权限设计
用户
角色
角色绑定的权限
spring-security.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:property="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!--
有授权才可以访问
授权的角色
-->
<security:http auto-config="true" use-expressions="true">
<property:form-login
login-page="http://localhost:8080/pages/login.html"
login-processing-url="/sec/login.do"
authentication-failure-forward-url="/user/loginFail.do"
authentication-success-forward-url="/user/loginSuccess.do"
/>
<!--
使用自定义登录配置,必须关闭csrf过滤器
-->
<security:csrf disabled="true"/>
</security:http>
<!--
构建加密对象
-->
<bean class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" id="passwordEncoder"/>
<!--构建UserDetailService对象-->
<bean class="com.itheima.health.security.SecurityUserDetailsService" id="userDetailsService"/&g