<?xml version="1.0" encoding="UTF-8"?>
<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor 
    license agreements. See the NOTICE file distributed with this work for additional 
    information regarding copyright ownership. The ASF licenses this file to 
    You under the Apache License, Version 2.0 (the "License"); you may not use 
    this file except in compliance with the License. You may obtain a copy of 
    the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required 
    by applicable law or agreed to in writing, software distributed under the 
    License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
    OF ANY KIND, either express or implied. See the License for the specific 
    language governing permissions and limitations under the License. -->

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:security="http://www.springframework.org/schema/security"
             xmlns:util="http://www.springframework.org/schema/util"
             xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
             xmlns:context="http://www.springframework.org/schema/context"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd
    http://www.springframework.org/schema/util
    http://www.springframework.org/schema/util/spring-util-3.1.xsd
    http://www.springframework.org/schema/security/oauth2
    http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
    http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context-3.1.xsd">

    <security:http pattern="/login.jsp" security="none" />
    <security:http pattern="/css/**" security="none" />
    <security:http pattern="/img/**" security="none" />
    <security:http pattern="/libs/**" security="none" />
    <security:http pattern="/js/**" security="none" />
    <security:http pattern="/ieerror.html" security="none" />
    <security:http pattern="/api/atlas/admin/status" security="none" />

    <security:http disable-url-rewriting="true"
                   use-expressions="true" create-session="always"
                   entry-point-ref="entryPoint">
        <security:session-management
                session-fixation-protection="newSession" />
        <intercept-url pattern="/**" access="isAuthenticated()" />
        <custom-filter ref="ssoAuthenticationFilter" after="BASIC_AUTH_FILTER" />

        <security:custom-filter ref="krbAuthenticationFilter" after="SERVLET_API_SUPPORT_FILTER" />
        <security:custom-filter ref="CSRFPreventionFilter" after="REMEMBER_ME_FILTER" />

        <form-login
                login-page="/login.jsp"
                authentication-success-handler-ref="atlasAuthenticationSuccessHandler"
                authentication-failure-handler-ref="atlasAuthenticationFailureHandler"
                username-parameter="j_username"
                password-parameter="j_password" />

        <security:logout logout-success-url="/login.jsp" delete-cookies="ATLASSESSIONID"
                         logout-url="/logout.html" />
        <http-basic />
        <security:custom-filter position="LAST" ref="atlasAuthorizationFilter"/>
    </security:http>

    <beans:bean id="krbAuthenticationFilter" class="org.apache.atlas.web.filters.AtlasAuthenticationFilter">
    </beans:bean>

    <beans:bean id="ssoAuthenticationFilter" class="org.apache.atlas.web.filters.AtlasKnoxSSOAuthenticationFilter">
    </beans:bean>

    <beans:bean id="CSRFPreventionFilter" class="org.apache.atlas.web.filters.AtlasCSRFPreventionFilter">
    </beans:bean>

    <beans:bean id="atlasAuthenticationSuccessHandler"
                class="org.apache.atlas.web.security.AtlasAuthenticationSuccessHandler" />

    <beans:bean id="atlasAuthenticationFailureHandler"
                class="org.apache.atlas.web.security.AtlasAuthenticationFailureHandler" />

    <beans:bean id="formAuthenticationEntryPoint"
                class="org.apache.atlas.web.filters.AtlasAuthenticationEntryPoint">
        <beans:property name="loginFormUrl" value="/login.jsp" />
    </beans:bean>

    <beans:bean id="authenticationEntryPoint"
                class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
        <beans:property name="realmName" value="atlas.com" />
    </beans:bean>

    <beans:bean id="entryPoint" class="org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint">
        <beans:constructor-arg>
            <beans:map>
                <beans:entry key="hasHeader('User-Agent','Mozilla')" value-ref="formAuthenticationEntryPoint" />
            </beans:map>
        </beans:constructor-arg>
        <beans:property name="defaultEntryPoint" ref="authenticationEntryPoint"/>
    </beans:bean>


    <beans:bean id="atlasAuthenticationProvider"
                class="org.apache.atlas.web.security.AtlasAuthenticationProvider">
    </beans:bean>

    <security:authentication-manager
            alias="authenticationManager">
        <security:authentication-provider
                ref="atlasAuthenticationProvider" />
    </security:authentication-manager>


    <security:global-method-security
            pre-post-annotations="enabled" />

    <context:component-scan base-package="org.apache.atlas.web" />
    
    <beans:bean id = "atlasAuthorizationFilter" class="org.apache.atlas.web.filters.AtlasAuthorizationFilter"/>
</beans:beans>