<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:util="http://www.springframework.org/schema/util"
  xmlns:sec="http://www.springframework.org/schema/security"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.3.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-5.8.xsd">
  <!-- The Spring Schemas are the latest available schemas with pinned version numbers -->
  <!-- These classes capture the metadata for an authentication request, which can then be used by event listeners. -->
  <bean id="portalAuthenticationDetailsSource" class="com.appiancorp.security.auth.AppianAuthenticationDetailsSource">
    <property name="entryPoint" value="PORTAL"/>
  </bean>
  <bean id="webApiAuthenticationDetailsSource" class="com.appiancorp.security.auth.AppianAuthenticationDetailsSource">
    <property name="entryPoint" value="WEB_API"/>
  </bean>

  <!-- Event listener for the authentication audit log (the event listener just needs to be declared in order for spring to publish events to it). -->
  <bean id="authenticationEventLoggerListener" class="com.appiancorp.security.auth.AuthenticationEventLoggerListener">
    <constructor-arg ref="suiteConfiguration"/>
  </bean>

  <!-- Filter to allow tracking active users. -->
  <bean id="userActivityFilter" class="com.appiancorp.security.auth.activity.UserActivityFilter">
    <constructor-arg ref="userActivityService"/>
  </bean>
  
  <sec:http-firewall ref="httpFirewall" />
</beans>
