<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:b="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/>
    
    <http use-expressions="true" authentication-manager-ref="authenticationManager">
        
        
        <!-- EVITAR ALTERAR URL MANUALMENTE -->
        <intercept-url pattern="/paginas/admin/notafiscal/convencional/emissao.jsf" access="hasAnyRole('ROLE_NFSE_EMITIR','ADMIN')" />
        <intercept-url pattern="/paginas/admin/notafiscal/avulsa/emissao.jsf" access="hasAnyRole('ROLE_NFSE_EMITIR','ADMIN')" />
        <intercept-url pattern="/paginas/admin/configuracao/**" access="hasRole('ADMIN')" />
        
        <intercept-url pattern="/paginas/admin/**" access="isAuthenticated()"/>
        <intercept-url pattern="/paginas/login.jsf" access="permitAll"/>
        <intercept-url pattern="/**" access="permitAll"/>
        
        <!-- Página de login -->
        <form-login login-page="/paginas/login.xhtml" authentication-failure-url="/paginas/login.xhtml" default-target-url='/paginas/admin/inicio.xhtml'/>
        
        <access-denied-handler error-page="/paginas/erro403.xhtml"/>

        <logout logout-success-url="/index.jsp" invalidate-session="true" delete-cookies="JSESSIONID"/>
        
        <session-management session-fixation-protection="none"/>
        
        <custom-filter ref="sessionManagementFilter" before="SESSION_MANAGEMENT_FILTER" />        

    </http>
    
    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="userDetailsService"/>
    </authentication-manager>
    
    <b:bean id="userDetailsService"  class="br.com.fiorilli.issweb.springsecurity.service.IssWebUserService"/>
    
    <b:bean id="sessionManagementFilter" class="org.springframework.security.web.session.SessionManagementFilter">
        <b:constructor-arg name="securityContextRepository" ref="httpSessionSecurityContextRepository" />
        <b:property name="invalidSessionStrategy" ref="jsfRedirectStrategy" />
    </b:bean>

    <b:bean id="jsfRedirectStrategy" class="br.com.fiorilli.issweb.springsecurity.JsfRedirectStrategy">
        <b:property name="invalidSessionUrl" value="/paginas/login.xhtml" />
    </b:bean>

    <b:bean id="httpSessionSecurityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"/>      
    
</b:beans>
