<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.0.xsd">

  <!-- CSRF Protection Channel Configuration.
   The order of the Request Matchers is very important. The first one which matches the
   request will be used. Later matchers will not be invoked if a match has already been found.
   Accordingly, the most specific matchers should be registered first, with the most general
   matches registered last. -->
  <bean id="csrfChannelProcessingFilter" class="com.appiancorp.security.csrf.CsrfChannelProcessingFilter">
    <constructor-arg>
      <util:map map-class="java.util.LinkedHashMap">
        <entry>
          <key>
            <bean class="com.appiancorp.security.MultipartRequestMatcher" />
          </key>
          <util:list>
            <bean class="org.springframework.security.access.SecurityConfig">
              <constructor-arg value="REQUIRES_CSRF_MULTIPART_CHANNEL"/>
            </bean>
          </util:list>
        </entry>
        <entry>
          <key>
            <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
              <constructor-arg value="/framework/backgroundAction.**"/>
            </bean>
          </key>
          <util:list>
            <bean class="org.springframework.security.access.SecurityConfig">
              <constructor-arg value="REQUIRES_CSRF_CHANNEL"/>
            </bean>
          </util:list>
        </entry>
        <entry>
          <key>
            <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
              <constructor-arg value="/JSON-RPC"/>
            </bean>
          </key>
          <util:list>
            <bean class="org.springframework.security.access.SecurityConfig">
              <constructor-arg value="REQUIRES_CSRF_CHANNEL"/>
            </bean>
          </util:list>
        </entry>
        <entry>
          <key>
            <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
              <constructor-arg value="/api/**"/>
            </bean>
          </key>
          <util:list>
            <bean class="org.springframework.security.access.SecurityConfig">
              <constructor-arg value="REQUIRES_CSRF_CHANNEL"/>
            </bean>
          </util:list>
        </entry>
        <entry>
          <key>
            <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
              <constructor-arg value="/masterapp/**"/>
            </bean>
          </key>
          <util:list>
            <bean class="org.springframework.security.access.SecurityConfig">
              <constructor-arg value="REQUIRES_CSRF_CHANNEL"/>
            </bean>
          </util:list>
        </entry>
        <entry>
          <key>
            <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
              <constructor-arg value="/tempo/tempoSvc"/>
            </bean>
          </key>
          <util:list>
            <bean class="org.springframework.security.access.SecurityConfig">
              <constructor-arg value="REQUIRES_CSRF_CHANNEL"/>
            </bean>
          </util:list>
        </entry>
       <entry>
          <key>
            <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
              <constructor-arg value="/rest/**"/>
              <constructor-arg value="PUT"/>
            </bean>
          </key>
          <util:list>
            <bean class="org.springframework.security.access.SecurityConfig">
              <constructor-arg value="REQUIRES_CSRF_CHANNEL"/>
            </bean>
          </util:list>
        </entry>
        <entry>
          <key>
            <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
              <constructor-arg value="/rest/**"/>
              <constructor-arg value="DELETE"/>
            </bean>
          </key>
          <util:list>
            <bean class="org.springframework.security.access.SecurityConfig">
              <constructor-arg value="REQUIRES_CSRF_CHANNEL"/>
            </bean>
          </util:list>
        </entry>
        <entry>
          <key>
            <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
              <constructor-arg value="/rest/**"/>
              <constructor-arg value="PATCH"/>
            </bean>
          </key>
          <util:list>
            <bean class="org.springframework.security.access.SecurityConfig">
              <constructor-arg value="REQUIRES_CSRF_CHANNEL"/>
            </bean>
          </util:list>
        </entry>
        <entry>
          <key>
            <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
              <constructor-arg value="/s/**"/>
              <constructor-arg value="PUT"/>
            </bean>
          </key>
          <util:list>
            <bean class="org.springframework.security.access.SecurityConfig">
              <constructor-arg value="REQUIRES_CSRF_CHANNEL"/>
            </bean>
          </util:list>
        </entry>
        <entry>
          <key>
            <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
              <constructor-arg value="/s/**"/>
              <constructor-arg value="DELETE"/>
            </bean>
          </key>
          <util:list>
            <bean class="org.springframework.security.access.SecurityConfig">
              <constructor-arg value="REQUIRES_CSRF_CHANNEL"/>
            </bean>
          </util:list>
        </entry>
        <entry>
          <key>
            <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
              <constructor-arg value="/s/**"/>
              <constructor-arg value="PATCH"/>
            </bean>
          </key>
          <util:list>
            <bean class="org.springframework.security.access.SecurityConfig">
              <constructor-arg value="REQUIRES_CSRF_CHANNEL"/>
            </bean>
          </util:list>
        </entry>
        <entry>
          <key>
            <bean class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
              <constructor-arg value="/**"/>
              <constructor-arg value="POST"/>
            </bean>
          </key>
          <util:list>
            <bean class="org.springframework.security.access.SecurityConfig">
              <constructor-arg value="REQUIRES_CSRF_CHANNEL"/>
            </bean>
          </util:list>
        </entry>
      </util:map>
    </constructor-arg>
    <constructor-arg ref="formLoginFilter"/>
  </bean>
  <bean id="formLoginFilter" class="com.appiancorp.security.csrf.FormLoginFilter"/>
</beans>
