<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <!-- 全局方法保护,权限设置访问 --> <global-method-security> <protect-pointcut access="ROLE_ADMIN" expression="execution(* com.security.action.*.*(..))"/> <protect-pointcut access="ROLE_USER" expression="execution(* com.security.action.*.*list*(..))"/> </global-method-security> <!-- http请求映射配置 --> <http auto-config="true"> <!-- 匿名访问 --> <intercept-url pattern="/*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <intercept-url pattern="/app/user*" access="ROLE_USER"/> <intercept-url pattern="/*/list*" access="ROLE_USER"/> <intercept-url pattern="/**" access="ROLE_ADMIN"/> <!-- 会话管理,一个用户异地多次登录 --> <session-management session-fixation-protection="none"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/> </session-management> <!-- 自定义登录页面 --> <form-login login-page="/login.html" authentication-failure-url="/login.html?error=true" login-processing-url="/user/login" username-parameter="username" password-parameter="password"/> <!-- 注销登录 --> <logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.html"/> </http> <!-- 数据源 --> <beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/> <beans:property name="url" value="jdbc:mysql:///privilege"/> <beans:property name="username" value="root"/> <beans:property name="password" value="admin"/> </beans:bean> <!-- 错误消息国际化--> <beans:bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource"> <beans:property name="basename" value="classpath:org/springframework/security/messages" /> </beans:bean> <!-- 配置数据库权限信息获取实现类 --> <beans:bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl"> <!-- 禁用基本的查询权限 --> <beans:property name="enableAuthorities" value="false"/> <!-- 启用分组权限 --> <beans:property name="enableGroups" value="true"/> <!-- 数据源 --> <beans:property name="dataSource" ref="dataSource"/> </beans:bean> <!-- 权限认证管理 --> <authentication-manager> <authentication-provider user-service-ref="userDetailsService"> <!-- 使用md5加密 --> <password-encoder hash="md5"/> <!-- 权限从数据库中查询出来,需要数据源 --> <!-- 自定义数据表权限,必须字段 users表:username,password,enabled 自定义数据表权限,必须字段 authorities表:username,authority --> <!-- <jdbc-user-service data-source-ref="dataSource" --> <!-- users-by-username-query= --> <!-- "select --> <!-- username,password,enabled --> <!-- from --> <!-- users --> <!-- where --> <!-- username = ?" --> <!-- authorities-by-username-query= --> <!-- "select --> <!-- u.username,r.authority --> <!-- from --> <!-- users as u --> <!-- inner --> <!-- join --> <!-- role as r --> <!-- inner --> <!-- join --> <!-- user_role as ur --> <!-- where --> <!-- u.user_id = ur.user_id --> <!-- and --> <!-- r.role_id = ur.role_id --> <!-- and --> <!-- username = ?" --> <!-- /> --> </authentication-provider> </authentication-manager> </beans:beans>
Spring Security XML 配置
猜你喜欢
转载自liguanfeng.iteye.com/blog/2202101
今日推荐
周排行