Spring Security初体验

="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xmlns:security="http://www.springframework.org/schema/security"

       xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/security http://www.springframework.org/s … spring-security.xsd">

    <!–放行一些资源–>

    <security:http pattern="/login.jsp" security="none"></security:http>

    <security:http pattern="/failer.jsp" security="none"></security:http>

    <security:http pattern="/css/**" security="none"></security:http>

    <security:http pattern="/img/**" security="none"></security:http>

    <security:http pattern="/plugins/**" security="none"></security:http>





    <security:http auto-config="true" use-expressions="false">

        <security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>

        <!–配置登陆表单–>

        <security:form-login

                login-page="/login.jsp"

                login-processing-url="/login"

                default-target-url="/index.jsp"

                authentication-failure-url="/failer.jsp"

                username-parameter="username"

                password-parameter="password"

        ></security:form-login>



        <!–退出配置–>

        <security:logout

                invalidate-session="true"

                logout-url="/logout"

                logout-success-url="/login.jsp" ></security:logout>

        <!–关闭跨域请求–>

        <security:csrf disabled="true"></security:csrf>

    </security:http>



    <!–登陆认证连接数据库,执行service方法–>

    <security:authentication-manager>

        <!–引用容器中的UserService对象,此对象一定要实现接口UserDetailsService–>

        <security:authentication-provider user-service-ref="userServiceImpl"></security:authentication-provider>

    </security:authentication-manager>

</beans> 

从下面这行代码可以看出他是基于URL 来控制的  

<security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>

原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/java/253306.html

(0)
上一篇 2022年5月8日 06:33
下一篇 2022年5月8日 06:38

相关推荐

发表回复

登录后才能评论