applicationContext-security.xml 8.42 KB
Newer Older
1 2 3 4
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5 6
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
7

8 9 10 11 12
	<!-- Defines Kerberos as the authentication method -->
	<authentication-manager alias="authenticationManager">
		<authentication-provider ref="kerberosAuthenticationProvider" />
	</authentication-manager>

13 14 15
	<!-- HTTP security configurations -->
	<http auto-config="true" use-expressions="true" request-matcher="regex">
	
16 17 18 19
		<!-- Obs.:  -->
		<!-- *	Rules are tested in declaration order, from first to last. -->
		<!-- *	Patterns are Regular Expressions of the type "regex". -->
		<!-- 	For more information: http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html -->
20
		
21 22
		<!-- Defines Login/Logout rules -->
		<form-login login-processing-url="/resources/j_spring_security_check"
23
			login-page="/login" authentication-failure-url="/login?login_error=t" />
24 25 26 27
		<logout logout-url="/resources/j_spring_security_logout"/>
                
		<!-- Login page and Public Resources -->
		<intercept-url pattern="^/resources/.*$" access="permitAll" />
28
		<intercept-url pattern="^/login(\?login_error=t)?$" access="permitAll" />
29
        
30 31
		<!-- Homepage -->
		<intercept-url pattern="^/$" access="isAuthenticated()"/>
32
        
33 34
		<!-- Creation forms and other Admin's only resources -->
		<intercept-url pattern="^/.*\?form$" access="hasAnyRole('Administrador', 'Funcionario')" />
35 36 37
		<intercept-url pattern="^/.*$" method="DELETE" access="hasAnyRole('Administrador', 'Funcionario')"/>
		<intercept-url pattern="^/.*$" method="PUT" access="hasAnyRole('Administrador', 'Funcionario')"/>
		<intercept-url pattern="^/.*$" method="POST" access="hasAnyRole('Administrador', 'Funcionario')"/>
38
	
39
		<!-- PROFESSOR - * -->
40
		<intercept-url pattern="^/professors(/[0-9]+|/statement(advisees(concluded)?|committees|courses))?$"
41
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
42 43
		<intercept-url pattern="^/professors.*\?professor=[0-9]?.*$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
44
								and @permissionProvider.hasPermissionToView(request.getParameter('professor'),'professor')"/>
45
						
46 47 48
		<!-- INGRESSOS - Show -->
		<intercept-url pattern="^/registrations/[0-9]+$" 
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')
49
								and @permissionProvider.hasPermissionToView('registrations', request.getRequestURI(),'registration')"/>
50
		
51 52 53
		<!-- INGRESSOS - Show -->
		<intercept-url pattern="^/registrations/studentinfo\?registration=[0-9]+$" 
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')
54
								and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
55
        
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72
        <!-- INGRESSOS - Listar Ingressos" -->
		<intercept-url pattern="^/registrations(/list\?.*)?$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
		
		<!-- INGRESSOS - Listar por status -->
		<intercept-url pattern="^/registrations/registrationspercourse(list\?.*)?$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
		
		<!-- INGRESSOS - Visao geral do aluno -->
		<intercept-url pattern="^/registrations/regoverviewchoice$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')" />
		
		<!-- INGRESSOS - Declaracao matricula -->
		<intercept-url pattern="^/registrations/registrationsstatement$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')"/>
		<intercept-url pattern="^/registrations/registrationsstatementpdf\?registration=[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')
73
								and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
74 75 76 77 78 79
								
		<!-- INGRESSOS - Declaracao de aceitacao -->								
		<intercept-url pattern="^/registrations/acceptancestatement$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')"/>
		<intercept-url pattern="^/registrations/acceptancestatementpdf\?registration=[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')
80 81 82 83 84 85
								and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
		
		<!-- AVALIACAO - Show -->
		<intercept-url pattern="^/transcripts/[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')
								and @permissionProvider.hasPermissionToView('transcripts',request.getRequestURI(),'transcript')"/>
86 87 88 89 90 91
								
		<!-- AVALIACAO - Declaracao disciplinas -->
		<intercept-url pattern="^/transcripts/transcriptsstatement$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')"/>
		<intercept-url pattern="^/transcripts/transcriptsstatement(list|pdf)\?registration=[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')
92
								and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
93 94 95 96 97 98
								
		<!-- AVALIACAO - Historico -->
		<intercept-url pattern="^/transcripts/transcriptshistory$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')"/>
		<intercept-url pattern="^/transcripts/transcriptshistorypdf\?registration=[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')
99
								and @permissionProvider.hasPermissionToView(request.getParameter('registration'),'registration')"/>
100 101 102 103
		
		<!-- BOLSA DISCENTE - Show -->
		<intercept-url pattern="^/studentgrants/[0-9]+?$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
104
								and @permissionProvider.hasPermissionToView('studentgrants', request.getRequestURI(),'studentgrant')"/>
105

106 107 108 109 110 111 112 113 114
		<!-- BOLSA DISCENTE - Listar por bolsa -->			
		<intercept-url pattern="^/studentgrants/grantsperkind(list\?grant=[0-9]+)?$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
						
		<!-- BOLSA DISCENTE - Declaracao de bolsista -->
		<intercept-url pattern="^/studentgrants/statementgrant$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')"/>
		<intercept-url pattern="^/studentgrants/statementgrantpdf\?studentgrant=[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')
115
								and @permissionProvider.hasPermissionToView(request.getParameter('studentgrant'),'studentgrant')"/>
116

117 118 119
		<!-- TURMA - Show -->
		<intercept-url pattern="^/courses/[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
120
								and @permissionProvider.hasPermissionToView('courses', request.getRequestURI(),'course')"/>
121
		
122 123 124
		<!-- AVALIACAO - Show -->
		<intercept-url pattern="^/sectionposes/[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
125
								and @permissionProvider.hasPermissionToView('sectionposes', request.getRequestURI(),'sectionpos')"/>
126 127 128 129 130 131 132 133 134 135
								
		<!-- TURMA - Listar turmas pos -->
		<intercept-url pattern="^/sectionposes(/list\?year=[0-9]+)?$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
						
		<!-- AVALIACAO - Diario de classe -->
		<intercept-url pattern="^/sectionposes/sectionsselectchoice$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
		<intercept-url pattern="^/sectionposes/sectionsselect\?.*professor=[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
136
								and @permissionProvider.hasPermissionToView(request.getParameter('professor'),'professor')"/>
137 138
		<intercept-url pattern="^/transcripts/transcriptspersectionlist\?sectionpos=[0-9]+$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')
139
								and @permissionProvider.hasPermissionToView(request.getParameter('sectionpos'),'sectionpos')"/>						
140
        
141 142 143
		<!-- DISCIPLINA - Listar disciplinas -->
		<intercept-url pattern="^/courses$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
144
        
145 146 147
        <!-- SERVICOS - Procura atas colegiado -->
		<intercept-url pattern="^/searchMeetingMinutes$"
						access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
148 149 150 151 152
		
		<!-- All the rest is considered as Admins permission only. -->
		<intercept-url pattern="^/.*$" access="hasAnyRole('Administrador', 'Funcionario')"/>
		
	</http>
153 154

</beans:beans>