登录及退出
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:property="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!--匿名访问-->
<security:http security="none" pattern="/favicon"/>
<security:http security="none" pattern="/login.jsp"/>
<security:http security="none" pattern="/login-fail.jsp"/>
<security:http security="none" pattern="/auth-fail.jsp"/>
<!--
有授权才可以访问
授权的角色
-->
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/*.do" access="hasAnyRole('ROLE_ADMIN','ROLE_CESHI','ROLE_OMS')"/>
<security:intercept-url pattern="/main.jsp" access="hasAnyRole('ROLE_ADMIN','ROLE_CESHI','ROLE_OMS','ROLE_READER')"/>
<security:intercept-url pattern="/pages/checkitem.html" access="hasAuthority('find')"/>
<security:intercept-url pattern="/pages/checkgroup.html" access="hasAnyAuthority('add','update')"/>
<!--自定义登录-->
<property:form-login login-page="/login.jsp"
username-parameter="user"
password-parameter="pass"
default-target-url="/main.jsp"
login-processing-url="/user/login.do"
authentication-failure-url="/login-fail.jsp"/>
<!--退出-->
<security:logout logout-url="/logout.do"
logout-success-url="login.jsp"
invalidate-session="true"/>
<!--授权失败跳转-->
<security:access-denied-handler error-page="/auth-fail.jsp"/>
<!--
使用自定义登录配置,必须关闭csrf过滤器
-->
<security:csrf disabled="true"/>
</security:http>
<!--
构建加密对象
-->
<bean class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" id="passwordEncoder"/>
<!--构建UserDetailService对象-->