-<beans:beans
- xmlns="http://www.springframework.org/schema/security"
- xmlns:beans="http://www.springframework.org/schema/beans"
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+ xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.1.xsd">
+ http://www.springframework.org/schema/security/spring-security-3.1.xsd
+ http://www.springframework.org/schema/mvc
+ http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd">
- <http auto-config="true" use-expressions="true" access-denied-page="/denied">
- <intercept-url pattern="/stat/**" access="hasRole('ROLE_USER')" />
- <intercept-url pattern="/sequence/**" access="hasRole('ROLE_USER')" />
+ <http auto-config="true" pattern="/**" use-expressions="true" access-denied-page="/denied">
+ <intercept-url pattern="/stat/**" access="hasAnyRole('ROLE_USER','ROLE_LDAP_USER','ROLE_ADMIN')" />
+ <intercept-url pattern="/home**" access="hasAnyRole('ROLE_USER','ROLE_LDAP_USER','ROLE_ADMIN')" />
+ <intercept-url pattern="/sequence/**" access="hasAnyRole('ROLE_USER','ROLE_LDAP_USER','ROLE_ADMIN')" />
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/database/**" access="hasRole('ROLE_ADMIN')" />
- <intercept-url pattern="/public*" access="permitAll"/>
- <intercept-url pattern="/login*" access="permitAll"/>
- <intercept-url pattern="/index*" access="permitAll"/>
- <intercept-url pattern="/register*" access="permitAll"/>
- <form-login
- login-page="/login"
- default-target-url="/home"
- authentication-failure-url="/loginfailed"
- />
- <logout logout-success-url="/logout" />
+ <intercept-url pattern="/public*" access="permitAll" />
+ <intercept-url pattern="/login*" access="permitAll" />
+ <intercept-url pattern="/ldaplogin*" access="permitAll" />
+ <intercept-url pattern="/index*" access="permitAll" />
+ <intercept-url pattern="/register*" access="permitAll" />
+ <form-login login-page="/login" default-target-url="/home" authentication-failure-url="/loginfailed" />
+ <logout invalidate-session="true" logout-success-url="/logout" />
</http>
- <global-method-security secured-annotations="enabled">
- </global-method-security>
+ <!-- Disabling Caching -->
+ <mvc:interceptors>
+ <beans:bean id="webContentInterceptor"
+ class="org.springframework.web.servlet.mvc.WebContentInterceptor">
+ <beans:property name="cacheSeconds" value="0" />
+ <beans:property name="useExpiresHeader" value="false" />
+ <beans:property name="useCacheControlHeader" value="true" />
+ <beans:property name="useCacheControlNoStore" value="true" />
+ </beans:bean>
+ </mvc:interceptors>
-<!--
- <http access-denied-page="/denied.xhtml" auto-config="true" use-expressions="false" >
- <form-login
- login-page="/login.xhtml"
- default-target-url="/"
- authentication-failure-url="/denied.xhtml"
- login-processing-url="/static/j_spring_security_check"
- />
- <intercept-url pattern="/PANEL/**" access="ROLE_GENERALT"></intercept-url>
- <logout invalidate-session="true" logout-url="/index.xhtml"/>
- </http>
-
- <global-method-security secured-annotations="enabled" jsr250-annotations="enabled"></global-method-security>
--->
+ <!-- enable -->
+ <global-method-security secured-annotations="enabled"></global-method-security>
- <authentication-manager>
+ <authentication-manager alias="LDAP">
+ <authentication-provider ref="ldapAuthProvider" />
<authentication-provider>
<user-service>
<user name="sherstnev" password="sasha" authorities="ROLE_USER" />
+ <user name="geoff" password="barton" authorities="ROLE_USER" />
+ <user name="jim" password="procter" authorities="ROLE_USER" />
<user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
+ <!-- LDAP and other authentication managers -->
+ <beans:bean id="MyContextSource"
+ class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
+ <beans:constructor-arg value="ldap://ldap.lifesci.dundee.ac.uk:389" />
+ <beans:property name="userDn" value="" />
+ <beans:property name="password" value="password" />
+ </beans:bean>
+ <beans:bean id="MYgrantedAuthoritiesMapper" class="compbio.spring.security.LDAPAuthorityMapper">
+ </beans:bean>
+
+ <beans:bean id="ldapAuthProvider"
+ class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
+ <beans:constructor-arg>
+ <beans:bean
+ class="org.springframework.security.ldap.authentication.BindAuthenticator">
+ <beans:constructor-arg ref="MyContextSource" />
+ <beans:property name="userDnPatterns">
+ <beans:list>
+ <beans:value>cn={0},ou=edir,ou=people,ou=lifesci,o=dundee</beans:value>
+ </beans:list>
+ </beans:property>
+ </beans:bean>
+ </beans:constructor-arg>
+ <beans:constructor-arg>
+ <beans:bean
+ class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
+ <beans:constructor-arg ref="MyContextSource" />
+ <beans:constructor-arg value="cn=group-gjb,ou=groups,ou=lifesci,o=dundee" /> <!-- Barton group members can log in only... -->
+ <beans:property name="defaultRole" value="ROLE_LDAP_USER"/> <!-- temporary solution... Currently my AuthorityMapper is not working -->
+ </beans:bean>
+ </beans:constructor-arg>
+ <!-- <beans:property name="authoritiesMapper" ref="MYgrantedAuthoritiesMapper" />--> <!-- should be used in the future -->
+ </beans:bean>
+
</beans:beans>