55 lines
1.8 KiB
XML
55 lines
1.8 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<beans:beans
|
|
xmlns="http://www.springframework.org/schema/security"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xmlns:beans="http://www.springframework.org/schema/beans"
|
|
xmlns:sec="http://www.springframework.org/schema/security"
|
|
xmlns:context="http://www.springframework.org/schema/context"
|
|
xsi:schemaLocation="
|
|
http://www.springframework.org/schema/security
|
|
http://www.springframework.org/schema/security/spring-security-4.2.xsd
|
|
http://www.springframework.org/schema/context
|
|
http://www.springframework.org/schema/context/spring-context-4.2.xsd
|
|
http://www.springframework.org/schema/beans
|
|
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd">
|
|
|
|
<!--
|
|
-->
|
|
<context:component-scan base-package="security.*" />
|
|
|
|
|
|
<!--
|
|
<http auto-config='true'>
|
|
<intercept-url pattern="/**" access="ROLE_USER" />
|
|
</http>
|
|
-->
|
|
|
|
<http use-expressions="true" create-session="stateless" auto-config='true'>
|
|
<custom-filter after="BASIC_AUTH_FILTER" ref="tokenAuthenticationFilter" />
|
|
<!-- is authenticated means that they can see even if no correct creds provided -->
|
|
<!-- <intercept-url pattern="/customers/**" access="isAuthenticated()" /> -->
|
|
<intercept-url pattern="/**" access="isAuthenticated()" />
|
|
<http-basic/>
|
|
</http>
|
|
|
|
|
|
<authentication-manager>
|
|
<authentication-provider ref="customAuthenticationProvider" />
|
|
</authentication-manager>
|
|
|
|
<!--
|
|
|
|
<authentication-manager>
|
|
<authentication-provider>
|
|
<user-service>
|
|
<user name="mkyong" password="123456" authorities="ROLE_USER" />
|
|
</user-service>
|
|
</authentication-provider>
|
|
</authentication-manager>
|
|
-->
|
|
|
|
|
|
<beans:bean id="tokenFilter" class="security.TokenAuthenticationFilter"/>
|
|
|
|
|
|
</beans:beans> |