SPRING-SECURITY安全Web框架配置
阿新 • • 發佈:2019-01-25
<pre name="code" class="html"><?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd"> <!-- 靜態資源配置,注意:**代表可以多級目錄 --> <http pattern="/**/*.png" security="none"/> <http pattern="/**/*.jpg" security="none"/> <http pattern="/**/*.gif" security="none"/> <http pattern="/**/*.css" security="none"/> <http pattern="/**/*.js" security="none"/> <!-- 登入頁,不需要攔截 --> <http pattern="/user/login.htm" security="none"/> <!-- 驗證碼不校驗 --> <http pattern="/verify/*" security="none"/> <http> <!--攔截所有地址,除非有ROLE_USER許可權--> <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/> <!-- 登入介面 --> <form-login login-page="/user/login.htm" default-target-url="/index" always-use-default-target="true"/> </http> <authentication-manager> <authentication-provider> <user-service> <user name="yjmyzz" password="123456" authorities="ROLE_USER"/> </user-service> </authentication-provider> </authentication-manager> </beans:beans>