RenJuan/TASKPM
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
TASKPM/libreplan-webapp/src/main/resources/libreplan-webapp-spring-security-config.xml

208 lines
11 KiB
XML
Raw Normal View History

ItEr35S11ArquitecturaServidorItEr34S11: First version of the authentication system. It uses a basic integration with Spring Security to provide authentication to thhe Web application (Web services are not protected yet). Currently, two in-memory users have been created: "user" (with password "user") and "admin" (with password "admin"). The first one can access any page except the folder "Administration" and its contents. The last one can access any page.
2009-11-19 14:53:59 +01:00
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
ItEr38S17ArquitecturaServidorItEr37S07: General refactoring to Spring Security integration and passwords encoded with SHA-2 (SHA-512). General refactoring to Spring Security integration and passwords econded with SHA-2 (SHA-512). "naval_user" and "user_roles" tables must be removed after applying this patch.
2009-12-11 13:11:58 +01:00
xmlns:p="http://www.springframework.org/schema/p"
Upgrade to Spring 4.0.3 version This is the latest stable version available.
2014-05-06 18:39:06 +02:00
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
Upgrade Spring to 3.2.8 and Hibernate to 4.2.8 Now Libreplan can be run on Java8. This implied some changes: * Latest versions of hibernate use the Bean Validation API. This implied renaming the imports and use ConstraintViolationException instead of InvalidValue. Besides some constraints had to be renamed, otherwise they wouldn't be recognized by Hibernate validation. In the new version of Hibernate validator @AssertTrue can only be applied to properties. So all methods it was applied to must follow the is.* format. Automatic execution of Bean Validation API is disabled, otherwise an infinite loop would happen. This is because there are some validation constraints that do launch queries to the database. This causes a flush of the objects in the session and automatic validation is called again. * A new library for persisting JodaTime is necessary since joda-time-hibernate is incompatible with hibernate 4. This library can automatically register its types for Date conversion so they're removed from configuration. * Now, in some places, an InvalidDataAccessApiUsageException is thrown instead of a DataIntegrityViolationException. This is because no constraint is violated, the API is being used incorrectly because a transient instance is being provided where a persisted one was expected. * In hibernate 4 listeners cannot be configured via properties. HibernateDatabaseModificationsListener registers itself in its @PostConstruct method. * ehcache classes used are now different.
2014-05-01 16:36:02 +02:00
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
ItEr35S11ArquitecturaServidorItEr34S11: First version of the authentication system. It uses a basic integration with Spring Security to provide authentication to thhe Web application (Web services are not protected yet). Currently, two in-memory users have been created: "user" (with password "user") and "admin" (with password "admin"). The first one can access any page except the folder "Administration" and its contents. The last one can access any page.
2009-11-19 14:53:59 +01:00
LDAP Authentication FEA ItEr74S09LdapAuhentication
2011-06-01 16:28:21 +02:00
<!-- NOTE: see http://static.springsource.org/spring-security/site/docs/2.0.x/apidocs/org/springframework/security/vote/AuthenticatedVoter.html
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
for an explanation of the meaning of IS_AUTHENTICATED_ANONYMOUSLY and IS_AUTHENTICATED_FULLY. -->
ItEr43S05ValidacionEProbasFuncionaisItEr42S05: Bug [#214] fixed and support for disabled users improved. IMPORTANT: to apply this patch, please remove the following tables: "naval_profile", "naval_user", "user_profiles", and "user_roles". This patch fixes bug 214 by removing UserRole.ROLE_BASIC_USER. Now, authenticated users with no roles (MandatoryUsers.USER is an example of such an user) can access all pages other than those reserved for specific roles (e.g. UserRole.ADMINISTRATION). Furthermore, this patch also improves support for disabled users by: (1) using the Spring Security support for managing such users and (2) displaying two types of error messages in the login page depending on the type of error ("User disabled" or "Incorrect authentication").
2010-01-13 14:06:42 +01:00
Simplify security configuration using form-login
2014-04-30 19:25:52 +02:00
<http auto-config="false" realm="LibrePlan Web Application">
Upgrade Spring version
2014-04-28 01:01:24 +02:00
ItEr35S11ArquitecturaServidorItEr34S11: First version of the authentication system. It uses a basic integration with Spring Security to provide authentication to thhe Web application (Web services are not protected yet). Currently, two in-memory users have been created: "user" (with password "user") and "admin" (with password "admin"). The first one can access any page except the folder "Administration" and its contents. The last one can access any page.
2009-11-19 14:53:59 +01:00
<!-- Web services -->
New web service returning the assigned tasks of a user It uses MyTasksAreaModel, as the main UI for bound users. The service is only accessible for bound users. FEA: ItEr77S14BoundUsersWebServices
2012-11-07 21:41:12 +01:00
<intercept-url pattern="/ws/rest/bounduser/**"
access="ROLE_BOUND_USER"
method="GET" />
<intercept-url pattern="/ws/rest/bounduser/**"
access="ROLE_BOUND_USER"
method="POST" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/ws/rest/subcontracting/**"
access="ROLE_WS_SUBCONTRACTING"
Add new role to protect subcontracting services New role ROLE_WS_SUBCONTRACTING has been created, now the web services are separated in two parts: * Common web services are allowed to be read by role ROLE_WS_READER and written by role ROLE_WS_WRITER * Subcontracting web services are allowed to be read and written by role ROLE_WS_SUBCONTRACTING In this way you can give access to a different companies to your subcontracting services, however prevent them to access to the rest of your data (via common web services). FEA: ItEr76S30PermissionsEnhancements
2012-06-11 13:49:37 +02:00
method="GET" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/ws/rest/subcontracting/**"
access="ROLE_WS_SUBCONTRACTING"
Add new role to protect subcontracting services New role ROLE_WS_SUBCONTRACTING has been created, now the web services are separated in two parts: * Common web services are allowed to be read by role ROLE_WS_READER and written by role ROLE_WS_WRITER * Subcontracting web services are allowed to be read and written by role ROLE_WS_SUBCONTRACTING In this way you can give access to a different companies to your subcontracting services, however prevent them to access to the rest of your data (via common web services). FEA: ItEr76S30PermissionsEnhancements
2012-06-11 13:49:37 +02:00
method="POST" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/ws/rest/**"
access="ROLE_WS_READER"
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
method="GET" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/ws/rest/**"
access="ROLE_WS_WRITER"
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
method="POST" />
Add new method to delete a work report from the web service FEA: ItEr77S06AllowDeleteWorkReports
2012-08-27 11:42:10 +02:00
<intercept-url pattern="/ws/rest/**"
access="ROLE_WS_WRITER"
method="DELETE" />
ItEr35S11ArquitecturaServidorItEr34S11: First version of the authentication system. It uses a basic integration with Spring Security to provide authentication to thhe Web application (Web services are not protected yet). Currently, two in-memory users have been created: "user" (with password "user") and "admin" (with password "admin"). The first one can access any page except the folder "Administration" and its contents. The last one can access any page.
2009-11-19 14:53:59 +01:00
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
<!-- Web application -->
<intercept-url pattern="/common/img/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/common/css/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/planner/css/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/callback/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/zkau/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/help/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/common/layout/login.zul"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/common/layout/timeout.zul"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
Configure a custom authentication filter For the moment the same behavior than before the authentication filter is kept. Later it will be used to do some redirects depending on if the user is bound or not to any resource. In order to define a custom authentication filter it's needed to set auto-config="false" see http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config We also need an entry point specified by "entry-point-ref" attribute. FEA: ItEr76S28UserDashboard
2012-05-16 09:01:27 +02:00
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<!-- Pages -->
<intercept-url pattern="/templates/*"
access="ROLE_SUPERUSER,ROLE_TEMPLATES" />
<intercept-url pattern="/resources/worker/worker.zul"
access="ROLE_SUPERUSER,ROLE_WORKERS" />
<intercept-url pattern="/resources/machine/*"
access="ROLE_SUPERUSER,ROLE_MACHINES" />
<intercept-url pattern="/resources/worker/virtualWorkers.zul"
access="ROLE_SUPERUSER,ROLE_VIRTUAL_WORKERS" />
<intercept-url pattern="/calendars/*"
access="ROLE_SUPERUSER,ROLE_CALENDARS" />
<intercept-url pattern="/excetiondays/*"
access="ROLE_SUPERUSER,ROLE_CALENDAR_EXCEPTION_DAYS" />
<intercept-url pattern="/resources/criterions/*"
access="ROLE_SUPERUSER,ROLE_CRITERIA" />
<intercept-url pattern="/advance/*"
access="ROLE_SUPERUSER,ROLE_PROGRESS_TYPES" />
<intercept-url pattern="/labels/*"
access="ROLE_SUPERUSER,ROLE_LABELS" />
<intercept-url pattern="/materials/*"
access="ROLE_SUPERUSER,ROLE_MATERIALS" />
<intercept-url pattern="/unittypes/*"
access="ROLE_SUPERUSER,ROLE_MATERIAL_UNITS" />
<intercept-url pattern="/qualityforms/*"
access="ROLE_SUPERUSER,ROLE_QUALITY_FORMS" />
<intercept-url pattern="/workreports/workReport.zul"
access="ROLE_SUPERUSER,ROLE_TIMESHEETS" />
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
<intercept-url pattern="/workreports/workReportTypes.zul"
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
access="ROLE_SUPERUSER,ROLE_TIMESHEETS_TEMPLATES" />
<intercept-url pattern="/expensesheet/*"
Configure permissions for ROLE_BOUND_USER Only bound users will have access to page "Personal Area > Home". Moreover bound users will have access to expenses sheet edition form, even if they don't have access to "Cost > Expenses" page. Finally users with role ROLE_SUERUSER, ROLE_SUERUSER or ROLE_TIMESHEETS will have access to monthly timesheets edition page. FEA: ItEr76S30PermissionsEnhancements
2012-06-15 12:54:26 +02:00
access="ROLE_SUPERUSER,ROLE_EXPENSES,ROLE_BOUND_USER" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/costcategories/*"
access="ROLE_SUPERUSER,ROLE_COST_CATEGORIES" />
<intercept-url pattern="/typeofworkhours/*"
access="ROLE_SUPERUSER,ROLE_HOURS_TYPES" />
<intercept-url pattern="/common/configuration.zul"
access="ROLE_SUPERUSER,ROLE_MAIN_SETTINGS" />
<intercept-url pattern="/users/*"
access="ROLE_SUPERUSER,ROLE_USER_ACCOUNTS" />
<intercept-url pattern="/profiles/*"
access="ROLE_SUPERUSER,ROLE_PROFILES" />
<intercept-url pattern="/externalcompanies/*"
access="ROLE_SUPERUSER,ROLE_COMPANIES" />
<intercept-url pattern="/subcontract/subcontractedTasks.zul"
access="ROLE_SUPERUSER,ROLE_SEND_TO_SUBCONTRACTORS" />
<intercept-url pattern="/subcontract/subcontractorCommunications.zul"
access="ROLE_SUPERUSER,ROLE_RECEIVED_FROM_SUBCONTRACTORS" />
<intercept-url pattern="/subcontract/reportAdvances.zul"
access="ROLE_SUPERUSER,ROLE_SEND_TO_CUSTOMERS" />
<intercept-url pattern="/subcontract/customerCommunications.zul"
access="ROLE_SUPERUSER,ROLE_RECEIVED_FROM_CUSTOMERS" />
<intercept-url pattern="/workreports/workReportQuery.zul"
Moved Timesheet Lines List page from 'Reports' menu section to 'Cost' Permissions for default profiles were also updated accordingly. FEA: ItEr76S04BugFixing
2012-07-09 19:02:48 +02:00
access="ROLE_SUPERUSER,ROLE_TIMESHEET_LINES_LIST" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
<intercept-url pattern="/reports/hoursWorkedPerWorkerReport.zul"
access="ROLE_SUPERUSER,ROLE_HOURS_WORKED_PER_RESOURCE_REPORT" />
<intercept-url pattern="/reports/hoursWorkedPerWorkerInAMonthReport.zul"
access="ROLE_SUPERUSER,ROLE_TOTAL_WORKED_HOURS_BY_RESOURCE_IN_A_MONTH_REPORT" />
<intercept-url pattern="/reports/schedulingProgressPerOrderReport.zul"
access="ROLE_SUPERUSER,ROLE_WORK_AND_PROGRESS_PER_PROJECT_REPORT" />
<intercept-url pattern="/reports/workingProgressPerTaskReport.zul"
access="ROLE_SUPERUSER,ROLE_WORK_AND_PROGRESS_PER_TASK_REPORT" />
<intercept-url pattern="/reports/completedEstimatedHoursPerTask.zul"
access="ROLE_SUPERUSER,ROLE_ESTIMATED_PLANNED_HOURS_PER_TASK_REPORT" />
<intercept-url pattern="/reportsorderCostsPerResource/.zul"
access="ROLE_SUPERUSER,ROLE_PROJECT_COSTS_REPORT" />
<intercept-url pattern="/reports/workingArrangementsPerOrderReport.zul"
access="ROLE_SUPERUSER,ROLE_TASK_SCHEDULING_STATUS_IN_PROJECT_REPORT" />
<intercept-url pattern="/reports/timeLineMaterialReport.zul"
access="ROLE_SUPERUSER,ROLE_MATERIALS_NEED_AT_DATE_REPORT" />
Configure permissions for ROLE_BOUND_USER Only bound users will have access to page "Personal Area > Home". Moreover bound users will have access to expenses sheet edition form, even if they don't have access to "Cost > Expenses" page. Finally users with role ROLE_SUERUSER, ROLE_SUERUSER or ROLE_TIMESHEETS will have access to monthly timesheets edition page. FEA: ItEr76S30PermissionsEnhancements
2012-06-15 12:54:26 +02:00
<intercept-url pattern="/myaccount/userDashboard.zul"
access="ROLE_BOUND_USER" />
<intercept-url pattern="/myaccount/monthlyTimesheet.zul"
access="ROLE_SUPERUSER,ROLE_TIMESHEETS,ROLE_BOUND_USER" />
Configures a new userRole to restrict access to import project functionality FEA: ItEr77S05BasicProjectImport
2013-03-26 17:46:03 +01:00
<intercept-url pattern="/orders/imports/projectImport.zul"
access="ROLE_SUPERUSER,ROLE_IMPORT_PROJECTS" />
Configure basic permissions for each page in Spring Security file Only ROLE_SUPERUSER and role of the page will have access. FEA: ItEr76S30PermissionsEnhancements
2012-06-14 18:17:05 +02:00
ItEr43S05ValidacionEProbasFuncionaisItEr42S05: Bug [#214] fixed and support for disabled users improved. IMPORTANT: to apply this patch, please remove the following tables: "naval_profile", "naval_user", "user_profiles", and "user_roles". This patch fixes bug 214 by removing UserRole.ROLE_BASIC_USER. Now, authenticated users with no roles (MandatoryUsers.USER is an example of such an user) can access all pages other than those reserved for specific roles (e.g. UserRole.ADMINISTRATION). Furthermore, this patch also improves support for disabled users by: (1) using the Spring Security support for managing such users and (2) displaying two types of error messages in the login page depending on the type of error ("User disabled" or "Incorrect authentication").
2010-01-13 14:06:42 +01:00
<intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
Configure a custom authentication filter For the moment the same behavior than before the authentication filter is kept. Later it will be used to do some redirects depending on if the user is bound or not to any resource. In order to define a custom authentication filter it's needed to set auto-config="false" see http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config We also need an entry point specified by "entry-point-ref" attribute. FEA: ItEr76S28UserDashboard
2012-05-16 09:01:27 +02:00
Configure a custom URL target resolver in order to define the proper URL for bound users Bound users will be redirected to user dashboard after login. FEA: ItEr76S28UserDashboard
2012-05-16 10:36:05 +02:00
<!-- These have been added because of auto-config is false now in order
to use a custom authentication filter.
See: http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config -->
Configure a custom authentication filter For the moment the same behavior than before the authentication filter is kept. Later it will be used to do some redirects depending on if the user is bound or not to any resource. In order to define a custom authentication filter it's needed to set auto-config="false" see http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config We also need an entry point specified by "entry-point-ref" attribute. FEA: ItEr76S28UserDashboard
2012-05-16 09:01:27 +02:00
<anonymous />
Simplify security configuration using form-login
2014-04-30 19:25:52 +02:00
<form-login login-page="/common/layout/login.zul"
default-target-url="/common/index.zul"
authentication-failure-url="/common/layout/login.zul?login_error=true" />
Configure a custom authentication filter For the moment the same behavior than before the authentication filter is kept. Later it will be used to do some redirects depending on if the user is bound or not to any resource. In order to define a custom authentication filter it's needed to set auto-config="false" see http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config We also need an entry point specified by "entry-point-ref" attribute. FEA: ItEr76S28UserDashboard
2012-05-16 09:01:27 +02:00
<http-basic />
<logout />
<remember-me />
ItEr35S11ArquitecturaServidorItEr34S11: First version of the authentication system. It uses a basic integration with Spring Security to provide authentication to thhe Web application (Web services are not protected yet). Currently, two in-memory users have been created: "user" (with password "user") and "admin" (with password "admin"). The first one can access any page except the folder "Administration" and its contents. The last one can access any page.
2009-11-19 14:53:59 +01:00
</http>
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
<!-- Beans used by Spring Security (current configuration assumes users
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
are registered in the database). -->
<beans:bean id="passwordEncoder"
Upgrade Spring version
2014-04-28 01:01:24 +02:00
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
<beans:constructor-arg value="512" />
</beans:bean>
Composite Handler LDAP-Database. Import of users from LDAP. Support of two types of users (LDAP and Database). FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:49 +02:00
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
<beans:bean id="saltSource"
Upgrade Spring version
2014-04-28 01:01:24 +02:00
class="org.springframework.security.authentication.dao.ReflectionSaltSource"
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
p:userPropertyToUse="username" />
Add logging category for authentication attempts Login attempts will be logged to navalplan-logins.log. FEA: ItEr75S04BugFixing
2011-08-10 18:32:29 +02:00
<!-- <beans:bean id="realAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider"
ItEr38S17ArquitecturaServidorItEr37S07: General refactoring to Spring Security integration and passwords encoded with SHA-2 (SHA-512). General refactoring to Spring Security integration and passwords econded with SHA-2 (SHA-512). "naval_user" and "user_roles" tables must be removed after applying this patch.
2009-12-11 13:11:58 +01:00
p:passwordEncoder-ref="passwordEncoder" p:saltSource-ref="saltSource" p:userDetailsService-ref="dbUserDetailsService">
Composite Handler LDAP-Database. Import of users from LDAP. Support of two types of users (LDAP and Database). FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:49 +02:00
<custom-authentication-provider/> </beans:bean> -->
Rename NavalPlan to LibrePlan * Change all folders and file names * Change string in all files FEA: ItEr75S03CommunityMaterial
2011-10-28 08:17:54 +02:00
<!-- Beans used by the LibrePlan Web application when users are registered
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
in the database. When users are registered externally (e.g. in a LDAP server),
Rename NavalPlan to LibrePlan * Change all folders and file names * Change string in all files FEA: ItEr75S03CommunityMaterial
2011-10-28 08:17:54 +02:00
these lines may be commented. <beans:bean id="dbUserDetailsService" class="org.libreplan.web.users.services.DBUserDetailsService"/> -->
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
<beans:bean id="dbPasswordEncoderService"
Rename NavalPlan to LibrePlan * Change all folders and file names * Change string in all files FEA: ItEr75S03CommunityMaterial
2011-10-28 08:17:54 +02:00
class="org.libreplan.web.users.services.DBPasswordEncoderService"
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
p:passwordEncoder-ref="passwordEncoder" p:saltSource-ref="saltSource" />
Composite Handler LDAP-Database. Import of users from LDAP. Support of two types of users (LDAP and Database). FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:49 +02:00
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
<beans:bean id="usersBootstrapInDB"
Rename NavalPlan to LibrePlan * Change all folders and file names * Change string in all files FEA: ItEr75S03CommunityMaterial
2011-10-28 08:17:54 +02:00
class="org.libreplan.web.users.bootstrap.UsersBootstrapInDB"
Adding LDAP configuration properties to Configuration and User FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:48 +02:00
p:dbPasswordEncoderService-ref="dbPasswordEncoderService" />
Rename NavalPlan to LibrePlan * Change all folders and file names * Change string in all files FEA: ItEr75S03CommunityMaterial
2011-10-28 08:17:54 +02:00
<!-- Beans used by the LibrePlan Web Application when users are registerd
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
in LDAP. At this moment users MUST be also in database with same username.
This will be changed in the near future. the url, base, userDN and password
properties must be set with the proper values -->
<beans:bean id="contextSource"
Rename NavalPlan to LibrePlan * Change all folders and file names * Change string in all files FEA: ItEr75S03CommunityMaterial
2011-10-28 08:17:54 +02:00
class="org.libreplan.web.users.services.LDAPCustomContextSource">
ItEr38S17ArquitecturaServidorItEr37S07: General refactoring to Spring Security integration and passwords encoded with SHA-2 (SHA-512). General refactoring to Spring Security integration and passwords econded with SHA-2 (SHA-512). "naval_user" and "user_roles" tables must be removed after applying this patch.
2009-12-11 13:11:58 +01:00
</beans:bean>
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
<beans:bean id="ldapTemplate"
class="org.springframework.ldap.core.LdapTemplate"
p:contextSource-ref="contextSource">
</beans:bean>
ItEr38S17ArquitecturaServidorItEr37S07: General refactoring to Spring Security integration and passwords encoded with SHA-2 (SHA-512). General refactoring to Spring Security integration and passwords econded with SHA-2 (SHA-512). "naval_user" and "user_roles" tables must be removed after applying this patch.
2009-12-11 13:11:58 +01:00
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
<!-- This authentication provider will make possible all the login process
when an LDAP is used. Also will allow authenticate users in database. The
property strUserId must be set with the proper value. It represents the property
of the user in LDAP which will be used to check the username. -->
Add logging category for authentication attempts Login attempts will be logged to navalplan-logins.log. FEA: ItEr75S04BugFixing
2011-08-10 18:32:29 +02:00
<beans:bean id="realAuthenticationProvider"
Rename NavalPlan to LibrePlan * Change all folders and file names * Change string in all files FEA: ItEr75S03CommunityMaterial
2011-10-28 08:17:54 +02:00
class="org.libreplan.web.users.services.LDAPCustomAuthenticationProvider"
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
p:userDetailsService-ref="ldapUserDetailsService"
Composite Handler LDAP-Database. Import of users from LDAP. Support of two types of users (LDAP and Database). FEA ItEr74S09LdapAuhentication
2011-05-27 14:27:49 +02:00
p:ldapTemplate-ref="ldapTemplate"
p:passwordEncoderService-ref="dbPasswordEncoderService">
Add logging category for authentication attempts Login attempts will be logged to navalplan-logins.log. FEA: ItEr75S04BugFixing
2011-08-10 18:32:29 +02:00
</beans:bean>
Rename NavalPlan to LibrePlan * Change all folders and file names * Change string in all files FEA: ItEr75S03CommunityMaterial
2011-10-28 08:17:54 +02:00
<beans:bean id="authenticationProvider" class="org.libreplan.web.users.services.AuthenticationProviderLoggingDecorator">
Add logging category for authentication attempts Login attempts will be logged to navalplan-logins.log. FEA: ItEr75S04BugFixing
2011-08-10 18:32:29 +02:00
<beans:property name="decoratedProvider" ref="realAuthenticationProvider"></beans:property>
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
</beans:bean>
ItEr38S17ArquitecturaServidorItEr37S07: General refactoring to Spring Security integration and passwords encoded with SHA-2 (SHA-512). General refactoring to Spring Security integration and passwords econded with SHA-2 (SHA-512). "naval_user" and "user_roles" tables must be removed after applying this patch.
2009-12-11 13:11:58 +01:00
Basic LDAP Authentication added on login form. * It's needed that users exist in database too. FEA: ItEr74S09LdapAuhentication
2011-05-20 13:56:11 +02:00
<!-- This bean is used to implement UserDetailsService with LDAP authentication
Provider. -->
<beans:bean id="ldapUserDetailsService"
Rename NavalPlan to LibrePlan * Change all folders and file names * Change string in all files FEA: ItEr75S03CommunityMaterial
2011-10-28 08:17:54 +02:00
class="org.libreplan.web.users.services.LDAPUserDetailsService" />
Configure a custom authentication filter For the moment the same behavior than before the authentication filter is kept. Later it will be used to do some redirects depending on if the user is bound or not to any resource. In order to define a custom authentication filter it's needed to set auto-config="false" see http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config We also need an entry point specified by "entry-point-ref" attribute. FEA: ItEr76S28UserDashboard
2012-05-16 09:01:27 +02:00
Simplify security configuration using form-login
2014-04-30 19:25:52 +02:00
<authentication-manager>
Upgrade Spring version
2014-04-28 01:01:24 +02:00
<authentication-provider ref="authenticationProvider"/>
</authentication-manager>
Configure a custom authentication filter For the moment the same behavior than before the authentication filter is kept. Later it will be used to do some redirects depending on if the user is bound or not to any resource. In order to define a custom authentication filter it's needed to set auto-config="false" see http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config We also need an entry point specified by "entry-point-ref" attribute. FEA: ItEr76S28UserDashboard
2012-05-16 09:01:27 +02:00
Add logging category for authentication attempts Login attempts will be logged to navalplan-logins.log. FEA: ItEr75S04BugFixing
2011-08-10 18:32:29 +02:00
</beans:beans>
Reference in a new issue Copy permalink