Project

General

Profile

Statistics
| Branch: | Tag: | Revision:

cdmlib / cdmlib-services / src / main / resources / eu / etaxonomy / cdm / services_security_base.xml @ eb691546

History | View | Annotate | Download (3.37 KB)

1
<?xml version="1.0" encoding="UTF-8"?>
2
<beans xmlns="http://www.springframework.org/schema/beans"
3
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4
  xmlns:context="http://www.springframework.org/schema/context"
5
  xmlns:security="http://www.springframework.org/schema/security"
6
  xsi:schemaLocation="
7
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
8
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
9
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd
10
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd"
11
    >
12

    
13
    <!--
14
        ======================================================================
15
          security specific configuration
16
        ======================================================================
17
     -->
18
    <security:global-method-security pre-post-annotations="enabled" run-as-manager-ref="runAsManager" >
19
        <security:expression-handler ref="expressionHandler" />
20
    </security:global-method-security>
21

    
22
    <!--
23
        To use "hasPermission()" in the Spring EL method annotations like @PreAuthorize we explicitly configure the permissionEvaluator
24
        the cdmPermissionEvaluator is already defined in the persistence security context
25
    -->
26
    <bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
27
        <property name="permissionEvaluator" ref="cdmPermissionEvaluator" />
28
    </bean>
29

    
30

    
31
    <bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
32
        <property name="userDetailsService" ref="userService"/>
33
        <property name="saltSource" ref="saltSource"/>
34
        <property name="passwordEncoder" ref="passwordEncoder"/>
35
    </bean>
36

    
37
    <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
38

    
39
    <bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">
40
        <property name="userPropertyToUse" value="getUsername"/>
41
    </bean>
42
    
43
    <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
44
        <constructor-arg>
45
            <list>
46
                <ref local="daoAuthenticationProvider"/>
47
            </list>
48
        </constructor-arg>
49
    </bean>
50

    
51

    
52
    <!--
53
        Run-As Authentication Replacement for system operations
54
        as e.g. performed by the eu.etaxonomy.cdm.api.application.FirstDataInserter
55

56
        the key must match FirstDataInserter.RUN_AS_KEY
57
     -->
58
    <bean id="runAsManager"
59
        class="org.springframework.security.access.intercept.RunAsManagerImpl">
60
      <property name="key" value="TtlCx3pgKC4l"/>
61
    </bean>
62

    
63
    <bean id="runAsAuthenticationProvider"
64
        class="org.springframework.security.access.intercept.RunAsImplAuthenticationProvider">
65
      <property name="key" value="TtlCx3pgKC4l"/>
66
    </bean>
67

    
68
    <!-- equips a new and empty database with the initial set of meta data and admin user   -->
69
    <bean id="firstDataInserter" class="eu.etaxonomy.cdm.api.application.FirstDataInserter">
70
        <property name="runAsAuthenticationProvider" ref="runAsAuthenticationProvider"/>
71
    </bean>
72

    
73
</beans>
Add picture from clipboard (Maximum size: 40 MB)