post-annotations="enabled" run-as-manager-ref="runAsManager" >
|
19 |
|
|
<security:expression-handler ref="expressionHandler" />
|
20 |
|
|
</security:global-method-security>
|
21 |
|
|
|
22 |
|
|
<!--
|
23 |
|
|
To use "hasPermission()" in the Spring EL method annotations like @PreAuthorize we explicitly configure the permissionEvaluator
|
24 |
|
|
the cdmPermissionEvaluator is already defined in the persistence security context
|
25 |
|
|
-->
|
26 |
|
|
<bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
|
27 |
|
|
<property name="permissionEvaluator" ref="cdmPermissionEvaluator" />
|
28 |
|
|
</bean>
|
29 |
|
|
|
30 |
|
|
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
|
31 |
|
|
<property name="userDetailsService" ref="userService"/>
|
32 |
|
|
<property name="saltSource" ref="saltSource"/>
|
33 |
|
|
<property name="passwordEncoder" ref="passwordEncoder"/>
|
34 |
|
|
</bean>
|
35 |
|
|
|
36 |
|
|
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
|
37 |
|
|
|
38 |
|
|
<bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">
|
39 |
|
|
<property name="userPropertyToUse" value="getUsername"/>
|
40 |
|
|
</bean>
|
41 |
|
|
|
42 |
|
|
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
|
43 |
|
|
<constructor-arg>
|
44 |
|
|
<list>
|
45 |
19d5d18b
|
Andreas Müller
|
<ref bean="daoAuthenticationProvider"/>
|
46 |
2638be38
|
Andreas Müller
|
</list>
|
47 |
|
|
</constructor-arg>
|
48 |
|
|
</bean>
|
49 |
|
|
|
50 |
|
|
<!--
|
51 |
|
|
Run-As Authentication Replacement for system operations
|
52 |
|
|
as e.g. performed by the eu.etaxonomy.cdm.api.application.FirstDataInserter
|
53 |
|
|
|
54 |
|
|
the key must match FirstDataInserter.RUN_AS_KEY
|
55 |
|
|
-->
|
56 |
|
|
<bean id="runAsManager"
|
57 |
|
|
class="org.springframework.security.access.intercept.RunAsManagerImpl">
|
58 |
|
|
<property name="key" value="TtlCx3pgKC4l"/>
|
59 |
|
|
</bean>
|
60 |
|
|
|
61 |
|
|
<bean id="runAsAuthenticationProvider"
|
62 |
|
|
class="org.springframework.security.access.intercept.RunAsImplAuthenticationProvider">
|
63 |
|
|
<property name="key" value="TtlCx3pgKC4l"/>
|
64 |
|
|
</bean>
|
65 |
|
|
|
66 |
|
|
<!-- equips a new and empty database with the initial set of meta data and admin user -->
|
67 |
|
|
<bean id="firstDataInserter" class="eu.etaxonomy.cdm.api.application.FirstDataInserter">
|
68 |
|
|
<property name="runAsAuthenticationProvider" ref="runAsAuthenticationProvider"/>
|
69 |
|
|
</bean>
|
70 |
|
|
|
71 |
|
|
</beans>
|