spring-security.xml配置文件（自用）

最新推荐文章于 2024-07-26 00:55:46 发布

HelloWorld高级工程师

最新推荐文章于 2024-07-26 00:55:46 发布

阅读量535

点赞数

文章标签： spring xml java

本文链接：https://blog.csdn.net/c_2333/article/details/126355859

版权

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
        https://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context
        https://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/security
        https://www.springframework.org/schema/security/spring-security.xsd
        http://www.springframework.org/schema/mvc
        https://www.springframework.org/schema/mvc/spring-mvc.xsd">

    <!--允许游客访问-->
    <security:http security="none" pattern="/css/**"/>
    <security:http security="none" pattern="/img/**"/>
    <security:http security="none" pattern="/js/**"/>
    <security:http security="none" pattern="/plugins/**"/>

    <!--http规则-->
    <security:http auto-config="true" use-expressions="true">
        <!--设置支持页面iframe访问受保护的页面-->
        <security:headers>
            <security:frame-options policy="SAMEORIGIN"></security:frame-options>
        </security:headers>
        <!--配置受保护的资源-->
        <security:intercept-url pattern="/pages/**" access="isAuthenticated()"/>
        <!--自定义表单登录-->
        <security:form-login login-page="/pages/login.html"
                             username-parameter="username"
                             password-parameter="password"
                             login-processing-url="/login"
                             default-target-url="/pages/main.html"
                             authentication-failure-url="/pages/login.html"/>
        <!--关闭csrf过滤器-->
        <security:csrf disabled="true"/>
    </security:http>

    <!--配置加密规则-->
    <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

    <!--认证管理器-->
    <security:authentication-manager>
        <!--认证提供者-->
        <security:authentication-provider user-service-ref="securityUserService">
            <!--设置加密策略-->
            <security:password-encoder ref="passwordEncoder"/>
        </security:authentication-provider>
    </security:authentication-manager>

    <!--配置注解方式控制权限-->
    <security:global-method-security pre-post-annotations="enabled"/>
</beans>