From ce34595afd20a50071addcd8863dbe7c1761cba8 Mon Sep 17 00:00:00 2001
From: Manuel Rego Casasnovas <rego@igalia.com>
Date: Wed, 16 May 2012 09:01:27 +0200
Subject: [PATCH] Configure a custom authentication filter

For the moment the same behavior than before the authentication filter is kept.
Later it will be used to do some redirects depending on if the user is bound or
not to any resource.

In order to define a custom authentication filter it's needed to set
auto-config="false" see
http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config

We also need an entry point specified by "entry-point-ref" attribute.

FEA: ItEr76S28UserDashboard
---
 ...ibreplan-webapp-spring-security-config.xml | 29 +++++++++++++++++--
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/libreplan-webapp/src/main/resources/libreplan-webapp-spring-security-config.xml b/libreplan-webapp/src/main/resources/libreplan-webapp-spring-security-config.xml
index 309405f81..302d817d5 100644
--- a/libreplan-webapp/src/main/resources/libreplan-webapp-spring-security-config.xml
+++ b/libreplan-webapp/src/main/resources/libreplan-webapp-spring-security-config.xml
@@ -9,7 +9,8 @@
     <!-- NOTE: see http://static.springsource.org/spring-security/site/docs/2.0.x/apidocs/org/springframework/security/vote/AuthenticatedVoter.html
         for an explanation of the meaning of IS_AUTHENTICATED_ANONYMOUSLY and IS_AUTHENTICATED_FULLY. -->
 
-    <http auto-config="true" realm="LibrePlan Web Application">
+    <http auto-config="false" realm="LibrePlan Web Application"
+        entry-point-ref="customAuthenticationEntryPoint">
 
         <!-- Web services -->
         <intercept-url pattern="/ws/rest/**" access="ROLE_WS_READER"
@@ -36,6 +37,7 @@
             access="IS_AUTHENTICATED_ANONYMOUSLY" />
         <intercept-url pattern="/common/layout/timeout.zul"
             access="IS_AUTHENTICATED_ANONYMOUSLY" />
+
         <intercept-url pattern="/advance/**" access="ROLE_ADMINISTRATION" />
         <intercept-url pattern="/resources/criterions/**"
             access="ROLE_ADMINISTRATION" />
@@ -54,8 +56,11 @@
             access="ROLE_ADMINISTRATION" />
         <intercept-url pattern="/expensesheet/**" access="ROLE_ADMINISTRATION,ROLE_EXPENSE_TRACKING"/>
         <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
-        <form-login login-page="/common/layout/login.zul"
-            authentication-failure-url="/common/layout/login.zul?login_error=true" />
+
+        <anonymous />
+        <http-basic />
+        <logout />
+        <remember-me />
 
     </http>
 
@@ -115,4 +120,22 @@
         Provider. -->
     <beans:bean id="ldapUserDetailsService"
         class="org.libreplan.web.users.services.LDAPUserDetailsService" />
+
+    <!-- Configured a custom authentication filter -->
+    <authentication-manager alias="authenticationManager" />
+
+    <beans:bean id="customAuthenticationFilter"
+        class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter" >
+        <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
+        <beans:property name="authenticationManager" ref="authenticationManager" />
+        <beans:property name="defaultTargetUrl" value="/planner/index.zul" />
+        <beans:property name="authenticationFailureUrl" value="/common/layout/login.zul?login_error=true" />
+        <beans:property name="allowSessionCreation" value="true" />
+    </beans:bean>
+
+    <beans:bean id="customAuthenticationEntryPoint"
+        class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+        <beans:property name="loginFormUrl" value="/common/layout/login.zul"/>
+    </beans:bean>
+
 </beans:beans>