root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Modify MethodSecurityInterceptor to new location, remove unnecessary comments, add a DAO authentication provider so the MethodSecurityInterceptor can validate Authentication objects presented by the HTTP filter authentication system.

This commit is contained in:
Ben Alex 2004-04-02 12:00:29 +00:00
parent d820f64d59
commit 6ddc006012
1 changed files with 28 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
samples/contacts/war/WEB-INF/contacts-servlet.xml
View File

@ -60,28 +60,41 @@
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHENTICATION DEFINITIONS ~~~~~~~~~~~~~~~~~~ --> <!-- ~~~~~~~~~~~~~~~~~~~~ AUTHENTICATION DEFINITIONS ~~~~~~~~~~~~~~~~~~ -->
<!-- We rely on the Because the web container to authenticate the user -->
<!-- Authentication provider that accepts as valid our RunAsManagerImpl created tokens -->
<bean id="runAsAuthenticationProvider" class="net.sf.acegisecurity.runas.RunAsImplAuthenticationProvider"> <bean id="runAsAuthenticationProvider" class="net.sf.acegisecurity.runas.RunAsImplAuthenticationProvider">
<property name="key"><value>my_run_as_password</value></property> <property name="key"><value>my_run_as_password</value></property>
</bean> </bean>
<!-- Authentication provider that accepts as valid any adapter-created Authentication token -->
<bean id="authByAdapterProvider" class="net.sf.acegisecurity.adapters.AuthByAdapterProvider"> <bean id="authByAdapterProvider" class="net.sf.acegisecurity.adapters.AuthByAdapterProvider">
<property name="key"><value>my_password</value></property> <property name="key"><value>my_password</value></property>
</bean> </bean>
<!-- The authentication manager that iterates through our authentication providers --> <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<bean id="providerManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers"> <property name="providers">
<list> <list>
<ref bean="runAsAuthenticationProvider"/> <ref bean="runAsAuthenticationProvider"/>
<ref bean="authByAdapterProvider"/> <ref bean="authByAdapterProvider"/>
<ref bean="daoAuthenticationProvider"/>
</list> </list>
</property> </property>
</bean> </bean>
<bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
marissa=koala,ROLE_TELLER,ROLE_SUPERVISOR
dianne=emu,ROLE_TELLER
scott=wombat,ROLE_TELLER
peter=opal,disabled,ROLE_TELLER
</value>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="authenticationDao"><ref bean="inMemoryDaoImpl"/></property>
<property name="ignorePasswordCase"><value>false</value></property>
<property name="ignoreUsernameCase"><value>true</value></property>
</bean>
<!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ --> <!-- ~~~~~~~~~~~~~~~~~~~~ AUTHORIZATION DEFINITIONS ~~~~~~~~~~~~~~~~~~~ -->
<!-- An access decision voter that reads ROLE_* configuaration settings --> <!-- An access decision voter that reads ROLE_* configuaration settings -->
@ -91,7 +104,7 @@
<bean id="contactSecurityVoter" class="sample.contact.ContactSecurityVoter"/> <bean id="contactSecurityVoter" class="sample.contact.ContactSecurityVoter"/>
<!-- An affirmative access decision manager --> <!-- An affirmative access decision manager -->
<bean id="affirmativeBased" class="net.sf.acegisecurity.vote.AffirmativeBased"> <bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property> <property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters"> <property name="decisionVoters">
<list> <list>
@ -103,11 +116,11 @@
<!-- ===================== SECURITY DEFINITIONS ======================= --> <!-- ===================== SECURITY DEFINITIONS ======================= -->
<bean id="publicContactManagerSecurity" class="net.sf.acegisecurity.SecurityInterceptor"> <bean id="publicContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
<property name="authenticationManager"><ref bean="providerManager"/></property> <property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="affirmativeBased"/></property> <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="runAsManager"><ref bean="runAsManager"/></property> <property name="runAsManager"><ref bean="runAsManager"/></property>
<property name="methodDefinitionSource"> <property name="objectDefinitionSource">
<value> <value>
sample.contact.ContactManager.delete=ROLE_SUPERVISOR,RUN_AS_SERVER sample.contact.ContactManager.delete=ROLE_SUPERVISOR,RUN_AS_SERVER
sample.contact.ContactManager.getAllByOwner=CONTACT_OWNED_BY_CURRENT_USER,RUN_AS_SERVER sample.contact.ContactManager.getAllByOwner=CONTACT_OWNED_BY_CURRENT_USER,RUN_AS_SERVER
@ -118,11 +131,11 @@
</bean> </bean>
<!-- We expect all callers of the backend object to hold the role ROLE_RUN_AS_SERVER --> <!-- We expect all callers of the backend object to hold the role ROLE_RUN_AS_SERVER -->
<bean id="backendContactManagerSecurity" class="net.sf.acegisecurity.SecurityInterceptor"> <bean id="backendContactManagerSecurity" class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
<property name="authenticationManager"><ref bean="providerManager"/></property> <property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="affirmativeBased"/></property> <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
<property name="runAsManager"><ref bean="runAsManager"/></property> <property name="runAsManager"><ref bean="runAsManager"/></property>
<property name="methodDefinitionSource"> <property name="objectDefinitionSource">
<value> <value>
sample.contact.ContactManager.delete=ROLE_RUN_AS_SERVER sample.contact.ContactManager.delete=ROLE_RUN_AS_SERVER
sample.contact.ContactManager.getAllByOwner=ROLE_RUN_AS_SERVER sample.contact.ContactManager.getAllByOwner=ROLE_RUN_AS_SERVER