ing-security-auth0.0.3.source-code.auth0-security-context.xml Maven / Gradle / Ivy

Go to download
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">

	<bean id="auth0EntryPoint" class="com.auth0.spring.security.auth0.Auth0AuthenticationEntryPoint" />

	<!-- all urls starting with unsecured are -->
	<security:http pattern="${auth0.securedRoute}" create-session="stateless"  entry-point-ref="auth0EntryPoint" use-expressions="false">
		<security:intercept-url pattern="${auth0.securedRoute}" access="ROLE_USER" />
		<security:custom-filter ref="auth0Filter" after="SECURITY_CONTEXT_FILTER" ></security:custom-filter>
	</security:http>

	<!-- Otherwise by default everything is secured -->
	<security:http auto-config="true" use-expressions="true"  pattern="/**" create-session="stateless"  entry-point-ref="auth0EntryPoint">
		<security:intercept-url pattern="/**" access='permitAll' />
	</security:http>

	<bean id="auth0Filter" class="com.auth0.spring.security.auth0.Auth0AuthenticationFilter">
		<property name="entryPoint" ref="auth0EntryPoint"></property>
	</bean>

	<bean id="auth0AuthenticationProvider" class="com.auth0.spring.security.auth0.Auth0AuthenticationProvider">
		<property name="clientSecret" value="${auth0.clientSecret}" ></property>
		<property name="clientId" value="${auth0.clientId}" ></property>
		<property name="securedRoute" value="${auth0.securedRoute}" ></property>
	</bean>

	<security:authentication-manager alias="authenticationManager">
		<security:authentication-provider ref="auth0AuthenticationProvider" />
	</security:authentication-manager>
	
</beans>