DRYD-22: Simplify spring security config.

diff --git a/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml b/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml
index 569e3ce9aeee6640b3020d306e8517e696e3e917..877ee8f7e14d9305ef4884bef9bd0d113c79368a 100644 (file)
--- a/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -11,12 +11,9 @@
 <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:sec="http://www.springframework.org/schema/security"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:aop="http://www.springframework.org/schema/aop"
        xsi:schemaLocation="
-       http://www.springframework.org/schema/beans             http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-       http://www.springframework.org/schema/security  http://www.springframework.org/schema/security/spring-security.xsd
-       http://www.springframework.org/schema/util              http://www.springframework.org/schema/util/spring-util.xsd">
+       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 
     <!--
         debugging tips : enable following categories in
@@ -24,54 +21,16 @@
         org.apache.catalina.core
         org.springframework.security
     -->
-       
-    <bean id="springSecurityFilterChain"
-          class="org.springframework.security.web.FilterChainProxy">
-        <sec:filter-chain-map request-matcher="ant">
-                       <!-- Exclude the resource path to public items' content from AuthN and AuthZ.  Let's us publish resources with anonymous access. -->
-                       <sec:filter-chain pattern="/publicitems/*/*/content"
-                              filters="none"/>
-            <sec:filter-chain pattern="/**"
-                              filters="securityContextPersistenceFilter,basicAuthenticationFilter,logoutFilter,exTranslationFilter,filterInvocationInterceptor"/>
-        </sec:filter-chain-map>
-    </bean>
-       
-
-    <bean id="securityContextPersistenceFilter"
-          class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
-        <constructor-arg>
-            <bean class='org.springframework.security.web.context.HttpSessionSecurityContextRepository'>
-                <property name='allowSessionCreation' value='true' />
-            </bean>
-        </constructor-arg>
-    </bean>
-
 
-    <bean id="basicAuthenticationFilter"
-          class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
-        <constructor-arg ref="authenticationManager"/>
-        <constructor-arg ref="basicAuthenticationEntryPoint"/>
-    </bean>
-
-    <bean id="basicAuthenticationEntryPoint"
-          class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
-        <property name="realmName" value="org.collectionspace.services"/>
-    </bean>
-
-    <bean id="logoutFilter"
-          class="org.springframework.security.web.authentication.logout.LogoutFilter">
-        <constructor-arg value="/"/>
-        <constructor-arg>
-            <list>
-                <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
-            </list>
-        </constructor-arg>
-    </bean>
-
-    <bean id="exTranslationFilter"
-          class="org.springframework.security.web.access.ExceptionTranslationFilter">
-        <constructor-arg ref="basicAuthenticationEntryPoint"/>
-    </bean>
+    <!-- Exclude the resource path to public items' content from AuthN and AuthZ.  Lets us publish resources with anonymous access. -->
+    <sec:http pattern="/publicitems/*/*/content" security="none" />
+    
+    <!-- All other paths must be authenticated. -->
+    <sec:http realm="org.collectionspace.services" create-session="stateless" authentication-manager-ref="authenticationManager">
+        <sec:intercept-url pattern="/**" access="isFullyAuthenticated()" />
+        <sec:http-basic />
+        <sec:csrf disabled="true" />
+    </sec:http>
 
     <sec:authentication-manager alias="authenticationManager">
         <sec:authentication-provider ref="jaasAuthenticationProvider"/>
@@ -97,42 +56,4 @@
             </list>
         </property>
     </bean>
-
-    <bean id="userDetailsService"
-          class="org.collectionspace.authentication.spring.CSpaceUserDetailsService">
-    </bean>
-
-    <bean id="filterInvocationInterceptor"
-          class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
-        <property name="authenticationManager" ref="authenticationManager"/>
-        <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
-        <!--property name="securityMetadataSource" ref="cspaceMetadataSource"/-->
-        <property name="securityMetadataSource">
-            <sec:filter-security-metadata-source use-expressions="false">
-                <sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED"/>
-            </sec:filter-security-metadata-source>
-        </property>
-    </bean>
-
-    <bean id="httpRequestAccessDecisionManager"
-          class="org.springframework.security.access.vote.AffirmativeBased">
-        <constructor-arg>
-            <list>
-                <ref bean="roleVoter"/>
-                <ref bean="authenticatedVoter"/>
-            </list>
-        </constructor-arg>
-        <property name="allowIfAllAbstainDecisions" value="false"/>
-    </bean>
-
-    <bean id="authenticatedVoter"
-          class="org.springframework.security.access.vote.AuthenticatedVoter"/>
-    <bean id="roleVoter"
-          class="org.springframework.security.access.vote.RoleVoter"/>
-    <!--bean id="cspaceMetadataSource" class="org.collectionspace.services.authorization.spring.CSpaceSecurityMetadataSource">
-        <property name="urlProperties">
-            <util:properties location="classpath:urls.properties" />
-        </property>
-    </bean-->
-
 </beans>