<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
https://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
https://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/mvc
https://www.springframework.org/schema/mvc/spring-mvc.xsd">
<!--允许游客访问-->
<security:http security="none" pattern="/css/**"/>
<security:http security="none" pattern="/img/**"/>
<security:http security="none" pattern="/js/**"/>
<security:http security="none" pattern="/plugins/**"/>
<!--http规则-->
<security:http auto-config="true" use-expressions="true">
<!--设置支持页面iframe访问受保护的页面-->
<security:headers>
<security:frame-options policy="SAMEORIGIN"></security:frame-options>
</security:headers>
<!--配置受保护的资源-->
<security:intercept-url pattern="/pages/**" access="isAuthenticated()"/>
<!--自定义表单登录-->
<security:form-login login-page="/pages/login.html"
username-parameter="username"
password-parameter="password"
login-processing-url="/login"
default-target-url="/pages/main.html"
authentication-failure-url="/pages/login.html"/>
<!--关闭csrf过滤器-->
<security:csrf disabled="true"/>
</security:http>
<!--配置加密规则-->
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<!--认证管理器-->
<security:authentication-manager>
<!--认证提供者-->
<security:authentication-provider user-service-ref="securityUserService">
<!--设置加密策略-->
<security:password-encoder ref="passwordEncoder"/>
</security:authentication-provider>
</security:authentication-manager>
<!--配置注解方式控制权限-->
<security:global-method-security pre-post-annotations="enabled"/>
</beans>
spring-security.xml配置文件(自用)
最新推荐文章于 2024-07-26 00:55:46 发布