Geomajas Community Documentation
To make sure the system can be used, you have to configure the security to allow access. The easiest configuration is to allow access to everybody.
<bean name="security.securityInfo" class="org.geomajas.security.SecurityInfo"> <property name="loopAllServices" value="false"/> <property name="securityServices"> <list> <bean class="org.geomajas.security.allowall.AllowAllSecurityService"/> </list> </property> </bean>
Example 13.1. Allow full access to everybody
Any other configuration would depend on the available security services. For example, when using the staticsecurity plugin, the following could be defined.
<bean name="SecurityService" class="org.geomajas.plugin.staticsecurity.security.StaticSecurityService"/> <bean name="security.securityInfo" class="org.geomajas.security.SecurityInfo"> <property name="loopAllServices" value="true"/> <property name="securityServices"> <list> <ref bean="SecurityService"/> <bean class="org.geomajas.plugin.staticsecurity.security.LoginAllowedSecurityService"/> </list> </property> </bean> <bean class="org.geomajas.plugin.staticsecurity.configuration.SecurityServiceInfo"> <property name="users"> <list> <!-- User elvis has restricted attribute editing permissions on roads layer --> <bean class="org.geomajas.plugin.staticsecurity.configuration.UserInfo"> <property name="userId" value="elvis"/> <property name="password" value="BUOMyQ95onvc7gMrMjFtDQ"/> <!-- "elvis" --> <property name="userName" value="Elvis Presley"/> <property name="authorizations"> <list> <bean class="org.geomajas.plugin.staticsecurity.configuration.AttributeAuthorizationInfo"> <property name="commandsInclude"> <list> <value>.*</value> </list> </property> <property name="visibleLayersInclude"> <list> <value>.*</value> </list> </property> <property name="updateAuthorizedLayersInclude"> <list> <value>beans</value> </list> </property>
Example 13.2. Partial staticsecurity configuration
Most notable in this example is the inclusion of two security services. The first is provided to allow login and logout ( only ) for everybody. The second defines users and authorizations (only the beginning of the configuration is displayed here).