<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:cxf="http://cxf.apache.org/core" xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
	http://www.springframework.org/schema/context
           http://www.springframework.org/schema/context/spring-context.xsd
           http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd 
           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

	<security:http create-session="stateless" >
		<security:http-basic />
		<security:intercept-url pattern="/mvc/ui/lightui.do**" access="ROLE_USER" />
		<security:intercept-url pattern="/mvc/ui/**" access="ROLE_ADMINISTRATOR" />
		<security:intercept-url pattern="/mvc/inspector/**" access="ROLE_ADMINISTRATOR" />

		<security:logout logout-url="/logout" logout-success-url="/mvc/ui/index.do" invalidate-session="true"  delete-cookies="JSESSIONID, rinfra-user"/>
	</security:http>

	<security:authentication-manager>
		<security:authentication-provider>
			<security:password-encoder hash="md5" />
			<security:user-service>
				<security:user name="${dnet.modular.ui.authorization.default.superAdmin}" password="${dnet.admin.password}" authorities="ROLE_USER,ROLE_ADMINISTRATOR" />
				<security:user name="${dnet.guest.username}" password="${dnet.guest.password}" authorities="ROLE_USER" />
			</security:user-service>
		</security:authentication-provider>
	</security:authentication-manager>

</beans>