Project

General

Profile

Statistics
| Branch: | Tag: | Revision:

cdmlib / cdmlib-services / src / main / resources / eu / etaxonomy / cdm / services_security_base.xml @ 2638be38

History | View | Annotate | Download (3.37 KB)

1
<?xml version="1.0" encoding="UTF-8"?>
2
<beans xmlns="http://www.springframework.org/schema/beans"
3
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4
  xmlns:context="http://www.springframework.org/schema/context"
5
  xmlns:security="http://www.springframework.org/schema/security"
6
  xsi:schemaLocation="
7
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
8
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
9
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
10
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd"
11
    >
12

    
13

    
14
    <!--
15
        ======================================================================
16
          security specific configuration
17
        ======================================================================
18
     -->
19
    <security:global-method-security pre-post-annotations="enabled" run-as-manager-ref="runAsManager" >
20
        <security:expression-handler ref="expressionHandler" />
21
    </security:global-method-security>
22

    
23
    <!--
24
        To use "hasPermission()" in the Spring EL method annotations like @PreAuthorize we explicitly configure the permissionEvaluator
25
        the cdmPermissionEvaluator is already defined in the persistence security context
26
    -->
27
    <bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
28
        <property name="permissionEvaluator" ref="cdmPermissionEvaluator" />
29
    </bean>
30

    
31

    
32
    <bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
33
        <property name="userDetailsService" ref="userService"/>
34
        <property name="saltSource" ref="saltSource"/>
35
        <property name="passwordEncoder" ref="passwordEncoder"/>
36
    </bean>
37

    
38
    <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
39

    
40
    <bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">
41
        <property name="userPropertyToUse" value="getUsername"/>
42
    </bean>
43
    
44
    <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
45
        <constructor-arg>
46
            <list>
47
                <ref local="daoAuthenticationProvider"/>
48
            </list>
49
        </constructor-arg>
50
    </bean>
51

    
52

    
53
    <!--
54
        Run-As Authentication Replacement for system operations
55
        as e.g. performed by the eu.etaxonomy.cdm.api.application.FirstDataInserter
56

57
        the key must match FirstDataInserter.RUN_AS_KEY
58
     -->
59
    <bean id="runAsManager"
60
        class="org.springframework.security.access.intercept.RunAsManagerImpl">
61
      <property name="key" value="TtlCx3pgKC4l"/>
62
    </bean>
63

    
64
    <bean id="runAsAuthenticationProvider"
65
        class="org.springframework.security.access.intercept.RunAsImplAuthenticationProvider">
66
      <property name="key" value="TtlCx3pgKC4l"/>
67
    </bean>
68

    
69
    <!-- equips a new and empty database with the initial set of meta data and admin user   -->
70
    <bean id="firstDataInserter" class="eu.etaxonomy.cdm.api.application.FirstDataInserter">
71
        <property name="runAsAuthenticationProvider" ref="runAsAuthenticationProvider"/>
72
    </bean>
73

    
74
</beans>
Add picture from clipboard (Maximum size: 40 MB)