RenJuan/TASKPM
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
TASKPM/libreplan-webapp/src/main/resources/libreplan-webapp-spring-security-config.xml
Vova Perebykivskiy 1cafd835d9 Add new connector property. 
Add DAOs for EmailNotification/Template.
Add entities for EmailNotification/Template.
Add models for EmailNotification/Template.
Add Hibernate mapping for email tables.
Some changes to resources mapping.
Add classes for job scheduling of emails.
Code refactoring.
Test email button changes.
Add solution to get welcome page URL from system.
Remarks to method that adds new row to notification_queue table.
New role in Spring security.
New content of Edit E-mail templates page.
2015-11-03 10:35:53 +02:00

209 lines
11 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- NOTE: see http://static.springsource.org/spring-security/site/docs/2.0.x/apidocs/org/springframework/security/vote/AuthenticatedVoter.html
for an explanation of the meaning of IS_AUTHENTICATED_ANONYMOUSLY and IS_AUTHENTICATED_FULLY. -->
<http auto-config="false" realm="LibrePlan Web Application">
<!-- Web services -->
<intercept-url pattern="/ws/rest/bounduser/**"
access="ROLE_BOUND_USER"
method="GET" />
<intercept-url pattern="/ws/rest/bounduser/**"
access="ROLE_BOUND_USER"
method="POST" />
<intercept-url pattern="/ws/rest/subcontracting/**"
access="ROLE_WS_SUBCONTRACTING"
method="GET" />
<intercept-url pattern="/ws/rest/subcontracting/**"
access="ROLE_WS_SUBCONTRACTING"
method="POST" />
<intercept-url pattern="/ws/rest/**"
access="ROLE_WS_READER"
method="GET" />
<intercept-url pattern="/ws/rest/**"
access="ROLE_WS_WRITER"
method="POST" />
<intercept-url pattern="/ws/rest/**"
access="ROLE_WS_WRITER"
method="DELETE" />
<!-- Web application -->
<intercept-url pattern="/common/img/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/common/css/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/planner/css/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/callback/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/zkau/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/help/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/common/layout/login.zul"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/common/layout/timeout.zul"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Pages -->
<intercept-url pattern="/templates/*"
access="ROLE_SUPERUSER,ROLE_TEMPLATES" />
<intercept-url pattern="/email/*"
access="ROLE_SUPERUSER"/>
<intercept-url pattern="/resources/worker/worker.zul"
access="ROLE_SUPERUSER,ROLE_WORKERS" />
<intercept-url pattern="/resources/machine/*"
access="ROLE_SUPERUSER,ROLE_MACHINES" />
<intercept-url pattern="/resources/worker/virtualWorkers.zul"
access="ROLE_SUPERUSER,ROLE_VIRTUAL_WORKERS" />
<intercept-url pattern="/calendars/*"
access="ROLE_SUPERUSER,ROLE_CALENDARS" />
<intercept-url pattern="/excetiondays/*"
access="ROLE_SUPERUSER,ROLE_CALENDAR_EXCEPTION_DAYS" />
<intercept-url pattern="/resources/criterions/*"
access="ROLE_SUPERUSER,ROLE_CRITERIA" />
<intercept-url pattern="/advance/*"
access="ROLE_SUPERUSER,ROLE_PROGRESS_TYPES" />
<intercept-url pattern="/labels/*"
access="ROLE_SUPERUSER,ROLE_LABELS" />
<intercept-url pattern="/materials/*"
access="ROLE_SUPERUSER,ROLE_MATERIALS" />
<intercept-url pattern="/unittypes/*"
access="ROLE_SUPERUSER,ROLE_MATERIAL_UNITS" />
<intercept-url pattern="/qualityforms/*"
access="ROLE_SUPERUSER,ROLE_QUALITY_FORMS" />
<intercept-url pattern="/workreports/workReport.zul"
access="ROLE_SUPERUSER,ROLE_TIMESHEETS" />
<intercept-url pattern="/workreports/workReportTypes.zul"
access="ROLE_SUPERUSER,ROLE_TIMESHEETS_TEMPLATES" />
<intercept-url pattern="/expensesheet/*"
access="ROLE_SUPERUSER,ROLE_EXPENSES,ROLE_BOUND_USER" />
<intercept-url pattern="/costcategories/*"
access="ROLE_SUPERUSER,ROLE_COST_CATEGORIES" />
<intercept-url pattern="/typeofworkhours/*"
access="ROLE_SUPERUSER,ROLE_HOURS_TYPES" />
<intercept-url pattern="/common/configuration.zul"
access="ROLE_SUPERUSER,ROLE_MAIN_SETTINGS" />
<intercept-url pattern="/users/*"
access="ROLE_SUPERUSER,ROLE_USER_ACCOUNTS" />
<intercept-url pattern="/profiles/*"
access="ROLE_SUPERUSER,ROLE_PROFILES" />
<intercept-url pattern="/externalcompanies/*"
access="ROLE_SUPERUSER,ROLE_COMPANIES" />
<intercept-url pattern="/subcontract/subcontractedTasks.zul"
access="ROLE_SUPERUSER,ROLE_SEND_TO_SUBCONTRACTORS" />
<intercept-url pattern="/subcontract/subcontractorCommunications.zul"
access="ROLE_SUPERUSER,ROLE_RECEIVED_FROM_SUBCONTRACTORS" />
<intercept-url pattern="/subcontract/reportAdvances.zul"
access="ROLE_SUPERUSER,ROLE_SEND_TO_CUSTOMERS" />
<intercept-url pattern="/subcontract/customerCommunications.zul"
access="ROLE_SUPERUSER,ROLE_RECEIVED_FROM_CUSTOMERS" />
<intercept-url pattern="/workreports/workReportQuery.zul"
access="ROLE_SUPERUSER,ROLE_TIMESHEET_LINES_LIST" />
<intercept-url pattern="/reports/hoursWorkedPerWorkerReport.zul"
access="ROLE_SUPERUSER,ROLE_HOURS_WORKED_PER_RESOURCE_REPORT" />
<intercept-url pattern="/reports/hoursWorkedPerWorkerInAMonthReport.zul"
access="ROLE_SUPERUSER,ROLE_TOTAL_WORKED_HOURS_BY_RESOURCE_IN_A_MONTH_REPORT" />
<intercept-url pattern="/reports/schedulingProgressPerOrderReport.zul"
access="ROLE_SUPERUSER,ROLE_WORK_AND_PROGRESS_PER_PROJECT_REPORT" />
<intercept-url pattern="/reports/workingProgressPerTaskReport.zul"
access="ROLE_SUPERUSER,ROLE_WORK_AND_PROGRESS_PER_TASK_REPORT" />
<intercept-url pattern="/reports/completedEstimatedHoursPerTask.zul"
access="ROLE_SUPERUSER,ROLE_ESTIMATED_PLANNED_HOURS_PER_TASK_REPORT" />
<intercept-url pattern="/reportsorderCostsPerResource/.zul"
access="ROLE_SUPERUSER,ROLE_PROJECT_COSTS_REPORT" />
<intercept-url pattern="/reports/workingArrangementsPerOrderReport.zul"
access="ROLE_SUPERUSER,ROLE_TASK_SCHEDULING_STATUS_IN_PROJECT_REPORT" />
<intercept-url pattern="/reports/timeLineMaterialReport.zul"
access="ROLE_SUPERUSER,ROLE_MATERIALS_NEED_AT_DATE_REPORT" />
<intercept-url pattern="/myaccount/userDashboard.zul"
access="ROLE_BOUND_USER" />
<intercept-url pattern="/myaccount/monthlyTimesheet.zul"
access="ROLE_SUPERUSER,ROLE_TIMESHEETS,ROLE_BOUND_USER" />
<intercept-url pattern="/orders/imports/projectImport.zul"
access="ROLE_SUPERUSER,ROLE_IMPORT_PROJECTS" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<!-- These have been added because of auto-config is false now in order
to use a custom authentication filter.
See: http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-auto-config -->
<anonymous />
<form-login login-page="/common/layout/login.zul"
default-target-url="/common/index.zul"
authentication-failure-url="/common/layout/login.zul?login_error=true" />
<http-basic />
<logout />
<remember-me />
</http>
<!-- Beans used by Spring Security (current configuration assumes users
are registered in the database). -->
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<beans:constructor-arg value="512" />
</beans:bean>
<beans:bean id="saltSource"
class="org.springframework.security.authentication.dao.ReflectionSaltSource"
p:userPropertyToUse="username" />
<!-- <beans:bean id="realAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider"
p:passwordEncoder-ref="passwordEncoder" p:saltSource-ref="saltSource" p:userDetailsService-ref="dbUserDetailsService">
<custom-authentication-provider/> </beans:bean> -->
<!-- Beans used by the LibrePlan Web application when users are registered
in the database. When users are registered externally (e.g. in a LDAP server),
these lines may be commented. <beans:bean id="dbUserDetailsService" class="org.libreplan.web.users.services.DBUserDetailsService"/> -->
<beans:bean id="dbPasswordEncoderService"
class="org.libreplan.web.users.services.DBPasswordEncoderService"
p:passwordEncoder-ref="passwordEncoder" p:saltSource-ref="saltSource" />
<beans:bean id="usersBootstrapInDB"
class="org.libreplan.web.users.bootstrap.UsersBootstrapInDB"
p:dbPasswordEncoderService-ref="dbPasswordEncoderService" />
<!-- Beans used by the LibrePlan Web Application when users are registerd
in LDAP. At this moment users MUST be also in database with same username.
This will be changed in the near future. the url, base, userDN and password
properties must be set with the proper values -->
<beans:bean id="contextSource"
class="org.libreplan.web.users.services.LDAPCustomContextSource">
</beans:bean>
<beans:bean id="ldapTemplate"
class="org.springframework.ldap.core.LdapTemplate"
p:contextSource-ref="contextSource">
</beans:bean>
<!-- This authentication provider will make possible all the login process
when an LDAP is used. Also will allow authenticate users in database. The
property strUserId must be set with the proper value. It represents the property
of the user in LDAP which will be used to check the username. -->
<beans:bean id="realAuthenticationProvider"
class="org.libreplan.web.users.services.LDAPCustomAuthenticationProvider"
p:userDetailsService-ref="ldapUserDetailsService"
p:ldapTemplate-ref="ldapTemplate"
p:passwordEncoderService-ref="dbPasswordEncoderService">
</beans:bean>
<beans:bean id="authenticationProvider" class="org.libreplan.web.users.services.AuthenticationProviderLoggingDecorator">
<beans:property name="decoratedProvider" ref="realAuthenticationProvider"></beans:property>
</beans:bean>
<!-- This bean is used to implement UserDetailsService with LDAP authentication
Provider. -->
<beans:bean id="ldapUserDetailsService"
class="org.libreplan.web.users.services.LDAPUserDetailsService" />
<authentication-manager>
<authentication-provider ref="authenticationProvider"/>
</authentication-manager>
</beans:beans>
Reference in a new issue View git blame Copy permalink