<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:b="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">        

    <global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/>
    
    <http use-expressions="true">

        <intercept-url pattern="/paginas/**" access="isAuthenticated()"/>
        <intercept-url pattern="/**" access="permitAll"/>

        <!-- Página de login -->
        <form-login login-page="/login.jsf" authentication-failure-url="/login.jsf" default-target-url='/paginas/inicio.jsf'/>
        
        <access-denied-handler error-page="/login.jsf"/>

        <logout logout-success-url="/index.jsp" invalidate-session="true" delete-cookies="JSESSIONID"/>

        <custom-filter ref="sessionManagementFilter" before="SESSION_MANAGEMENT_FILTER" />        
    </http>
    
    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="userDetailsService"/>
    </authentication-manager>
    
    <b:bean id="userDetailsService" class="br.com.fiorilli.atualizador.springsecurity.service.AtualizadorUserService"/>    
    
    <b:bean id="sessionManagementFilter" class="org.springframework.security.web.session.SessionManagementFilter">
        <b:constructor-arg name="securityContextRepository" ref="httpSessionSecurityContextRepository" />
        <b:property name="invalidSessionStrategy" ref="jsfRedirectStrategy" />
    </b:bean>

    <b:bean id="jsfRedirectStrategy" class="br.com.fiorilli.atualizador.springsecurity.JsfRedirectStrategy">
        <b:property name="invalidSessionUrl" value="/login.jsf" />
    </b:bean>

    <b:bean id="httpSessionSecurityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"/>     
    
</b:beans>
