+<?xml version="1.0" encoding="ISO-8859-1"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <display-name>cdi</display-name>
+
+ <!--
+ There are three means to configure Wickets configuration mode and they are
+ tested in the order given.
+ 1) A system property: -Dwicket.configuration
+ 2) servlet specific <init-param>
+ 3) context specific <context-param>
+ The value might be either "development" (reloading when templates change)
+ or "deployment". If no configuration is found, "development" is the default.
+ -->
+
+ <filter>
+ <filter-name>authentication</filter-name>
+ <filter-class>org.wamblee.photos.security.AuthenticationFilter</filter-class>
+ <init-param>
+ <param-name>loginpage</param-name>
+ <param-value>/login.jsp</param-value>
+ </init-param>
+ <!-- each authenticated user is assigned to the gruop ALL in the security realm configuration -->
+ <init-param>
+ <param-name>role</param-name>
+ <param-value>ALL</param-value>
+ </init-param>
+ <!-- defines the resource URLs for which no authentication is required -->
+ <init-param>
+ <param-name>resources</param-name>
+ <param-value>/resources</param-value>
+ </init-param>
+ </filter>
+
+ <filter>
+ <filter-name>photos</filter-name>
+ <filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
+ <init-param>
+ <param-name>applicationClassName</param-name>
+ <param-value>org.wamblee.photos.wicket.WicketApplication</param-value>
+ </init-param>
+ <init-param>
+ <param-name>configuration</param-name>
+ <param-value>development</param-value>
+ </init-param>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>authentication</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+ <filter-mapping>
+ <filter-name>photos</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>resources</web-resource-name>
+ <url-pattern>/resources/*</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>securedaccess</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>ALL</role-name>
+ <role-name>users</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>PhotoXChangeRealm</realm-name>
+ <form-login-config>
+ <form-login-page>/login.jsp</form-login-page>
+ <form-error-page>/loginError.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <session-config>
+ <session-timeout>10</session-timeout>
+ </session-config>
+
+ <welcome-file-list>
+ <welcome-file>login.jsp</welcome-file>
+ </welcome-file-list>
+
+ <security-role>
+ <role-name>ALL</role-name>
+ </security-role>
+
+</web-app>