Default MATRIXX Backoffice Customer Tool Security File

<?xml version="1.0" encoding="UTF-8"?>
<!--  - Matrixx configuration  -  -->
<beans xmlns:sec="http://www.springframework.org/schema/security"
    xmlns="http://www.springframework.org/schema/beans"
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                http://www.springframework.org/schema/beans/spring-beans.xsd 
               http://www.springframework.org/schema/security            
               http://www.springframework.org/schema/security/spring-security.xsd"
   sec:schemaLocation="http://www.springframework.org/schema/security 
                   http://www.springframework.org/schema/security/spring-security.xsd">
    <sec:http pattern="/services/search/asset/**" security="none" /> 
   <sec:http auto-config="false" pattern="/**" use-expressions="true"
 entry-point-ref="matrixxAuthenticationEntryPoint"> 
       <sec:csrf disabled="true"/>
        <sec:intercept-url pattern="/login" access="permitAll" />
        <sec:intercept-url pattern="/j_spring_security_check_customer" access="permitAll" />
        <sec:intercept-url pattern="/j_spring_security_check_csr" access="permitAll" />
        <sec:intercept-url pattern="/logout" access="permitAll" /> 
       <sec:intercept-url pattern="/services/**" access="hasAnyAuthority('MTX_ROLE_ADMIN',
           'MTX_ROLE_CSR_MGR', 'MTX_ROLE_CSR')" /> 
       <sec:intercept-url pattern="/api/**"
          access="hasAnyAuthority('MTX_ROLE_ADMIN', 'MTX_ROLE_CSR_MGR', 'MTX_ROLE_CSR')" />

        <sec:http-basic />
        <sec:logout invalidate-session='true' success-handler-ref="matrixxLogoutSuccessHandler"/>
        <!--  START of Matrixx Login Handler -->
        <sec:custom-filter position="FORM_LOGIN_FILTER" ref="matrixxLoginFilter"/>
        <!--  END of Matrixx Login Handler --> 
   </sec:http>
   <!--  START of Matrixx Login Handler -->
    <bean id="matrixxAuthenticationEntryPoint"
         class="com.matrixx.common.auth.MatrixxAuthenticationEntryPoint">
        <constructor-arg value="/index.html" />
</bean> 
  <bean class="com.matrixx.common.auth.MatrixxLoginFilter" id="matrixxLoginFilter">
        <property name="authenticationManager" ref="authenticationManager" />
  <property name="authenticationSuccessHandler" ref="matrixxAuthenticationSuccessHandler" />
        <property name="authenticationFailureHandler" ref="matrixxAuthenticationFailureHandler" />
        <property name="sessionAuthenticationStrategy" ref="matrixxSessionAuthenticationStrategy" />
    </bean>
    <bean class="com.matrixx.common.auth.MatrixxAuthenticationSuccessHandler"    
        id="matrixxAuthenticationSuccessHandler">
        <property name="defaultTargetUrl" value="/index.html"/>
    </bean>
    <bean class="com.matrixx.common.auth.MatrixxAuthenticationFailureHandler 
      id="matrixxAuthenticationFailureHandler">
        <constructor-arg value="/index.html?error=2" />
    </bean>
    <bean class="com.matrixx.common.auth.MatrixxLogoutSuccessHandler"
          id="matrixxLogoutSuccessHandler">
        <property name="defaultTargetUrl" value="/index.html?logout=2"/>
    </bean> 
   <bean class=
         "org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy"
          id="matrixxSessionAuthenticationStrategy">
    </bean>
    <!--  END of Matrixx Login Handler -->
    <!-- Password Encoder that is used by matrixxSelfcareUserDetailService to do the match through a  
        call to rsgateway. -->
    <!-- NOTE: encode not implemented on this encoder and should not be called.                                     -->
    <bean class="com.matrixx.auth.SelfcarePasswordEncoder" id="selfcarePasswordEncoder" />
    <bean id="matrixxPropertyUserDetailsService"
        class="com.matrixx.common.auth.MatrixxPropertyUserDetailsService">
          <constructor-arg value=
            "context:/WEB-INF/properties/matrixxbct_users.properties,
            file:///opt/mtx/conf/matrixxbct_users.properties"/>
    </bean>
    <bean id="matrixxSelfcareUserDetailsService" class="com.matrixx.auth.SelfcareUserDetailsService">
    </bean>
        <!--  Matrixx JMX to control log4j -->
    <bean id="log4jJMXService" class="com.matrixx.common.jmx.Log4jJMXService">
        <property name="appName" value="matrixxbct" />
    </bean>
    <!--  hle - SNMP agent -->
   <!--  allow system property -Dmatrixxbct.snmpAgent.address=0.0.0.0/5720 -->
    <bean id="snmpMib" class="com.matrixx.common.snmp.matrixxbctMib" />
    <bean id="springMtxWebAgent" class="com.matrixx.common.snmp.SpringMtxWebAgent">
      <constructor-arg index="0" value="matrixxbct"/>
      <constructor-arg index="1" value
         ="#{systemProperties['matrixxbct.snmpAgent.address'] ?: '0.0.0.0/5720'}"/>
      <constructor-arg index="2" ref="snmpMib" />
    </bean>
    <bean id="snmpAgentFilterBean" class="com.matrixx.common.snmp.MatrixxBctSnmpFilterBean" />
    <bean id="movingAverage" class="com.matrixx.common.snmp.MovingAverage" />
    <!-- Tracing filter bean -->
    <bean id="mtxHeaderTraceFilter" class="com.matrixx.common.web.MtxHeaderTraceFilter" />	
    <!-- LDAP authentication configuration -->
	    <bean id="customerManagerLdapProvider"
       class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
	        <constructor-arg>
		            <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">			                <constructor-arg ref="contextSource"/>
				                <property name="userDnPatterns">
        <list>
         <value>#{systemProperties['matrixxbct.ldap.userDnPatterns'] ?: 'uid={0},ou=people'}</value>
       </list>
     </property
				            </bean>
			        </constructor-arg>
		        <constructor-arg>
		            <bean class
            "org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">	
		                <constructor-arg ref="contextSource"/>
				                <constructor-arg value=
"#{systemProperties['matrixxbct.ldap.authoritiesPopulator'] ?: 'ou=groups'}"/>
				                <property  name="groupRoleAttribute" value=
"#{systemProperties['matrixxbct.ldap.groupRoleAttribute'] ?: 'ou'}"/>
				                <property name="searchSubtree" value="true"/>
				                <property name="rolePrefix" value=""/>
				                <property name="convertToUpperCase" value="false"/>
				            </bean>
        </constructor-arg>
    </bean>
        <bean id="contextSource" class=
"org.springframework.security.ldap.DefaultSpringSecurityContextSource"
        <constructor-arg value
="#{systemProperties['matrixxbct.ldap.contextSource'] ?: 'ldap://localhost:10389/dc=example,dc=com'}"/>
        <property name="anonymousReadOnly" value="true"/>
    </bean>
<!--    Roles for CSR app.
    MTX_ROLE_CSR - Read only access to app.
    MTX_ROLE_CSR_MGR - Write access to Balances and Thresholds
    MTX_ROLE_ADMIN - Write access to the rest of the objects in the app.
    MTX_ROLE_SIMULATE - Access to simulate usage to pump usage through Engine.
     For Testing ONLY.--> 
   <sec:authentication-manager alias="authenticationManager"> 
       <sec:authentication-provider user-service-ref="matrixxPropertyUserDetailsService">
        </sec:authentication-provider>
        <sec:authentication-provider user-service-ref="matrixxSelfcareUserDetailsService">
            <sec:password-encoder  ref="selfcarePasswordEncoder"/>
        </sec:authentication-provider>
        <sec:authentication-provider ref="customerManagerLdapProvider" />
    </sec:authentication-manager>
</beans>