Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<!-- ========================================================================================= -->
<!-- The following is the Acegi configuration for form based authentication, with login/logout -->
<!-- handling, as well as remember-me cookie handling, and session integration so that user -->
<!-- does not have to login for each page. -->
<!-- This also makes sure that when you request a secured resource you go first to the -->
<!-- login page, but get redirected to the origally requested page once login is succefull -->
<!-- ========================================================================================= -->
<!--
This filter delegates a different chain of sub-filters for administration
console pages and OWS services. Basically, we set up a chain involving basic/anonymous
authentication for OWS services, and a form based authentication for the web console,
so that accessing the console by means of simple calls is still easy.
An attempt at form+basic has been done, that would have eased writing code accessing
directly the console, but it does not play well with logout: once the browser learns
about basic auth credentials it'll keep on using them, the only way to make it stop
is to declare a different user in the location bar, such as in: http://user@host:port/...
For filters introduction, their meanining, the
different setup between form and basic authentication accesses,
and importance of the order please see the Acegi reference guide, chapter 3.2,
(page 17 of the PDF version)
-->
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/wfs/**=httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,anonymousProcessingFilter,owsExceptionTranslationFilter,filterInvocationInterceptor
/wfsv/**=httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,anonymousProcessingFilter,owsExceptionTranslationFilter,filterInvocationInterceptor
/wms/**=httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,anonymousProcessingFilter,owsExceptionTranslationFilter,filterInvocationInterceptor
/wcs/**=httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,anonymousProcessingFilter,owsExceptionTranslationFilter,filterInvocationInterceptor
/**=httpSessionContextIntegrationFilterWithASCTrue,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,consoleExceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<!--
The actual authorization checks at the filter level.
The voters make sure the user is both authenticated (the
anonymous filter ensures there is at least an anonymous one)
and have the roles required.
The objectDefinitionSource provides a set of path along with the
roles that the user must have in order to access the secured resource
-->
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false" />
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter" />
<bean class="org.acegisecurity.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/config/**=ROLE_ADMINISTRATOR
/**=IS_AUTHENTICATED_ANONYMOUSLY
</value>
</property>
</bean>
<!--
This filter integrates the authentication information in the http sessions, so it's
meant to be used only for the administration console, but not for the services.
Gathers authentication infos from the session, so that you don't have to re-authenticate
at each request, and adds it to the session after authentication.
This specific instance is configured with remember-me functionality, so that authentication
information can be gathered from a cookie set on the browser, too.
This version will create the user session if missing, it's meant for web console operation.
-->
<bean id="httpSessionContextIntegrationFilterWithASCTrue"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
<property name="allowSessionCreation" value="true" />
</bean>
<!--
Same as the one above, but this one uses a session if it's already there, otherwise
it won't create it. This is meant to keep the overhead on service call low, but allow
users that have already authenticated using a form based access to keep using that
authentication when accessing services.
-->
<bean id="httpSessionContextIntegrationFilterWithASCFalse"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
<property name="allowSessionCreation" value="false" />
</bean>
<!--
This filters processes logouts, removing both session informations, and the remember-me
cookie from the browser
-->
<bean id="logoutFilter"
class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/index.jsp" />
<!-- URL redirected to after logout -->
<constructor-arg>
<list>
<ref bean="rememberMeServices" />
<bean
class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
</list>
</constructor-arg>
</bean>
<!--
This filter does the actual main authentication workflow and handles form based authentication too.
It asks the authentication manager wheter access is granted to the resource the user is trying to access,
redirects to a failure page if it fails, and to another filter if the authentication informations are
just being provided. This is useful only for form based authentication, the OWS services do use another
authentication processing filter.
-->
<bean id="authenticationProcessingFilter"
class="org.geoserver.security.GeoserverAuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureUrl"
value="/admin/login.do?login_error=1" />
<property name="defaultTargetUrl" value="/" />
<property name="filterProcessesUrl" value="/j_acegi_security_check" />
<property name="rememberMeServices" ref="rememberMeServices" />
</bean>
<!--
Double check, this may not be necessary
-->
<bean id="securityContextHolderAwareRequestFilter"
class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
<!--
If authentication is missing from the SecurityContext, tries to put authentication
information into the context using remember-me cookies. Will try to authenticate
the contents of the cookie against the authentication manager
-->
<bean id="rememberMeProcessingFilter"
class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="rememberMeServices" ref="rememberMeServices" />
</bean>
<!--
Puts default authentication informations in the security context, making sure
we always get an anonymous user and anonymous role if all other authentication
attempts failed
-->
<bean id="anonymousProcessingFilter"
class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="geoserver" />
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS" />
</bean>
<!--
Handles the basic authentication headers. This integrates with the remember-me services, so that
you'll have to provide username/password just once during interactive tests.
-->
<bean id="basicProcessingFilter"
class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager">
<ref local="authenticationManager" />
</property>
<property name="authenticationEntryPoint">
<ref local="basicProcessingFilterEntryPoint" />
</property>
<property name="rememberMeServices">
<ref local="rememberMeServices" />
</property>
</bean>
<!--
This entry point gets called when basic authentication is needed
(or a previous attempt fail) to commence authentication
with the basic processing filter
-->
<bean id="basicProcessingFilterEntryPoint"
class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName">
<value>GeoServer Realm</value>
</property>
</bean>
<!--
During the request execution security exceptions may be thrown, either during the
authentication or authorization phase. This filter redirects authentication failures
to the login form, whilst returns the user to an access denied page if the authorization
levels are not enough
-->
<bean id="consoleExceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/admin/login.do" />
<property name="forceHttps" value="false" />
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp" />
</bean>
</property>
</bean>
<!--
During the request execution security exceptions may be thrown, either during the
authentication or authorization phase. This filter redirects authentication failures
to the login form, whilst returns the user to an access denied page if the authorization
levels are not enough
-->
<bean id="owsExceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref bean="basicProcessingFilterEntryPoint" />
</property>
<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp" />
</bean>
</property>
</bean>
<!--
The actual remember-me cookie handler
-->
<bean id="rememberMeServices"
class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="userDetailsService" />
<property name="key" value="geoserver" />
</bean>
<!--
The bean managing authentication, basically forwards authentication requests against
a number of child providers
-->
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
<bean
class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="geoserver" />
</bean>
<bean
class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="geoserver" />
</bean>
</list>
</property>
</bean>
<!--
This one adds passoword checks, eventual password encryption and other services on
on top of a user details service that is asked to provide user informations
given just the user name
-->
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService" />
</bean>
<!--
Ah, finally the one that hits the disk and, backed by a property file, returns known
users, their passwords and roles
-->
<bean id="userDetailsService" class="org.geoserver.security.GeoserverUserDao">
<property name="geoServer" ref="geoServer" />
</bean>
<!--
This interceptor will be used before calling operations on OWS stuff, and making it secure
-->
<bean id="operationSecurityInterceptor"
class="org.geoserver.security.OperationSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false" />
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter" />
<bean class="org.acegisecurity.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource">
<bean class="org.geoserver.security.OperationDefinitionSource" />
</property>
</bean>
</beans>
