Fixes to sample app context files

17 years ago · f976080d1d
2 changed files with 11 additions and 16 deletions
--- a/samples/contacts/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/samples/contacts/src/main/webapp/WEB-INF/applicationContext-security.xml
@ -18,7 +18,7 @@
				@@ -18,7 +18,7 @@
        <expression-handler ref="expressionHandler"/>
    </global-method-security>

-    <http auto-config="true" realm="Contacts Realm">
+    <http realm="Contacts Realm">
        <intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <intercept-url pattern="/hello.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
@ -28,6 +28,7 @@
				@@ -28,6 +28,7 @@
        <intercept-url pattern="/**" access="ROLE_USER"/>

        <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1"/>
+        <http-basic/>
        <logout logout-success-url="/index.jsp"/>
        <remember-me />
    </http>
@ -49,10 +50,10 @@
				@@ -49,10 +50,10 @@
    </b:bean>

    <b:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
-        <b:property name="permissionEvaluator">
-            <b:bean class="org.springframework.security.acls.AclPermissionEvaluator">
-                <b:constructor-arg ref="aclService"/>
-            </b:bean>
-        </b:property>
+        <b:property name="permissionEvaluator" ref="permissionEvaluator"/>
+    </b:bean>
+
+    <b:bean id="permissionEvaluator" class="org.springframework.security.acls.AclPermissionEvaluator">
+        <b:constructor-arg ref="aclService"/>
    </b:bean>
 </b:beans>
--- a/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
@ -12,13 +12,13 @@
				@@ -12,13 +12,13 @@
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

-    <global-method-security prepost-annotations="enabled">
+    <global-method-security pre-post-annotations="enabled">
        <!-- AspectJ pointcut expression that locates our "post" method and applies security that way
        <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
        -->
    </global-method-security>

-    <http auto-config="true" use-expressions="true">
+    <http use-expressions="true">
        <intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_SUPERVISOR')"/>
        <intercept-url pattern="/secure/**" access="isAuthenticated()" />
        <!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
@ -26,19 +26,13 @@
				@@ -26,19 +26,13 @@
        <intercept-url pattern="/post.html" access="ROLE_TELLER" />
        -->
        <intercept-url pattern="/**" access="permitAll" />
+        <form-login />
+        <logout />
        <remember-me />
 <!--
    Uncomment to enable X509 client authentication support
        <x509 />
 -->
-
-<!-- All of this is unnecessary if auto-config="true"
-        <form-login />
-        <anonymous />
-        <http-basic />
-        <logout />
-->
-
        <!-- Uncomment to limit the number of sessions a user can have
        <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
        -->