RenJuan/TASKPM
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
TASKPM/libreplan-webapp/src/main/resources/libreplan-webapp-spring-security-config.xml

218 lines
12 KiB
XML
Raw Normal View History

ItEr35S11ArquitecturaServidorItEr34S11: First version of the authentication system. It uses a basic integration with Spring Security to provide authentication to thhe Web application (Web services are not protected yet). Currently, two in-memory users have been created: "user" (with password "user") and "admin" (with password "admin"). The first one can access any page except the folder "Administration" and its contents. The last one can access any page.
2009-11-19 14:53:59 +01:00
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
ItEr38S17ArquitecturaServidorItEr37S07: General refactoring to Spring Security integration and passwords encoded with SHA-2 (SHA-512). General refactoring to Spring Security integration and passwords econded with SHA-2 (SHA-512). "naval_user" and "user_roles" tables must be removed after applying this patch.
2009-12-11 13:11:58 +01:00
xmlns:p="http://www.springframework.org/schema/p"
Update Hibernate stack. Update Hibernate ID generator. Changes to Hibernate mappings. Changes to OrderFileTest. Code refactoring.
2016-05-24 16:55:13 +03:00
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.1.xsd">
ItEr35S11ArquitecturaServidorItEr34S11: First version of the authentication system. It uses a basic integration with Spring Security to provide authentication to thhe Web application (Web services are not protected yet). Currently, two in-memory users have been created: "user" (with password "user") and "admin" (with password "admin"). The first one can access any page except the folder "Administration" and its contents. The last one can access any page.
2009-11-19 14:53:59 +01:00
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
<!--
NOTE: see
ItEr43S05ValidacionEProbasFuncionaisItEr42S05: Bug [#214] fixed and support for disabled users improved. IMPORTANT: to apply this patch, please remove the following tables: "naval_profile", "naval_user", "user_profiles", and "user_roles". This patch fixes bug 214 by removing UserRole.ROLE_BASIC_USER. Now, authenticated users with no roles (MandatoryUsers.USER is an example of such an user) can access all pages other than those reserved for specific roles (e.g. UserRole.ADMINISTRATION). Furthermore, this patch also improves support for disabled users by: (1) using the Spring Security support for managing such users and (2) displaying two types of error messages in the login page depending on the type of error ("User disabled" or "Incorrect authentication").
2010-01-13 14:06:42 +01:00
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
http://static.springsource.org/spring-security/site/docs/2.0.x/apidocs/org/springframework/security/vote/AuthenticatedVoter.html
for an explanation of the meaning of IS_AUTHENTICATED_ANONYMOUSLY and IS_AUTHENTICATED_FULLY. -->
<http auto-config="false" realm="LibrePlan Web Application" >
Upgrade Spring version
2014-04-28 01:01:24 +02:00
Changes to EmailSending feature. Code refactoring.
2016-11-09 18:03:47 +02:00
<!-- In Spring Security 4.1.0 it is useless to use hasRole() for single role because Spring calling hasAnyRole() anyway -->
Style changes to User Accounts Page. Style changes to Personal Timesheet Page. Changes to LibrePlan new version notification. Set timeout for email connection. Code refactoring.
2016-11-01 15:13:03 +02:00
ItEr35S11ArquitecturaServidorItEr34S11: First version of the authentication system. It uses a basic integration with Spring Security to provide authentication to thhe Web application (Web services are not protected yet). Currently, two in-memory users have been created: "user" (with password "user") and "admin" (with password "admin"). The first one can access any page except the folder "Administration" and its contents. The last one can access any page.
2009-11-19 14:53:59 +01:00
<!-- Web services -->
Changes to Spring security rules. Code refactoring.
2016-10-27 18:26:01 +03:00
<intercept-url pattern="/ws/rest/bounduser/**" access="hasAnyRole('ROLE_BOUND_USER')" method="GET" />
<intercept-url pattern="/ws/rest/bounduser/**" access="hasAnyRole('ROLE_BOUND_USER')" method="POST" />
<intercept-url pattern="/ws/rest/subcontracting/**" access="hasAnyRole('ROLE_WS_SUBCONTRACTING')" method="GET" />
<intercept-url pattern="/ws/rest/subcontracting/**" access="hasAnyRole('ROLE_WS_SUBCONTRACTING')" method="POST" />
<intercept-url pattern="/ws/rest/**" access="hasAnyRole('ROLE_WS_READER')" method="GET" />
<intercept-url pattern="/ws/rest/**" access="hasAnyRole('ROLE_WS_WRITER')" method="POST" />
<intercept-url pattern="/ws/rest/**" access="hasAnyRole('ROLE_WS_WRITER')" method="DELETE" />
ItEr35S11ArquitecturaServidorItEr34S11: First version of the authentication system. It uses a basic integration with Spring Security to provide authentication to thhe Web application (Web services are not protected yet). Currently, two in-memory users have been created: "user" (with password "user") and "admin" (with password "admin"). The first one can access any page except the folder "Administration" and its contents. The last one can access any page.
2009-11-19 14:53:59 +01:00
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
<!-- Web application -->
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
<intercept-url pattern="/common/img/**" access="permitAll" />
<intercept-url pattern="/common/css/**" access="permitAll" />
<intercept-url pattern="/planner/css/**" access="permitAll" />
<intercept-url pattern="/callback/**" access="permitAll" />
<intercept-url pattern="/zkau/**" access="permitAll" />
<intercept-url pattern="/help/**" access="permitAll" />
<intercept-url pattern="/common/layout/login.zul" access="isAnonymous()" />
<intercept-url pattern="/common/layout/timeout.zul" access="permitAll" />
Configure a custom authentication filter For the moment the same behavior than before the authentication filter is kept. Later it will be used to do some redirects depending on if the user is bound or not to any resource. In order to define a custom authentication filter it's needed to set auto-config="false" see http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config We also need an entry point specified by "entry-point-ref" attribute. FEA: ItEr76S28UserDashboard
2012-05-16 09:01:27 +02:00
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<!-- Pages -->
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
<intercept-url pattern="/templates/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_TEMPLATES')" />
Add tests for Email functionality. Resolve minor issues with email functionality. Resolve issue with test failing. Update Java Mail library, Apache CXF. Code refactoring.
2016-08-04 14:17:35 +03:00
<intercept-url pattern="/email/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_EDIT_EMAIL_TEMPLATES')"/>
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
<intercept-url pattern="/resources/worker/worker.zul" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_WORKERS')" />
<intercept-url pattern="/resources/machine/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_MACHINES')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/resources/worker/virtualWorkers.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_VIRTUAL_WORKERS')" />
<intercept-url pattern="/calendars/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_CALENDARS')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/excetiondays/*"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_CALENDAR_EXCEPTION_DAYS')" />
<intercept-url pattern="/resources/criterions/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_CRITERIA')" />
<intercept-url pattern="/advance/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_PROGRESS_TYPES')" />
<intercept-url pattern="/labels/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_LABELS')" />
<intercept-url pattern="/materials/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_MATERIALS')" />
<intercept-url pattern="/unittypes/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_MATERIAL_UNITS')" />
<intercept-url pattern="/qualityforms/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_QUALITY_FORMS')" />
<intercept-url pattern="/workreports/workReport.zul" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_TIMESHEETS')" />
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
<intercept-url pattern="/workreports/workReportTypes.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_TIMESHEETS_TEMPLATES')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/expensesheet/*"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_EXPENSES', 'ROLE_BOUND_USER')" />
<intercept-url pattern="/costcategories/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_COST_CATEGORIES')" />
<intercept-url pattern="/typeofworkhours/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_HOURS_TYPES')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/common/configuration.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_MAIN_SETTINGS')" />
<intercept-url pattern="/users/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_USER_ACCOUNTS')" />
<intercept-url pattern="/profiles/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_PROFILES')" />
<intercept-url pattern="/externalcompanies/*" access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_COMPANIES')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/subcontract/subcontractedTasks.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_SEND_TO_SUBCONTRACTORS')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/subcontract/subcontractorCommunications.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_RECEIVED_FROM_SUBCONTRACTORS')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/subcontract/reportAdvances.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_SEND_TO_CUSTOMERS')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/subcontract/customerCommunications.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_RECEIVED_FROM_CUSTOMERS')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/workreports/workReportQuery.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_TIMESHEET_LINES_LIST')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/reports/hoursWorkedPerWorkerReport.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_HOURS_WORKED_PER_RESOURCE_REPORT')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/reports/hoursWorkedPerWorkerInAMonthReport.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_TOTAL_WORKED_HOURS_BY_RESOURCE_IN_A_MONTH_REPORT')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/reports/schedulingProgressPerOrderReport.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_WORK_AND_PROGRESS_PER_PROJECT_REPORT')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/reports/workingProgressPerTaskReport.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_WORK_AND_PROGRESS_PER_TASK_REPORT')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/reports/completedEstimatedHoursPerTask.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_ESTIMATED_PLANNED_HOURS_PER_TASK_REPORT')" />
Merge libreplan-business module with ZK branch. Code refactoring.
2016-10-17 16:54:49 +03:00
<intercept-url pattern="/reports/orderCostsPerResource.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_PROJECT_COSTS_REPORT')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/reports/workingArrangementsPerOrderReport.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_TASK_SCHEDULING_STATUS_IN_PROJECT_REPORT')" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/reports/timeLineMaterialReport.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_MATERIALS_NEED_AT_DATE_REPORT')" />
Merge libreplan-business module with ZK branch. Code refactoring.
2016-10-17 16:54:49 +03:00
<intercept-url pattern="/reports/projectStatusReport.zul"
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_PROJECT_STATUS_REPORT')" />
Changes to Spring security rules. Code refactoring.
2016-10-27 18:26:01 +03:00
<intercept-url pattern="/myaccount/userDashboard.zul" access="hasAnyRole('ROLE_BOUND_USER')" />
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
Configure permissions for ROLE_BOUND_USER Only bound users will have access to page "Personal Area > Home". Moreover bound users will have access to expenses sheet edition form, even if they don't have access to "Cost > Expenses" page. Finally users with role ROLE_SUERUSER, ROLE_SUERUSER or ROLE_TIMESHEETS will have access to monthly timesheets edition page. FEA: ItEr76S30PermissionsEnhancements
2012-06-15 12:54:26 +02:00
<intercept-url pattern="/myaccount/monthlyTimesheet.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_TIMESHEETS', 'ROLE_BOUND_USER')" />
Configures a new userRole to restrict access to import project functionality FEA: ItEr77S05BasicProjectImport
2013-03-26 17:46:03 +01:00
<intercept-url pattern="/orders/imports/projectImport.zul"
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
access="hasAnyRole('ROLE_SUPERUSER', 'ROLE_IMPORT_PROJECTS')" />
Configures a new userRole to restrict access to import project functionality FEA: ItEr77S05BasicProjectImport
2013-03-26 17:46:03 +01:00
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
<intercept-url pattern="/**" access="isFullyAuthenticated()" />
Configure a custom authentication filter For the moment the same behavior than before the authentication filter is kept. Later it will be used to do some redirects depending on if the user is bound or not to any resource. In order to define a custom authentication filter it's needed to set auto-config="false" see http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config We also need an entry point specified by "entry-point-ref" attribute. FEA: ItEr76S28UserDashboard
2012-05-16 09:01:27 +02:00
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
<!--
These have been added because of auto-config is false now in order to use a custom authentication filter.
See: http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config
-->
Configure a custom authentication filter For the moment the same behavior than before the authentication filter is kept. Later it will be used to do some redirects depending on if the user is bound or not to any resource. In order to define a custom authentication filter it's needed to set auto-config="false" see http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config We also need an entry point specified by "entry-point-ref" attribute. FEA: ItEr76S28UserDashboard
2012-05-16 09:01:27 +02:00
<anonymous />
Merge libreplan-business module with ZK branch. Code refactoring.
2016-10-17 16:54:49 +03:00
<form-login login-page="/common/layout/login.zul"
default-target-url="/common/index.zul"
authentication-failure-url="/common/layout/login.zul?login_error=true"
login-processing-url="/j_spring_security_check"
username-parameter="j_username"
password-parameter="j_password"/>
Configure a custom authentication filter For the moment the same behavior than before the authentication filter is kept. Later it will be used to do some redirects depending on if the user is bound or not to any resource. In order to define a custom authentication filter it's needed to set auto-config="false" see http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config We also need an entry point specified by "entry-point-ref" attribute. FEA: ItEr76S28UserDashboard
2012-05-16 09:01:27 +02:00
<http-basic />
Update info about MySQL. Update i18n dependencies (Gettext). Resolve Spring Security logout issue. Code refactoring.
2016-05-13 17:01:29 +03:00
<logout logout-url="/j_spring_security_logout" />
Merge libreplan-webapp module with ZK branch. Code refactoring.
2016-10-26 17:20:38 +03:00
<!--
In Spring Security 4 by default frame option policy became DENY.
See: http://forum.zkoss.org/question/99483/fileupload-not-worked/
-->
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
Configure a custom authentication filter For the moment the same behavior than before the authentication filter is kept. Later it will be used to do some redirects depending on if the user is bound or not to any resource. In order to define a custom authentication filter it's needed to set auto-config="false" see http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config We also need an entry point specified by "entry-point-ref" attribute. FEA: ItEr76S28UserDashboard
2012-05-16 09:01:27 +02:00
<remember-me />
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
<csrf disabled="true"/>
ItEr35S11ArquitecturaServidorItEr34S11: First version of the authentication system. It uses a basic integration with Spring Security to provide authentication to thhe Web application (Web services are not protected yet). Currently, two in-memory users have been created: "user" (with password "user") and "admin" (with password "admin"). The first one can access any page except the folder "Administration" and its contents. The last one can access any page.
2009-11-19 14:53:59 +01:00
</http>
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
<!-- Beans used by Spring Security (current configuration assumes users are registered in the database). -->
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
<beans:bean id="passwordEncoder"
Upgrade Spring version
2014-04-28 01:01:24 +02:00
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
<beans:constructor-arg value="512" />
</beans:bean>
Composite Handler LDAP-Database. Import of users from LDAP. Support of two types of users (LDAP and Database). FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:49 +02:00
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
<beans:bean id="saltSource"
Upgrade Spring version
2014-04-28 01:01:24 +02:00
class="org.springframework.security.authentication.dao.ReflectionSaltSource"
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
p:userPropertyToUse="username" />
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
<!--
Beans used by the LibrePlan Web application when users are registered in the database.
When users are registered externally (e.g. in a LDAP server),these lines may be commented.
-->
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
<beans:bean id="dbPasswordEncoderService"
Rename NavalPlan to LibrePlan * Change all folders and file names * Change string in all files FEA: ItEr75S03CommunityMaterial
2011-10-28 08:17:54 +02:00
class="org.libreplan.web.users.services.DBPasswordEncoderService"
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
p:passwordEncoder-ref="passwordEncoder" p:saltSource-ref="saltSource" />
Composite Handler LDAP-Database. Import of users from LDAP. Support of two types of users (LDAP and Database). FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:49 +02:00
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
<beans:bean id="usersBootstrapInDB"
Rename NavalPlan to LibrePlan * Change all folders and file names * Change string in all files FEA: ItEr75S03CommunityMaterial
2011-10-28 08:17:54 +02:00
class="org.libreplan.web.users.bootstrap.UsersBootstrapInDB"
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
p:dbPasswordEncoderService-ref="dbPasswordEncoderService" />
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
<!--
Beans used by the LibrePlan Web Application when users are registerd in LDAP.
At this moment users MUST be also in database with same username.
This will be changed in the near future.
The url, base, userDN and password properties must be set with the proper values -->
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
<beans:bean id="contextSource"
Rename NavalPlan to LibrePlan * Change all folders and file names * Change string in all files FEA: ItEr75S03CommunityMaterial
2011-10-28 08:17:54 +02:00
class="org.libreplan.web.users.services.LDAPCustomContextSource">
ItEr38S17ArquitecturaServidorItEr37S07: General refactoring to Spring Security integration and passwords encoded with SHA-2 (SHA-512). General refactoring to Spring Security integration and passwords econded with SHA-2 (SHA-512). "naval_user" and "user_roles" tables must be removed after applying this patch.
2009-12-11 13:11:58 +01:00
</beans:bean>
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
<beans:bean id="ldapTemplate"
class="org.springframework.ldap.core.LdapTemplate"
p:contextSource-ref="contextSource">
</beans:bean>
ItEr38S17ArquitecturaServidorItEr37S07: General refactoring to Spring Security integration and passwords encoded with SHA-2 (SHA-512). General refactoring to Spring Security integration and passwords econded with SHA-2 (SHA-512). "naval_user" and "user_roles" tables must be removed after applying this patch.
2009-12-11 13:11:58 +01:00
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
<!-- This authentication provider will make possible all the login process when an LDAP is used.
Also will allow authenticate users in database.
The property strUserId must be set with the proper value.
It represents the property of the user in LDAP which will be used to check the username. -->
Add logging category for authentication attempts Login attempts will be logged to navalplan-logins.log. FEA: ItEr75S04BugFixing
2011-08-10 18:32:29 +02:00
<beans:bean id="realAuthenticationProvider"
Rename NavalPlan to LibrePlan * Change all folders and file names * Change string in all files FEA: ItEr75S03CommunityMaterial
2011-10-28 08:17:54 +02:00
class="org.libreplan.web.users.services.LDAPCustomAuthenticationProvider"
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
p:userDetailsService-ref="ldapUserDetailsService"
Composite Handler LDAP-Database. Import of users from LDAP. Support of two types of users (LDAP and Database). FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:49 +02:00
p:ldapTemplate-ref="ldapTemplate"
p:passwordEncoderService-ref="dbPasswordEncoderService">
Add logging category for authentication attempts Login attempts will be logged to navalplan-logins.log. FEA: ItEr75S04BugFixing
2011-08-10 18:32:29 +02:00
</beans:bean>
Update CXF. Code refactoring. Changes to config files.
2016-05-10 13:20:53 +03:00
<beans:bean id="authenticationProvider"
class="org.libreplan.web.users.services.AuthenticationProviderLoggingDecorator">
<beans:property name="decoratedProvider" ref="realAuthenticationProvider"/>
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
</beans:bean>
ItEr38S17ArquitecturaServidorItEr37S07: General refactoring to Spring Security integration and passwords encoded with SHA-2 (SHA-512). General refactoring to Spring Security integration and passwords econded with SHA-2 (SHA-512). "naval_user" and "user_roles" tables must be removed after applying this patch.
2009-12-11 13:11:58 +01:00
Update Spring stack. Code refactoring (config files, java classes, css file). Update LibrePlan version in files.
2016-05-12 17:41:35 +03:00
<!-- This bean is used to implement UserDetailsService with LDAP authentication Provider -->
Update CXF. Code refactoring. Changes to config files.
2016-05-10 13:20:53 +03:00
<beans:bean id="ldapUserDetailsService" class="org.libreplan.web.users.services.LDAPUserDetailsService" />
Configure a custom authentication filter For the moment the same behavior than before the authentication filter is kept. Later it will be used to do some redirects depending on if the user is bound or not to any resource. In order to define a custom authentication filter it's needed to set auto-config="false" see http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config We also need an entry point specified by "entry-point-ref" attribute. FEA: ItEr76S28UserDashboard
2012-05-16 09:01:27 +02:00
Simplify security configuration using form-login
2014-04-30 19:25:52 +02:00
<authentication-manager>
Upgrade Spring version
2014-04-28 01:01:24 +02:00
<authentication-provider ref="authenticationProvider"/>
</authentication-manager>
Configure a custom authentication filter For the moment the same behavior than before the authentication filter is kept. Later it will be used to do some redirects depending on if the user is bound or not to any resource. In order to define a custom authentication filter it's needed to set auto-config="false" see http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config We also need an entry point specified by "entry-point-ref" attribute. FEA: ItEr76S28UserDashboard
2012-05-16 09:01:27 +02:00
Add logging category for authentication attempts Login attempts will be logged to navalplan-logins.log. FEA: ItEr75S04BugFixing
2011-08-10 18:32:29 +02:00
</beans:beans>
Reference in a new issue Copy permalink