<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- 全局方法保护,权限设置访问 -->
<global-method-security>
<protect-pointcut access="ROLE_ADMIN" expression="execution(* com.security.action.*.*(..))"/>
<protect-pointcut access="ROLE_USER" expression="execution(* com.security.action.*.*list*(..))"/>
</global-method-security>
<!-- http请求映射配置 -->
<http auto-config="true">
<!-- 匿名访问 -->
<intercept-url pattern="/*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/app/user*" access="ROLE_USER"/>
<intercept-url pattern="/*/list*" access="ROLE_USER"/>
<intercept-url pattern="/**" access="ROLE_ADMIN"/>
<!-- 会话管理,一个用户异地多次登录 -->
<session-management session-fixation-protection="none">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
</session-management>
<!-- 自定义登录页面 -->
<form-login login-page="/login.html"
authentication-failure-url="/login.html?error=true"
login-processing-url="/user/login"
username-parameter="username"
password-parameter="password"/>
<!-- 注销登录 -->
<logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.html"/>
</http>
<!-- 数据源 -->
<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<beans:property name="url" value="jdbc:mysql:///privilege"/>
<beans:property name="username" value="root"/>
<beans:property name="password" value="admin"/>
</beans:bean>
<!-- 错误消息国际化-->
<beans:bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<beans:property name="basename" value="classpath:org/springframework/security/messages" />
</beans:bean>
<!-- 配置数据库权限信息获取实现类 -->
<beans:bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
<!-- 禁用基本的查询权限 -->
<beans:property name="enableAuthorities" value="false"/>
<!-- 启用分组权限 -->
<beans:property name="enableGroups" value="true"/>
<!-- 数据源 -->
<beans:property name="dataSource" ref="dataSource"/>
</beans:bean>
<!-- 权限认证管理 -->
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<!-- 使用md5加密 -->
<password-encoder hash="md5"/>
<!-- 权限从数据库中查询出来,需要数据源 -->
<!--
自定义数据表权限,必须字段 users表:username,password,enabled
自定义数据表权限,必须字段 authorities表:username,authority
-->
<!-- <jdbc-user-service data-source-ref="dataSource" -->
<!-- users-by-username-query= -->
<!-- "select -->
<!-- username,password,enabled -->
<!-- from -->
<!-- users -->
<!-- where -->
<!-- username = ?" -->
<!-- authorities-by-username-query= -->
<!-- "select -->
<!-- u.username,r.authority -->
<!-- from -->
<!-- users as u -->
<!-- inner -->
<!-- join -->
<!-- role as r -->
<!-- inner -->
<!-- join -->
<!-- user_role as ur -->
<!-- where -->
<!-- u.user_id = ur.user_id -->
<!-- and -->
<!-- r.role_id = ur.role_id -->
<!-- and -->
<!-- username = ?" -->
<!-- /> -->
</authentication-provider>
</authentication-manager>
</beans:beans>
Spring Security XML 配置
猜你喜欢
转载自liguanfeng.iteye.com/blog/2202101
今日推荐
周排行