WEB-INF/spring-security.xml

   1 <beans:beans
   2         xmlns="http://www.springframework.org/schema/security"
   3         xmlns:beans="http://www.springframework.org/schema/beans"
   4         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   5         xsi:schemaLocation="http://www.springframework.org/schema/beans
   6         http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
   7         http://www.springframework.org/schema/security
   8         http://www.springframework.org/schema/security/spring-security-3.1.xsd">
   9
  10         <http auto-config="true" use-expressions="true" access-denied-page="/denied">
  11                 <intercept-url pattern="/stat/**" access="hasRole('ROLE_USER')" />
  12                 <intercept-url pattern="/sequence/**" access="hasRole('ROLE_USER')" />
  13                 <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
  14                 <intercept-url pattern="/database/**" access="hasRole('ROLE_ADMIN')" />
  15                 <intercept-url pattern="/public*" access="permitAll"/>
  16                 <intercept-url pattern="/login*" access="permitAll"/>
  17                 <intercept-url pattern="/index*" access="permitAll"/>
  18                 <intercept-url pattern="/register*" access="permitAll"/>
  19                 <form-login
  20                         login-page="/login"
  21                         default-target-url="/home"
  22                         authentication-failure-url="/loginfailed"
  23                 />
  24                 <logout logout-success-url="/logout" />
  25         </http>
  26
  27         <global-method-security secured-annotations="enabled">
  28         </global-method-security>
  29
  30 <!--
  31         <http access-denied-page="/denied.xhtml"  auto-config="true" use-expressions="false" >
  32                 <form-login
  33                         login-page="/login.xhtml"
  34                         default-target-url="/"
  35                         authentication-failure-url="/denied.xhtml"
  36                 login-processing-url="/static/j_spring_security_check"
  37                 />
  38                 <intercept-url pattern="/PANEL/**" access="ROLE_GENERALT"></intercept-url>
  39                 <logout invalidate-session="true" logout-url="/index.xhtml"/>
  40         </http>
  41
  42         <global-method-security secured-annotations="enabled" jsr250-annotations="enabled"></global-method-security>
  43 -->
  44
  45         <authentication-manager>
  46                 <authentication-provider>
  47                         <user-service>
  48                                 <user name="sherstnev" password="sasha" authorities="ROLE_USER" />
  49                                 <user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
  50                         </user-service>
  51                 </authentication-provider>
  52         </authentication-manager>
  53
  54 </beans:beans>