shopizer-security.xml

Home / sm-shop / src / main / resources / spring / shopizer-security.xml
129 lines | 5.51 kB Blame History Raw Download
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
	http://www.springframework.org/schema/jdbc
	http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.1.xsd">


	<global-method-security secured-annotations="enabled" jsr250-annotations="enabled" pre-post-annotations="enabled"/>

	<beans:bean id="customerFacade" class="com.salesmanager.web.shop.controller.customer.facade.CustomerFacadeImpl">
	</beans:bean>
	
	<!-- JDBC Customer details -->
	<beans:bean id="customerDetailsService"
		class="com.salesmanager.web.services.security.CustomerServicesImpl">
	</beans:bean>

	<!-- JDBC User details -->
	<beans:bean id="userDetailsService"
		class="com.salesmanager.web.admin.security.UserServicesImpl">
	</beans:bean>
	
	<beans:bean id="passwordEncoder"
		class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
	</beans:bean>
	
	<beans:bean id="adminAccessDenied"
		class="com.salesmanager.web.utils.AdminAccessDeniedHandler">
		<beans:property name="accessDeniedUrl" value="/admin/denied.html" />
	</beans:bean>

	
	<!-- updates last user logon timestamp -->
	<beans:bean id="userAuthenticationSuccessHandler" class="com.salesmanager.web.admin.security.UserAuthenticationSuccessHandler">
	</beans:bean>
	
	
	<beans:bean id="servicesAuthenticationSuccessHandler" class="com.salesmanager.web.services.security.ServicesAuthenticationSuccessHandler">
	</beans:bean>
	
	<beans:bean id="servicesAuthenticationEntryPoint" class="com.salesmanager.web.services.security.ServicesAuthenticationEntryPoint">
	</beans:bean>
	
	
	
	<http pattern="/admin/**" auto-config="true" use-expressions="true" authentication-manager-ref="userAuthenticationManager">
		<intercept-url pattern="/admin/logon.html*" access="permitAll" />
		<intercept-url pattern="/admin/denied.html" access="permitAll" />
		<intercept-url pattern="/admin/unauthorized.html" access="permitAll" />
		<intercept-url pattern="/admin/users/resetPassword.html*" access="permitAll" />
		<intercept-url pattern="/admin/users/resetPasswordSecurityQtn.html*" access="permitAll" /> 
		<intercept-url pattern="/admin" access="hasRole('AUTH')" />
		<intercept-url pattern="/admin/" access="hasRole('AUTH')" />
		<intercept-url pattern="/admin/*.html*" access="hasRole('AUTH')" />
		<intercept-url pattern="/admin/*/*.html*" access="hasRole('AUTH')" />
		<intercept-url pattern="/admin/*/*/*.html*" access="hasRole('AUTH')" />

		
		<form-login 
			login-processing-url="/admin/j_spring_security_check" 
			login-page="/admin/logon.html"
			authentication-success-handler-ref="userAuthenticationSuccessHandler"
			authentication-failure-url="/admin/logon.html?login_error=true"
			default-target-url="/admin/home.html" />
			
			
		<logout invalidate-session="true" 
			logout-success-url="/admin/home.html" 
			logout-url="/admin/j_spring_security_logout" />
		<access-denied-handler ref="adminAccessDenied"/>
	</http>
	

	
	<http pattern="/shop/**" auto-config="true" use-expressions="true" authentication-manager-ref="customerAuthenticationManager">

		<intercept-url pattern="/shop" access="permitAll" />
		<intercept-url pattern="/shop/" access="permitAll" />
		<intercept-url pattern="/shop/**" access="permitAll" />
		<intercept-url pattern="/shop/customer/logon.html*" access="permitAll" />
		<intercept-url pattern="/shop/customer/registration.html*" access="permitAll" />
		<intercept-url pattern="/shop/customer/customLogon.html*" access="permitAll" />
		<intercept-url pattern="/shop/customer/denied.html" access="permitAll" />
		<intercept-url pattern="/shop/customer/j_spring_security_check" access="permitAll" />
		<intercept-url pattern="/shop/customer" access="hasRole('AUTH_CUSTOMER')" />
		<intercept-url pattern="/shop/customer/" access="hasRole('AUTH_CUSTOMER')" />
		<intercept-url pattern="/shop/customer/*.html*" access="hasRole('AUTH_CUSTOMER')" />
		<intercept-url pattern="/shop/customer/*.html*" access="hasRole('AUTH_CUSTOMER')" />
		<intercept-url pattern="/shop/customer/*/*.html*" access="hasRole('AUTH_CUSTOMER')" />
		<intercept-url pattern="/shop/customer/*/*/*.html*" access="hasRole('AUTH_CUSTOMER')" />

			
		<logout invalidate-session="false" 
			logout-success-url="/shop/" 
			logout-url="/shop/customer/j_spring_security_logout" />
		<access-denied-handler error-page="/shop/"/>
	</http>
	
	
	<!-- REST services -->
	<http pattern="/services/**" create-session="stateless" use-expressions="true" authentication-manager-ref="userAuthenticationManager" entry-point-ref="servicesAuthenticationEntryPoint">
      <intercept-url pattern="/services/private/**" access="hasRole('AUTH')"/>
      <intercept-url pattern="/services/public/**" access="permitAll"/>
      <form-login authentication-success-handler-ref="servicesAuthenticationSuccessHandler" />
      <http-basic />
    </http>
   
	
	
	<authentication-manager id="userAuthenticationManager">
		<authentication-provider user-service-ref="userDetailsService">
			<password-encoder hash="sha" />
		</authentication-provider>
		
	</authentication-manager>
	
	<authentication-manager id="customerAuthenticationManager">
		<authentication-provider user-service-ref="customerDetailsService">
			<password-encoder hash="sha" />
		</authentication-provider>
		
	</authentication-manager>



</beans:beans>