="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/security http://www.springframework.org/s … spring-security.xsd">
<!–放行一些资源–>
<security:http pattern="/login.jsp" security="none"></security:http>
<security:http pattern="/failer.jsp" security="none"></security:http>
<security:http pattern="/css/**" security="none"></security:http>
<security:http pattern="/img/**" security="none"></security:http>
<security:http pattern="/plugins/**" security="none"></security:http>
<security:http auto-config="true" use-expressions="false">
<security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>
<!–配置登陆表单–>
<security:form-login
login-page="/login.jsp"
login-processing-url="/login"
default-target-url="/index.jsp"
authentication-failure-url="/failer.jsp"
username-parameter="username"
password-parameter="password"
></security:form-login>
<!–退出配置–>
<security:logout
invalidate-session="true"
logout-url="/logout"
logout-success-url="/login.jsp" ></security:logout>
<!–关闭跨域请求–>
<security:csrf disabled="true"></security:csrf>
</security:http>
<!–登陆认证连接数据库,执行service方法–>
<security:authentication-manager>
<!–引用容器中的UserService对象,此对象一定要实现接口UserDetailsService–>
<security:authentication-provider user-service-ref="userServiceImpl"></security:authentication-provider>
</security:authentication-manager>
</beans>
从下面这行代码可以看出他是基于URL 来控制的
<security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/253306.html