<?xml version="1.0" encoding="UTF-8"?>
<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
license agreements. See the NOTICE file distributed with this work for additional
information regarding copyright ownership. The ASF licenses this file to
You under the Apache License, Version 2.0 (the "License"); you may not use
this file except in compliance with the License. You may obtain a copy of
the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
by applicable law or agreed to in writing, software distributed under the
License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
OF ANY KIND, either express or implied. See the License for the specific
language governing permissions and limitations under the License. -->
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<security:http pattern="/login.jsp" security="none" />
<security:http pattern="/css/**" security="none" />
<security:http pattern="/img/**" security="none" />
<security:http pattern="/libs/**" security="none" />
<security:http pattern="/js/**" security="none" />
<security:http pattern="/ieerror.html" security="none" />
<security:http pattern="/api/atlas/admin/status" security="none" />
<security:http pattern="/api/atlas/admin/metrics" security="none" />
<security:http create-session="always"
entry-point-ref="entryPoint">
<security:session-management
session-fixation-protection="newSession" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<custom-filter ref="ssoAuthenticationFilter" after="BASIC_AUTH_FILTER" />
<security:custom-filter ref="krbAuthenticationFilter" after="SERVLET_API_SUPPORT_FILTER" />
<security:custom-filter ref="csrfPreventionFilter" after="REMEMBER_ME_FILTER" />
<form-login
login-page="/login.jsp"
login-processing-url="/j_spring_security_check"
authentication-success-handler-ref="atlasAuthenticationSuccessHandler"
authentication-failure-handler-ref="atlasAuthenticationFailureHandler"
username-parameter="j_username"
password-parameter="j_password" />
<security:logout logout-success-url="/login.jsp" delete-cookies="ATLASSESSIONID"
logout-url="/logout.html" />
<http-basic />
<headers disabled="true"/>
<csrf disabled="true"/>
</security:http>
<beans:bean id="userDAO" class="org.apache.atlas.web.dao.UserDao" init-method="init"/>
<beans:bean id="userDetailsService" class="org.apache.atlas.web.service.UserService">
<beans:constructor-arg ref="userDAO"/>
</beans:bean>
<beans:bean id="atlasLDAPProvider" class="org.apache.atlas.web.security.AtlasLdapAuthenticationProvider"/>
<beans:bean id="atlasFileProvider" class="org.apache.atlas.web.security.AtlasFileAuthenticationProvider">
<beans:constructor-arg ref="userDetailsService"/>
</beans:bean>
<beans:bean id="atlasADProvider" class="org.apache.atlas.web.security.AtlasADAuthenticationProvider"/>
<beans:bean id="atlasPamProvider" class="org.apache.atlas.web.security.AtlasPamAuthenticationProvider"/>
<beans:bean id="atlasKeycloakProvider" class="org.apache.atlas.web.security.AtlasKeycloakAuthenticationProvider"/>
<beans:bean id="atlasAuthenticationProvider" class="org.apache.atlas.web.security.AtlasAuthenticationProvider">
<beans:constructor-arg index="0" ref="atlasLDAPProvider"/>
<beans:constructor-arg index="1" ref="atlasFileProvider"/>
<beans:constructor-arg index="2" ref="atlasADProvider"/>
<beans:constructor-arg index="3" ref="atlasPamProvider"/>
<beans:constructor-arg index="4" ref="atlasKeycloakProvider" />
</beans:bean>
<beans:bean id="krbAuthenticationFilter" class="org.apache.atlas.web.filters.AtlasAuthenticationFilter">
</beans:bean>
<beans:bean id="ssoAuthenticationFilter" class="org.apache.atlas.web.filters.AtlasKnoxSSOAuthenticationFilter">
<beans:constructor-arg name="authenticationProvider" ref="atlasAuthenticationProvider"/>
</beans:bean>
<beans:bean id="csrfPreventionFilter" class="org.apache.atlas.web.filters.AtlasCSRFPreventionFilter">
</beans:bean>
<beans:bean id="atlasAuthenticationSuccessHandler"
class="org.apache.atlas.web.security.AtlasAuthenticationSuccessHandler" />
<beans:bean id="atlasAuthenticationFailureHandler"
class="org.apache.atlas.web.security.AtlasAuthenticationFailureHandler" />
<beans:bean id="formAuthenticationEntryPoint"
class="org.apache.atlas.web.filters.AtlasAuthenticationEntryPoint">
<beans:constructor-arg value="/login.jsp"/>
</beans:bean>
<beans:bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
<beans:property name="realmName" value="atlas.com" />
</beans:bean>
<beans:bean id="entryPoint" class="org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint">
<beans:constructor-arg>
<beans:map>
<beans:entry key="hasHeader('User-Agent','Mozilla')" value-ref="formAuthenticationEntryPoint" />
</beans:map>
</beans:constructor-arg>
<beans:property name="defaultEntryPoint" ref="authenticationEntryPoint"/>
</beans:bean>
<security:authentication-manager
alias="authenticationManager">
<security:authentication-provider
ref="atlasAuthenticationProvider" />
</security:authentication-manager>
<security:global-method-security pre-post-annotations="enabled" />
</beans:beans>