- Migrate to Spring 3.1

- Remove Acegy
- Fix editor partially

wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml

@@ -1,42 +1,61 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN 2.0//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-
-<beans>
-
-    <bean id="viewSecurityAdvisor"
-          class="org.springframework.aop.support.NameMatchMethodPointcutAdvisor">
-        <property name="advice">
-            <ref local="viewSecurityAdvice"/>
-        </property>
-        <property name="mappedNames">
-            <list>
-                <value>getMindmapUserBy</value>
-                <value>getMindmapById</value>                
-            </list>
-        </property>
-    </bean>
-
-    <bean id="updateSecurityAdvisor"
-          class="org.springframework.aop.support.NameMatchMethodPointcutAdvisor">
-        <property name="advice">
-            <ref local="updateSecurityAdvice"/>
-        </property>
-        <property name="mappedNames">
-            <list>
-                <value>update*</value>
-                <value>add*</value>
-                <value>remove*</value>
-                <value>remove*</value>
-            </list>
-        </property>
-    </bean>
-
-    <bean id="updateSecurityAdvice" class="com.wisemapping.security.aop.UpdateSecurityAdvise">
-        <property name="mindmapService" ref="mindmapService"/>
-    </bean>
-
-    <bean id="viewSecurityAdvice" class="com.wisemapping.security.aop.ViewBaseSecurityAdvise">
-        <property name="mindmapService" ref="mindmapService"/>
-    </bean>
-
-</beans>
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:sec="http://www.springframework.org/schema/security"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans
+          http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+          http://www.springframework.org/schema/security
+          http://www.springframework.org/schema/security/spring-security-3.1.xsd">
+
+    <bean id="encoder"
+          class="com.wisemapping.security.CustomPasswordEncoder"/>
+
+    <sec:http pattern="/css/*" security="none"/>
+    <sec:http pattern="/js/*" security="none"/>
+    <sec:http pattern="/images/*" security="none"/>
+    <sec:http pattern="/favicon.ico" security="none"/>
+    <sec:http pattern="/c/login*" security="none"/>
+    <sec:http pattern="/c/userregistration.htm" security="none"/>
+    <sec:http pattern="/c/activation.htm" security="none"/>
+    <sec:http pattern="/c/forgotpassword.htm" security="none"/>
+    <sec:http pattern="/c/home.htm" security="none"/>
+    <sec:http pattern="/c/try.htm" security="none"/>
+    <sec:http pattern="/c/search.htm" security="none"/>
+    <sec:http pattern="/c/keyboard.htm" security="none"/>
+    <sec:http pattern="/c/embeddedview*" security="none"/>
+    <sec:http pattern="/c/export.htm" security="none"/>
+    <sec:http pattern="/c/publicview.htm" security="none"/>
+    <sec:http pattern="/dwr/engine.js" security="none"/>
+
+    <sec:http pattern="/dwr/interface/loggerservice.js" security="none"/>
+    <sec:http pattern="/dwr/call/plaincall/loggerservice.logerror.dwr" security="none"/>
+
+    <sec:http use-expressions="true" >
+
+        <sec:intercept-url pattern="/**/*" access="isFullyAuthenticated()"/>
+        <sec:form-login login-page="/c/login.htm" default-target-url='/c/mymaps.htm'
+                        always-use-default-target='true' authentication-failure-url="/c/login.htm?login_error=2"
+                        login-processing-url="/j_spring_security_check"/>
+        <sec:remember-me key="rememberMeKey" user-service-ref="userDetailsService"/>
+        <!--<sec:session-management session-fixation-protection="newSession">-->
+        <!--<sec:concurrency-control error-if-maximum-exceeded="true" max-sessions="1"/>-->
+        <!--</sec:session-management>-->
+        <sec:logout logout-url="/c/logout.htm" invalidate-session="true" logout-success-url="/c/login.htm"/>
+    </sec:http>
+
+    <sec:authentication-manager alias="authenticationManager" >
+        <sec:authentication-provider ref="dbAuthenticationProvider"/>
+        <sec:authentication-provider user-service-ref="userDetailsService"/>
+    </sec:authentication-manager>
+
+    <bean id="dbAuthenticationProvider" class="com.wisemapping.security.AuthenticationProvider">
+        <property name="userManager" ref="userManager"/>
+        <property name="encoder" ref="encoder"/>
+    </bean>
+
+    <bean id="userDetailsService" class="com.wisemapping.security.DatabaseUserDetailService">
+        <property name="userManager" ref="userManager"/>
+    </bean>
+
+</beans>