Geomajas Community Documentation

Chapter 13. Security configuration

To make sure the system can be used, you have to configure the security to allow access. The easiest configuration is to allow access to everybody.

<bean name="security.securityInfo" class="org.geomajas.security.SecurityInfo">
    <property name="loopAllServices" value="false"/>
    <property name="securityServices">
        <list>
            <bean class="org.geomajas.security.allowall.AllowAllSecurityService"/>
        </list>
    </property>
</bean>

Example 13.1. Allow full access to everybody


Any other configuration would depend on the available security services. For example, when using the staticsecurity plugin, the following could be defined.

    <bean name="SecurityService" class="org.geomajas.plugin.staticsecurity.security.StaticSecurityService"/>
    
    <bean name="security.securityInfo" class="org.geomajas.security.SecurityInfo">
        <property name="loopAllServices" value="true"/>
        <property name="securityServices">
            <list>
                <ref bean="SecurityService"/>
                <bean class="org.geomajas.plugin.staticsecurity.security.LoginAllowedSecurityService"/>
            </list>
        </property>
    </bean>

    <bean class="org.geomajas.plugin.staticsecurity.configuration.SecurityServiceInfo">
        <property name="users">
            <list>

                <!-- User elvis has restricted attribute editing permissions on roads layer -->
                <bean class="org.geomajas.plugin.staticsecurity.configuration.UserInfo">
                    <property name="userId" value="elvis"/>
                    <property name="password" value="BUOMyQ95onvc7gMrMjFtDQ"/> <!-- "elvis" -->
                    <property name="userName" value="Elvis Presley"/>
                    <property name="authorizations">
                        <list>
                            <bean class="org.geomajas.plugin.staticsecurity.configuration.AttributeAuthorizationInfo">
                                <property name="commandsInclude">
                                    <list>
                                        <value>.*</value>
                                    </list>
                                </property>
                                <property name="visibleLayersInclude">
                                    <list>
                                        <value>.*</value>
                                    </list>
                                </property>
                                <property name="updateAuthorizedLayersInclude">
                                    <list>
                                        <value>beans</value>
                                    </list>
                                </property>

Example 13.2. Partial staticsecurity configuration


Most notable in this example is the inclusion of two security services. The first is provided to allow login and logout ( only ) for everybody. The second defines users and authorizations (only the beginning of the configuration is displayed here).