修改过的applicationContext-security.xml

最新推荐文章于 2020-11-25 19:21:09 发布

iteye_13736

最新推荐文章于 2020-11-25 19:21:09 发布

阅读量213

点赞数

分类专栏： springside3 文章标签： XML Security 配置管理项目管理 Web

本文链接：https://blog.csdn.net/iteye_13736/article/details/81964007

版权

springside3 专栏收录该内容

6 篇文章 0 订阅

订阅专栏


<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:s="http://www.springframework.org/schema/security"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"
 default-lazy-init="true">

 <description>SpringSecurity安全配置</description>

 <!-- 方法安全配置 -->
 <s:global-method-security secured-annotations="enabled"
  jsr250-annotations="enabled" pre-post-annotations="enabled"> 
 </s:global-method-security>
 <!-- 方法安全配置结束 -->

 <!-- http安全配置 -->
 <!-- access-denied-page="" -->
 <s:http auto-config="true" use-expressions="true">

  <!--  login.action自动回去找login.jsp的-->
  <!-- login-page登录页面 default-target-url登录成功以后跳转页面 authentication-failure-url认证失败的页面
   <access-denied-handler>errorPage 提示没有权限的页面
   springside不足1:
   always-use-default-target = "true" 不写的话不能正常的跳转到default-target-url
  -->
  <s:form-login login-page="/manager/login.jsp"
   default-target-url="/swp/mainPage" always-use-default-target="true"
   authentication-failure-url="/manager/login.jsp?error=true" />
  <s:logout logout-success-url="/" />

  <!--  springside 不足2-->
  <!-- session管理配置 -->
   <s:session-management invalid-session-url="/common/timeout.jsp">
   </s:session-management>
  <!-- session管理配置结束 -->

  <!-- 进行WEB安全配置 -->
  <s:intercept-url pattern="/css/**" filters="none" />
  <s:intercept-url pattern="/img/**" filters="none" />
  <s:intercept-url pattern="/js/**" filters="none" />
  <s:intercept-url pattern="/manager/login.jsp" filters="none" />
  <s:intercept-url pattern="/manager/register.jsp" filters="none" />

  <s:intercept-url pattern="/login"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/swp/*"
   access="hasAnyRole('ROLE_ADMIN','ROLE_USER')" />
  <s:intercept-url pattern="/manager/*"
   access="hasAnyRole('ROLE_ADMIN')" />

  <s:intercept-url pattern="/page"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/page/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/mod" access="hasAnyRole('ROLE_ADMIN')" />
  <!-- WEB安全配置结束 -->
 </s:http>

 <!-- 认证配置, 使用userDetailsService提供的用户信息 -->
 <s:authentication-manager alias="authenticationManager">
  <s:authentication-provider
   user-service-ref="userDetailsService">
   <s:password-encoder hash="plaintext" />
  </s:authentication-provider>
 </s:authentication-manager>

 <!-- 项目实现的用户查询服务 -->
 <bean id="userDetailsService"
  class="com.snda.swp.account.service.UserDetailsServiceImpl" />
</beans>