| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 |
- <?xml version="1.0" encoding="UTF-8"?>
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:security="http://www.springframework.org/schema/security"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.1.xsd" >
-
- <!-- Spring-Security 的配置 -->
- <!-- 注意开启use-expressions.表示开启表达式.
- see:http://www.family168.com/tutorial/springsecurity3/html/el-access.html
- -->
- <!-- <security:http auto-config="true" use-expressions="true" access-denied-page="/403.jsp" >
- <security:intercept-url pattern="/auth/login" access="permitAll"/>
- <security:intercept-url pattern="/main/admin" access="permitAll"/>
- <security:intercept-url pattern="/main/common" access="permitAll"/>
- </security:http>-->
- <security:http pattern="/**/*.css" security="none"/>
- <security:http pattern="/**/*.js" security="none"/>
- <security:http pattern="/**/*.jpg" security="none"/>
- <security:http pattern="/**/*.png" security="none"/>
- <security:http pattern="/**/*.gif" security="none"/>
- <security:http pattern="/**/*.swf" security="none"/>
- <security:http auto-config="true" access-denied-page="/errors/403" use-expressions="true">
- <security:intercept-url pattern="/loginCheck*" access="permitAll"/>
- <security:intercept-url pattern="/submitlogin*" access="permitAll"/>
- <security:intercept-url pattern="/install*" access="permitAll"/>
- <security:intercept-url pattern="/assets/.com/css*" access="permitAll"/>
- <security:intercept-url pattern="/main/admin" access="permitAll"/>
- <security:intercept-url pattern="/main/common" access="permitAll"/>
- <security:intercept-url pattern="/assets/**" access="permitAll"/>
- <security:intercept-url pattern="/favorite*" access="permitAll"/>
- <security:intercept-url pattern="/dsp/**" access="permitAll"/>
- <security:intercept-url pattern="/settings/profile*" access="isAuthenticated()"/>
- <security:intercept-url pattern="/main/dashboard*" access="isAuthenticated()"/>
- <!--
- <security:intercept-url pattern="/main/ad/advertiser/*" access="permitAll"/>
- <security:intercept-url pattern="/main/ad/**" access="permitAll"/>
- <security:intercept-url pattern="/main/md/audience/*" access="permitAll"/>
- <security:intercept-url pattern="/main/md/**" access="permitAll"/>
- -->
- <security:intercept-url pattern="/login" access="permitAll"/>
- <security:intercept-url pattern="/**" access="isAuthenticated()"/>
- <security:form-login
- login-page="/login"
- authentication-failure-url="/login?error=true"
- default-target-url="/main/dashboard"/>
- <security:logout
- invalidate-session="true"
- delete-cookies="JSESSIONID"
- logout-success-url="/login"
- logout-url="/logout"/>
- <!-- 记住密码30天 -->
- <security:remember-me key="1q2w3e4r" token-validity-seconds="2592000"/>
- <security:custom-filter ref="mySecurityFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
-
- </security:http>
-
- <!-- <security:bean id="myLoginFilter" init-method="init" class="com.lanyuan.security.MyAuthenticationFilter">
- <security:property name="authenticationManager" ref="myAuthenticationManager" />
- <security:property name="filterProcessesUrl" value="/background/j_security_check" />
-
- <security:property name="successUrl" value="/main/dashboard" />
-
- <security:property name="errorUrl" value="/login" />
- </security:bean> -->
- <!-- 指定一个自定义的authentication-manager :userService -->
- <security:authentication-manager erase-credentials="false" alias="myAuthenticationManager">
- <security:authentication-provider user-service-ref="myUserDetailServiceImpl">
- <!-- <security:password-encoder hash="md5"/>-->
- </security:authentication-provider>
- </security:authentication-manager>
- </beans>
|
