Commit Acegi Security, projet ok mais des bugs dans la securite (a voir)

YACOSWeb/WebContent/WEB-INF/applicationContextAcegi.xml

@@ -0,0 +1,140 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
+
+<!--  CONFIGURATION AUTHENTICATION -->
+<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
+  <property name="filterInvocationDefinitionSource">
+    <value>
+      CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+      PATTERN_TYPE_APACHE_ANT
+      /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
+    </value>
+  </property>
+</bean>
+
+<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
+  <property name="authenticationEntryPoint">
+    <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
+      <property name="loginFormUrl" value="/login.jsp"/>
+      <property name="forceHttps" value="false"/>
+    </bean>
+  </property>
+  <property name="accessDeniedHandler">
+    <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
+      <property name="errorPage" value="/denied.jsp"/>
+    </bean>
+  </property>
+</bean>
+
+<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
+  <property name="authenticationManager" ref="authenticationManager"/>
+  <property name="authenticationFailureUrl" value="/jsp/login.jsp?errorId=1"/>
+  <property name="defaultTargetUrl" value="/"/>
+  <property name="filterProcessesUrl" value="/j_acegi_security_check"/>
+  <property name="rememberMeServices" ref="rememberMeServices"/>
+</bean>
+
+<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
+  <property name="providers">
+    <list>
+      <ref local="daoAuthenticationProvider"/>
+      <bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
+        <property name="key" value="changeThis"/>
+      </bean>
+      <bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
+        <property name="key" value="changeThis"/>
+      </bean>
+    </list>
+  </property>
+</bean>
+
+<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
+  <property name="userDetailsService" ref="userDetailsService"/>
+  <property name="userCache">
+    <bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
+      <property name="cache">
+        <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
+          <property name="cacheManager">
+            <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
+          </property>
+          <property name="cacheName" value="userCache"/>
+        </bean>
+      </property>
+    </bean>
+  </property>
+</bean>
+
+<bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
+  <property name="userProperties">
+    <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
+      <property name="location" value="/WEB-INF/users.properties"/>
+    </bean>
+  </property>
+</bean>
+
+
+
+<!-- AUTHORIZATION SERVICES -->
+<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
+  <property name="authenticationManager" ref="authenticationManager"/>
+  <property name="accessDecisionManager">
+    <bean class="org.acegisecurity.vote.AffirmativeBased">
+      <property name="allowIfAllAbstainDecisions" value="false"/>
+      <property name="decisionVoters">
+        <list>
+          <bean class="org.acegisecurity.vote.RoleVoter"/>
+          <bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
+        </list>
+      </property>
+    </bean>
+  </property>
+  <property name="objectDefinitionSource">
+    <value>
+      CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
+      PATTERN_TYPE_APACHE_ANT
+      /secure/**=ROLE_ADMIN,ROLE_AUTHOR,ROLE_MEMBER
+      /secure/**=IS_AUTHENTICATED_REMEMBERED
+      /**=IS_AUTHENTICATED_ANONYMOUSLY
+    </value>
+  </property>
+</bean>
+
+<!-- LOGOUT -->
+<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
+  <constructor-arg value="/index.jsp"/>
+  <constructor-arg>
+    <list>
+      <ref bean="rememberMeServices"/>
+      <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
+    </list>
+  </constructor-arg>
+</bean>
+
+<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
+  <property name="userDetailsService" ref="userDetailsService"/>
+  <property name="tokenValiditySeconds" value="1800"></property>
+  <property name="key" value="changeThis"/>
+</bean>
+
+<!-- OTHERS -->
+<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
+
+<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
+
+<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
+  <property name="authenticationManager" ref="authenticationManager"/>
+  <property name="rememberMeServices" ref="rememberMeServices"/>
+</bean>
+
+<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
+  <property name="key" value="changeThis"/>
+  <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
+</bean>
+
+<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
+
+</beans>