dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WebGoat/src/main/webapp/WEB-INF/spring-security.xml
phillip.seay@gmail.com fb938e0933 Initial commit of new spring-MVC/spring security/tiles-based functionality 
git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@484 4033779f-a91e-0410-96ef-6bf7bf53c507
2012-09-11 00:26:09 +00:00

28 lines
1.3 KiB
XML
Raw Blame History

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!--
PCS 8/27/2012
NOTE: Without Spring security, HttpServletRequest.getUserPrincipal() returns null when called from pages under Spring's control.
That method is used extensively in legacy webgoat code. Integrating Spring security into the application resolves this issue.
-->
<http auto-config='true'>
<intercept-url pattern="/**" access="ROLE_USER" />
<http-basic/>
</http>
<!-- Authentication Manager -->
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<!-- TODO: credentials in the config - this isn't something I'm proud of - get rid of this ASAP -->
<user name="guest" password="guest" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
Reference in New Issue View Git Blame Copy Permalink