Add LDAP authentication and enabling Spring logging

[proteocache.git] / WEB-INF / spring-security.xml

diff --git a/WEB-INF/spring-security.xml b/WEB-INF/spring-security.xml
index 4e8b52c..c0281f6 100644 (file)
--- a/WEB-INF/spring-security.xml
+++ b/WEB-INF/spring-security.xml
@@ -1,54 +1,87 @@
-<beans:beans 
-       xmlns="http://www.springframework.org/schema/security"
-       xmlns:beans="http://www.springframework.org/schema/beans" 
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+       xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:mvc="http://www.springframework.org/schema/mvc"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/security
-       http://www.springframework.org/schema/security/spring-security-3.1.xsd">
+       http://www.springframework.org/schema/security/spring-security-3.1.xsd
+       http://www.springframework.org/schema/mvc
+       http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd">
 
-       <http auto-config="true" use-expressions="true" access-denied-page="/denied">
-               <intercept-url pattern="/stat/**" access="hasRole('ROLE_USER')" />
-               <intercept-url pattern="/sequence/**" access="hasRole('ROLE_USER')" />
+       <http auto-config="true" pattern="/**" use-expressions="true" access-denied-page="/denied">
+               <intercept-url pattern="/stat/**" access="hasAnyRole('ROLE_USER','ROLE_LDAP_USER','ROLE_ADMIN')" />
+               <intercept-url pattern="/home**" access="hasAnyRole('ROLE_USER','ROLE_LDAP_USER','ROLE_ADMIN')" />
+               <intercept-url pattern="/sequence/**" access="hasAnyRole('ROLE_USER','ROLE_LDAP_USER','ROLE_ADMIN')" />
                <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
                <intercept-url pattern="/database/**" access="hasRole('ROLE_ADMIN')" />
-               <intercept-url pattern="/public*" access="permitAll"/>
-               <intercept-url pattern="/login*" access="permitAll"/>
-               <intercept-url pattern="/index*" access="permitAll"/>
-               <intercept-url pattern="/register*" access="permitAll"/>
-               <form-login 
-                       login-page="/login"
-                       default-target-url="/home"
-                       authentication-failure-url="/loginfailed"
-               />
-               <logout logout-success-url="/logout" />
+               <intercept-url pattern="/public*" access="permitAll" />
+               <intercept-url pattern="/login*" access="permitAll" />
+               <intercept-url pattern="/ldaplogin*" access="permitAll" />
+               <intercept-url pattern="/index*" access="permitAll" />
+               <intercept-url pattern="/register*" access="permitAll" />
+               <form-login login-page="/login" default-target-url="/home" authentication-failure-url="/loginfailed" />
+               <logout invalidate-session="true" logout-success-url="/logout" />
        </http>
 
-       <global-method-security secured-annotations="enabled">
-       </global-method-security>       
+       <!-- Disabling Caching -->
+       <mvc:interceptors>
+               <beans:bean id="webContentInterceptor"
+                       class="org.springframework.web.servlet.mvc.WebContentInterceptor">
+                       <beans:property name="cacheSeconds" value="0" />
+                       <beans:property name="useExpiresHeader" value="false" />
+                       <beans:property name="useCacheControlHeader" value="true" />
+                       <beans:property name="useCacheControlNoStore" value="true" />
+               </beans:bean>
+       </mvc:interceptors>
 
-<!-- 
-       <http access-denied-page="/denied.xhtml"  auto-config="true" use-expressions="false" >
-               <form-login 
-                       login-page="/login.xhtml"
-                       default-target-url="/"
-                       authentication-failure-url="/denied.xhtml"
-               login-processing-url="/static/j_spring_security_check"
-               />
-               <intercept-url pattern="/PANEL/**" access="ROLE_GENERALT"></intercept-url>
-               <logout invalidate-session="true" logout-url="/index.xhtml"/>
-       </http>
-
-       <global-method-security secured-annotations="enabled" jsr250-annotations="enabled"></global-method-security>
--->
+       <!-- enable  -->
+       <global-method-security secured-annotations="enabled"></global-method-security>
 
-       <authentication-manager>
+       <authentication-manager alias="LDAP">
+               <authentication-provider ref="ldapAuthProvider" />
                <authentication-provider>
                        <user-service>
                                <user name="sherstnev" password="sasha" authorities="ROLE_USER" />
+                               <user name="geoff" password="barton" authorities="ROLE_USER" />
+                               <user name="jim" password="procter" authorities="ROLE_USER" />
                                <user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
                        </user-service>
                </authentication-provider>
        </authentication-manager>
 
+       <!-- LDAP and other authentication managers -->
+       <beans:bean id="MyContextSource"
+               class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
+               <beans:constructor-arg value="ldap://ldap.lifesci.dundee.ac.uk:389" />
+               <beans:property name="userDn" value="" />
+               <beans:property name="password" value="password" />
+       </beans:bean>
+       <beans:bean id="MYgrantedAuthoritiesMapper" class="compbio.spring.security.LDAPAuthorityMapper">
+       </beans:bean>
+
+       <beans:bean id="ldapAuthProvider"
+               class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
+               <beans:constructor-arg>
+                       <beans:bean
+                               class="org.springframework.security.ldap.authentication.BindAuthenticator">
+                               <beans:constructor-arg ref="MyContextSource" />
+                               <beans:property name="userDnPatterns">
+                                       <beans:list>
+                                               <beans:value>cn={0},ou=edir,ou=people,ou=lifesci,o=dundee</beans:value>
+                                       </beans:list>
+                               </beans:property>
+                       </beans:bean>
+               </beans:constructor-arg>
+               <beans:constructor-arg>
+                       <beans:bean
+                               class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
+                               <beans:constructor-arg ref="MyContextSource" />
+                               <beans:constructor-arg value="cn=group-gjb,ou=groups,ou=lifesci,o=dundee" /> <!-- Barton group members can log in only... -->
+                               <beans:property name="defaultRole" value="ROLE_LDAP_USER"/> <!-- temporary solution... Currently my AuthorityMapper is not working -->
+                       </beans:bean>
+               </beans:constructor-arg>
+               <!-- <beans:property name="authoritiesMapper" ref="MYgrantedAuthoritiesMapper" />--> <!-- should be used in the future -->
+       </beans:bean>
+
 </beans:beans>