<security:http entry-point-ref="emptyAuthenticationEntryPoint">
<security:port-mappings>
<security:port-mapping http="8080" https="8443"/>
</security:port-mappings>
<security:intercept-url pattern="/core/user/login.ctrl" requires-channel="https"/>
<security:intercept-url pattern="/**" requires-channel="http"/>
</security:http>
<security:authentication-provider user-service-ref="emptyUserDetailsService"/>
其中 entry-point-ref 与 user-service-ref 属性是随意写的, 根据实际情况替换。
别忘了, 还得用 keytool 生成一个证书。
Spring Security 为 3.0RC 时需要配置 authentication manager(<security:authemticationManager>), 但我这里总是出错, 不知什么原因。。。。