|
1
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
|
3
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
4
|
xmlns:context="http://www.springframework.org/schema/context"
|
|
5
|
xmlns:security="http://www.springframework.org/schema/security"
|
|
6
|
xsi:schemaLocation="
|
|
7
|
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
|
|
8
|
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
|
|
9
|
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
|
|
10
|
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd"
|
|
11
|
>
|
|
12
|
|
|
13
|
|
|
14
|
<!--
|
|
15
|
======================================================================
|
|
16
|
security specific configuration
|
|
17
|
======================================================================
|
|
18
|
-->
|
|
19
|
<security:global-method-security pre-post-annotations="enabled" run-as-manager-ref="runAsManager" >
|
|
20
|
<security:expression-handler ref="expressionHandler" />
|
|
21
|
</security:global-method-security>
|
|
22
|
|
|
23
|
<!--
|
|
24
|
To use "hasPermission()" in the Spring EL method annotations like @PreAuthorize we explicitly configure the permissionEvaluator
|
|
25
|
the cdmPermissionEvaluator is already defined in the persistence security context
|
|
26
|
-->
|
|
27
|
<bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
|
|
28
|
<property name="permissionEvaluator" ref="cdmPermissionEvaluator" />
|
|
29
|
</bean>
|
|
30
|
|
|
31
|
|
|
32
|
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
|
|
33
|
<property name="userDetailsService" ref="userService"/>
|
|
34
|
<property name="saltSource" ref="saltSource"/>
|
|
35
|
<property name="passwordEncoder" ref="passwordEncoder"/>
|
|
36
|
</bean>
|
|
37
|
|
|
38
|
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
|
|
39
|
|
|
40
|
<bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">
|
|
41
|
<property name="userPropertyToUse" value="getUsername"/>
|
|
42
|
</bean>
|
|
43
|
|
|
44
|
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
|
|
45
|
<constructor-arg>
|
|
46
|
<list>
|
|
47
|
<ref local="daoAuthenticationProvider"/>
|
|
48
|
</list>
|
|
49
|
</constructor-arg>
|
|
50
|
</bean>
|
|
51
|
|
|
52
|
|
|
53
|
<!--
|
|
54
|
Run-As Authentication Replacement for system operations
|
|
55
|
as e.g. performed by the eu.etaxonomy.cdm.api.application.FirstDataInserter
|
|
56
|
|
|
57
|
the key must match FirstDataInserter.RUN_AS_KEY
|
|
58
|
-->
|
|
59
|
<bean id="runAsManager"
|
|
60
|
class="org.springframework.security.access.intercept.RunAsManagerImpl">
|
|
61
|
<property name="key" value="TtlCx3pgKC4l"/>
|
|
62
|
</bean>
|
|
63
|
|
|
64
|
<bean id="runAsAuthenticationProvider"
|
|
65
|
class="org.springframework.security.access.intercept.RunAsImplAuthenticationProvider">
|
|
66
|
<property name="key" value="TtlCx3pgKC4l"/>
|
|
67
|
</bean>
|
|
68
|
|
|
69
|
<!-- equips a new and empty database with the initial set of meta data and admin user -->
|
|
70
|
<bean id="firstDataInserter" class="eu.etaxonomy.cdm.api.application.FirstDataInserter">
|
|
71
|
<property name="runAsAuthenticationProvider" ref="runAsAuthenticationProvider"/>
|
|
72
|
</bean>
|
|
73
|
|
|
74
|
</beans>
|