...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<filter>
<filter-name>spring.securityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>springSecurityFilterChain</param-value>
</init-param>
</filter>
<filter>
<filter-name>wicket.filter</filter-name>
<filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>spring.securityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>wicket.filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
|
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd"> <bean id="myApplication" class="com.foo.bar.MyApplication" /> <security:http auto-config="false"> <security:intercept-url pattern="/login*" filters="none" /> <security:intercept-url pattern="/**" access="ROLE_ADMIN" /> <security:form-login login-page="/login" /> </security:http> <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter </value> </property> </bean> <bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"> <property name="allowSessionCreation" value="false"/> </bean> <security:authentication-provider> <security:user-service> <security:user password="admin" name="admin" authorities="ROLE_ADMIN" /> </security:user-service> </security:authentication-provider> </beans> |
The above example uses the spring security namespace. For those who were familiar with the Acegi way one might notice the huge improvement of XML setup. The above example states that all URLs, except the /login* are only accessible for users with the role ROLE_ADMINonly filter we need defined from Acegi is the HttpSessionContextIntegrationFilter. This filter will ensure that the SecurityContext is transported to and from the HttpSession onto the Thread context. All authorization is delegated to the wicket-auth-roles module which uses Annotations (@AuthorizeInstantiation).
Using the authentication-provider XML element we register an AuthenticationManager in the Spring context. In this case we use a simple in-memory user service using the user-service element.
...