Scribd
Upload
112 views3 pages

Security

This document defines the security configuration for a Spring application. It specifies URL access rules that require certain roles like "ROLE_USER" and "ROLE_MEMBER". It also configures user authentication from a database using queries to retrieve user names, passwords and authorities from different tables for different roles. The password encoder is defined to be BCrypt with a strength of 10.

Uploaded by

vijayasarathi458
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
112 views3 pages

Security

This document defines the security configuration for a Spring application. It specifies URL access rules that require certain roles like "ROLE_USER" and "ROLE_MEMBER". It also configures user authentication from a database using queries to retrieve user names, passwords and authorities from different tables for different roles. The password encoder is defined to be BCrypt with a strength of 10.

Uploaded by

vijayasarathi458
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

<?xml version="1.0" encoding="UTF-8"?

>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.1.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd">

<http use-expressions="true">
<headers>
<frame-options policy="SAMEORIGIN" />

</headers>
<csrf disabled="true" />

<intercept-url pattern="/welcome" access="isAnonymous()" />


<intercept-url pattern="/login" access="isAnonymous()" />
<intercept-url pattern="/logout" access="isAnonymous()" />

<intercept-url pattern="/projectboard"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/projectboard/*"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/dashboard"
access="hasAnyRole('ROLE_USER')" />

<!--
<intercept-url pattern="/crt/projectInfo"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/crt/projectInfo"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/projectlist"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/feature"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/submittedproposal"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/crt/tasks"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/NewMember/{teamtoken:.+}/{mailtoken:.+}"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/teamboard"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/crt/projectdetail"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/crt/taskdetail"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/crt/projectrole"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/dashboard"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/projectboard"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/messages"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/userdetail"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/proposal"
access="hasAnyRole('ROLE_MEMBER', 'ROLE_OWNER')" />
<intercept-url pattern="/other/**" access="isAuthenticated()" />
-->

<access-denied-handler error-page="/403" />


<form-login login-page='/login' login-processing-
url="/j_spring_security_check"
default-target-url="/dashboard" always-use-default-
target="false"
authentication-failure-url="/login?error=true" username-
parameter="username"
password-parameter="password" />

<logout logout-url="/logout" logout-success-url="/logoutSuccessful"


delete-cookies="JSESSIONID" invalidate-session="true" />

</http>

<authentication-manager>

<authentication-provider>
<user-service>
<user name="user1" password="12345" authorities="ROLE_USER"
/>
<user name="admin1" password="12345"
authorities="ROLE_USER, ROLE_ADMIN" />
</user-service>
</authentication-provider>

<!-- authentication from database -->


<authentication-provider>
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,enabled
from user where username=?"
authorities-by-username-query="Select username,
'ROLE_OWNER' user_role from user u
inner
join project_user pu where u.user_id = pu.user_id and u.username =?" />
</authentication-provider>

<authentication-provider>
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,enabled
from user where username=?"
authorities-by-username-query="Select username,
'ROLE_MEMBER' user_role from user u
inner
join member m where u.user_id = m.user_id and u.username =?" />
</authentication-provider>

<authentication-provider>
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,enabled
from user where username=?"
authorities-by-username-query="Select username, 'ROLE_USER'
user_role from user_roles u
where
u.username =?" />
</authentication-provider>

</authentication-manager>
<beans:bean id="encoder"

class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="10" />
</beans:bean>

</beans:beans>

You might also like