Commit aac5794e authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette

Update page's permission rules

Now rules are defined by regular expressions (with the inclusion of: "requet-matcher="regex").
Besides that, just an update on rules list.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
parent 3a69eca9
......@@ -2,81 +2,59 @@
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!-- HTTP security configurations -->
<http auto-config="true" use-expressions="true">
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<intercept-url pattern="/registrationrequests**" method="POST" access="permitAll" />
<form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t"/>
<logout logout-url="/resources/j_spring_security_logout"/>
<!-- HTTP security configurations -->
<http auto-config="true" use-expressions="true" request-matcher="regex">
<!-- Rules are tested in declaration order, from first to last. -->
<!-- Defines Login/Logout rules -->
<form-login login-processing-url="/resources/j_spring_security_check"
login-page="/login" authentication-failure-url="/login\?login_error=t" />
<logout logout-url="/resources/j_spring_security_logout"/>
<!-- Login page and Public Resources -->
<intercept-url pattern="^/resources/.*$" access="permitAll" />
<intercept-url pattern="^/login$" access="permitAll" />
<!-- Configure these elements to secure URIs in your application -->
<intercept-url pattern="/choices/**" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="/member/**" access="isAuthenticated()" />
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/login" access="permitAll" />
<!-- Homepage -->
<intercept-url pattern="^/$" access="isAuthenticated()"/>
<!-- <intercept-url pattern="/index" access="permitAll" /> -->
<!-- <intercept-url pattern="/header**" access="permitAll" /> -->
<!-- <intercept-url pattern="/footer**" access="permitAll" /> -->
<!-- <intercept-url pattern="/menu**" access="permitAll" /> -->
<intercept-url pattern="/**" method="DELETE" access="hasAnyRole('Administrador', 'Funcionario')" />
<intercept-url pattern="/**" method="PUT" access="hasAnyRole('Administrador', 'Funcionario')" />
<intercept-url pattern="/**" method="POST" access="hasAnyRole('Administrador', 'Funcionario')" />
<intercept-url pattern="/professors**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/students**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/staffs**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/registrations**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/studentgrants**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/researchfields**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/committees**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/classschedules**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/courses**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/titles**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/cities**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/federalstates**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/banks**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/organizations**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/grantkinds**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/configurations**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/registrationrequests**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<!-- <intercept-url pattern="/people**" access="permitAll" /> -->
<intercept-url pattern="/people**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<!-- Creation forms and other Admin's only resources -->
<intercept-url pattern="^/.*\?form$" access="hasAnyRole('Administrador', 'Funcionario')" />
<intercept-url pattern="^*$" method="DELETE" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^*$" method="PUT" access="hasAnyRole('Administrador', 'Funcionario')"/>
<intercept-url pattern="^*$" method="POST" access="hasAnyRole('Administrador', 'Funcionario')"/>
<!-- Pages that have specific permissions -->
<intercept-url pattern="^/professors$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/professors/.*$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<!-- <intercept-url pattern="/transcripts**" access="permitAll" />
<intercept-url pattern="/sectionposes**" access="permitAll" /> -->
<intercept-url pattern="/transcripts**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/sectionposes**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<!-- <intercept-url pattern="/**" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" /> -->
<intercept-url pattern="/registrationrequests**" access="permitAll" method="GET" />
<intercept-url pattern="/registrationrequests**" access="permitAll" method="POST" />
<intercept-url pattern="/registrationrequests/submitted**" access="permitAll" />
<intercept-url pattern="/registrationrequests/submitted" access="permitAll" />
<intercept-url pattern="^/registrations$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/registrations/registrationspercourse$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/registrations/registrationsstatement$" access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')" />
<intercept-url pattern="^/registrations/acceptancestatement$" access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')" />
<intercept-url pattern="^/registrations/regoverviewchoice$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')" />
<intercept-url pattern="^/transcripts/transcriptsstatement$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/transcripts/transcriptshistory$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor', 'Aluno')" />
<intercept-url pattern="/registrationrequests**" access="permitAll" />
<intercept-url pattern="/registrationrequests/**" access="permitAll" />
<intercept-url pattern="/registrationrequests**/**" access="permitAll" />
<intercept-url pattern="^/studentgrants/statementgrant$" access="hasAnyRole('Administrador', 'Funcionario', 'Aluno')" />
<intercept-url pattern="^/studentgrants/grantsperkind$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/sectionposes$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="^/sectionposes/sectionsselectchoice$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<intercept-url pattern="^/courses$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
</http>
<intercept-url pattern="^/searchMeetingMinutes$" access="hasAnyRole('Administrador', 'Funcionario', 'Professor')" />
<!-- All the rest is considered as Admins permission only. -->
<intercept-url pattern="^/.*$" access="hasAnyRole('Administrador', 'Funcionario')"/>
</http>
<!-- Defines Kerberos as the authentication method -->
<authentication-manager alias="authenticationManager">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment