applicationContext-security.xml 7.78 KB
Newer Older
1
2
3
4
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5
6
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
7

8
9
10
11
12
	<!-- Defines Kerberos as the authentication method -->
	<authentication-manager alias="authenticationManager">
		<authentication-provider ref="kerberosAuthenticationProvider" />
	</authentication-manager>

13
14
15
	<!-- HTTP security configurations -->
	<http auto-config="true" use-expressions="true" request-matcher="regex">
	
16
17
18
19
		<!-- Obs.:  -->
		<!-- *	Rules are tested in declaration order, from first to last. -->
		<!-- *	Patterns are Regular Expressions of the type "regex". -->
		<!-- 	For more information: http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html -->
20
		
21
22
		<!-- Defines Login/Logout rules -->
		<form-login login-processing-url="/resources/j_spring_security_check"
23
			login-page="/login" authentication-failure-url="/login?login_error=t" />
24
		<logout logout-url="/resources/j_spring_security_logout"/>
25
26
27
28
29
30
31
32
33


        <!-- registration requests -->        
		<intercept-url pattern="^/registrationrequests.*" access="permitAll" requires-channel="https"/>
	
		
<!--  http://localhost:8080/sapos/registrationrequests?newrequest&lang=pt_BR -->


34
		<!-- Login page and Public Resources -->
35
36
		<intercept-url pattern="^/resources/.*$" access="permitAll" requires-channel="https"/>
		<intercept-url pattern="^/login(\?login_error=t)?$" access="permitAll" requires-channel="https"/>
37
        
38
		<!-- Homepage -->
39
		<intercept-url pattern="^/$" access="isAuthenticated()" requires-channel="https"/>
40
        
41
		<!-- PROFESSOR - * -->
42
		<intercept-url pattern="^/professors/statement(advisees(concluded)?|committees|courses)$"
43
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
44
		<intercept-url pattern="^/professors.*professor=[0-9]?.*$"
45
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
46
								and @permissionProvider.hasPermissionToView(request.getParameter('professor'),'professor')"/>
47
	
48
		<!-- INGRESSOS - Show -->
49
50
51
52
		<!-- INGRESSOS - Show -->
		<intercept-url pattern="^/registrations/studentinfo\?registration=[0-9]+$"
				access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')
				and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>        
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
        <!-- INGRESSOS - Listar Ingressos" -->
		<intercept-url pattern="^/registrations(/list\?.*)?$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
		
		<!-- INGRESSOS - Listar por status -->
		<intercept-url pattern="^/registrations/registrationspercourse(list\?.*)?$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
		
		<!-- INGRESSOS - Visao geral do aluno -->
		<intercept-url pattern="^/registrations/regoverviewchoice$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')" />
		
		<!-- INGRESSOS - Declaracao matricula -->
		<intercept-url pattern="^/registrations/registrationsstatement$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')"/>
		<intercept-url pattern="^/registrations/registrationsstatementpdf\?registration=[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')
70
								and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
71
72
73
74
75
76
								
		<!-- INGRESSOS - Declaracao de aceitacao -->								
		<intercept-url pattern="^/registrations/acceptancestatement$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')"/>
		<intercept-url pattern="^/registrations/acceptancestatementpdf\?registration=[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')
77
78
								and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
		
79
80
81
82
83
		<!-- AVALIACAO - Editar -->
		<intercept-url pattern="^/transcripts/[0-9]+\?form$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
								and @permissionProvider.hasPermissionToView('transcripts',request.getRequestURI(),'transcript')
								and @permissionProvider.isModificationPeriod('transcripts',request.getRequestURI(),'transcript')"/>
84
85
86
								
		<!-- AVALIACAO - Declaracao disciplinas -->
		<intercept-url pattern="^/transcripts/transcriptsstatement$"
87
						access="hasAnyRole('Administrador', 'Funcionario')"/>
88
		<intercept-url pattern="^/transcripts/transcriptsstatement(list|pdf)\?registration=[0-9]+$"
89
						access="hasAnyRole('Administrador', 'Funcionario')
90
								and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
91
92
93
								
		<!-- AVALIACAO - Historico -->
		<intercept-url pattern="^/transcripts/transcriptshistory$"
94
						access="hasAnyRole('Administrador', 'Funcionario', )"/>
95
		<intercept-url pattern="^/transcripts/transcriptshistorypdf\?registration=[0-9]+$"
96
						access="hasAnyRole('Administrador', 'Funcionario', )
97
								and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
98
		
99
			<!-- BOLSA DISCENTE - Listar por bolsa -->			
100
101
102
103
104
105
106
107
		<intercept-url pattern="^/studentgrants/grantsperkind(list\?grant=[0-9]+)?$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
						
		<!-- BOLSA DISCENTE - Declaracao de bolsista -->
		<intercept-url pattern="^/studentgrants/statementgrant$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')"/>
		<intercept-url pattern="^/studentgrants/statementgrantpdf\?studentgrant=[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')
108
								and @permissionProvider.hasPermissionToView(request.getParameter('studentgrant'),'studentgrant')"/>
109
						
110
		<!-- TURMA - Listar turmas pos -->
111
		<intercept-url pattern="^/sectionposes(/list\?year=[0-9]*)?$"
112
113
114
115
116
117
118
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
						
		<!-- AVALIACAO - Diario de classe -->
		<intercept-url pattern="^/sectionposes/sectionsselectchoice$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
		<intercept-url pattern="^/sectionposes/sectionsselect\?.*professor=[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
119
								and @permissionProvider.hasPermissionToView(request.getParameter('professor'),'professor')"/>
120
121
		<intercept-url pattern="^/transcripts/transcriptspersectionlist\?sectionpos=[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
122
								and @permissionProvider.hasPermissionToView(request.getParameter('sectionpos'),'sectionpos')"/>						
123
        
124
125
126
		<!-- DISCIPLINA - Listar disciplinas -->
		<intercept-url pattern="^/courses$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
127
        
128
129
130
        <!-- SERVICOS - Procura atas colegiado -->
		<intercept-url pattern="^/searchMeetingMinutes$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
131
132
		
		<!-- All the rest is considered as Admins permission only. -->
133
134
135
136
137
		<intercept-url pattern="^/.*\?form$" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
		<intercept-url pattern="^/.*$" method="DELETE" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
		<intercept-url pattern="^/.*$" method="PUT" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
		<intercept-url pattern="^/.*$" method="POST" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
		<intercept-url pattern="^/.*$" access="hasAnyRole('Administrador', 'Funcionario')" requires-channel="https"/>
138
		
139
140
		
		
141
	</http>
142
143

</beans:beans>