Versions Compared

Old Version 6

changes.mady.by.user Peter Eichman

Saved on

compared with

New Version 7

changes.mady.by.user Peter Eichman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
titleSpring configuration
<bean name="modeshapeRepofactory"
    class="org.fcrepo.kernel.modeshape.spring.ModeShapeRepositoryFactoryBean"
    p:repositoryConfiguration="${fcrepo.modeshape.configuration}"
    depends-on="authenticationProvider"/>

<bean name="authenticationProvider" class="org.fcrepo.auth.common.ShiroAuthenticationProvider"/>

<!-- **************************
          Authentication
     ************************** -->

<!-- Optional PrincipalProvider filter that will inspect the request header, "some-header", for user role values -->
<!--
<bean name="headerProvider" class="org.fcrepo.auth.common.HttpHeaderPrincipalProvider">
    <property name="headerName" value="some-header"/>
    <property name="separator" value=","/>
</bean>
-->

<!-- Optional PrincipalProvider filter that will use container configured roles as principals -->
<!--
<bean name="containerRolesProvider" class="org.fcrepo.auth.common.ContainerRolesPrincipalProvider">
  <property name="roleNames">
    <util:set set-class="java.util.HashSet">
      <value>tomcat-role-1</value>
      <value>tomcat-role-2</value>
    </util:set>
  </property>
</bean>
-->

<!-- delegatedPrincipleProvider filter allows a single user to be passed in the header "On-Behalf-Of",
       this is to be used as the actor making the request when authenticating.
       NOTE: OnOnly users with the role fedoraAdmin can delegate to another user.
       NOTE: Only supported in WebAC authentication -->
<bean name="delegatedPrincipalProvider" class="org.fcrepo.auth.common.DelegateHeaderPrincipalProvider"/>

<bean name="accessRolesProvider" class="org.fcrepo.auth.webac.WebACRolesProvider"/>

<!-- Shiro Auth Confiuration -->
<!-- Define the Shiro Realm implementation you want to use to connect to your back-end -->
<!-- WebAC Authorization Realm -->
<bean id="webACAuthorizingRealm" class="org.fcrepo.auth.webac.WebACAuthorizingRealm" />

<!-- Servlet Container Authentication Realm -->
<bean id="servletContainerAuthenticatingRealm" class="org.fcrepo.auth.common.ServletContainerAuthenticatingRealm" />

<!-- Security Manager  -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
  <property name="realms">
    <util:set set-class="java.util.HashSet">
      <ref bean="webACAuthorizingRealm"/>
      <ref bean="servletContainerAuthenticatingRealm"/>
    </util:set>
  </property>
  <!-- By default the servlet container sessions will be used.  Uncomment this line
      to use shiro's native sessions (see the JavaDoc for more): -->
  <!-- <property name="sessionMode" value="native"/> -->
</bean>

<!-- Post processor that automatically invokes init() and destroy() methods -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

<!-- Authentication Filter -->
<bean id="servletContainerAuthFilter" class="org.fcrepo.auth.common.ServletContainerAuthFilter"/>

<!-- Authorization Filter -->
<bean id="webACFilter" class="org.fcrepo.auth.webac.WebACFilter"/>

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
  <property name="securityManager" ref="securityManager"/>
  <property name="filterChainDefinitions">
    <value>
      <!-- The Auth filter should come first, followed by 0 or more of the principal provider filters, -->
      <!-- and finally the webACFilter -->
      /** = servletContainerAuthFilter,delegatedPrincipalProvider,webACFilter
    </value>
  </property>
</bean>

...