Spring security.xml example code


      Click here to attend Spring Framework 4.x and certification course with a discount

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
	
    <global-method-security pre-post-annotations="enabled" secured-annotations="enabled" >
        <!-- AspectJ pointcut expression that locates our "post" method and applies security that way
        <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
        -->
    </global-method-security>

    <http auto-config="true" use-expressions="true" >

        <!--<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />-->
        <intercept-url pattern="/admin/**" access="hasRole('ADMIN')"/>
        <intercept-url pattern="/profile/**" access="hasRole('USER')"/>
        <intercept-url pattern="/uploads/original/**" access="hasRole('USER')"/>
        <intercept-url pattern="/advertmanager/**" access="hasRole('ADVERT_MANAGER')"/>
        <!--<intercept-url pattern="/secure/**" access="isAuthenticated()" />-->
        <!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
        <intercept-url pattern="/listAccounts.html" access="isRememberMe()" />
        <intercept-url pattern="/post.html" access="hasRole('ROLE_TELLER')" />
        -->
 
        <!--<form-login />-->
        <!--<logout />-->
        <remember-me key="_rememberme_key" authentication-success-handler-ref="AuthenticationHandler" 
        token-validity-seconds="1209600" user-service-ref="jdbcUserService"
        />   	

        <!-- Uncomment to limit the number of sessions a user can have -->
        <session-management session-fixation-protection="migrateSession">
          <concurrency-control max-sessions="1" error-if-maximum-exceeded="false" />
        </session-management>

		<form-login login-page="/login.k" authentication-success-handler-ref="AuthenticationHandler"
			authentication-failure-url="/login.k?login_error=1" />
		<logout logout-success-url="/index.k"/>
		
    </http>
 	<jdbc-user-service id="jdbcUserService" data-source-ref="dataSource" 
            users-by-username-query="select email,password, enabled
        	from user where email=?" 
        	authorities-by-username-query="select u.email, a.name from authority a, user u
        	where u.idauthority = a.idauthority and u.email = ? "/>
    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="jdbcUserService" >
            <password-encoder hash="sha-256">  
            	<salt-source user-property="username"/>
        	</password-encoder>          
        </authentication-provider>
    </authentication-manager>
 	<beans:bean id="AuthenticationHandler" class="nl.kameroom.security.AuthenticationHandler" />
</beans:beans>

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s