<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="/schema/beans"
xmlns:sec="/schema/security" xmlns:xsi="/2001/XMLSchema-instance"
xsi:schemaLocation="/schema/beans
/schema/beans/spring-beans-3.2.xsd
/schema/security
/schema/security/spring-security-3.1.xsd">
<sec:http pattern="/" security="none"></sec:http>
<sec:http pattern="/error/*.*" security="none"></sec:http>
<sec:http pattern="/index.jsp" security="none"></sec:http>
<sec:http pattern="/login.jsp" security="none"></sec:http>
<sec:http pattern="/**/*.jpg" security="none"></sec:http>
<sec:http pattern="/**/*.jpeg" security="none"></sec:http>
<sec:http pattern="/**/*.png" security="none"></sec:http>
<sec:http pattern="/**/*.gif" security="none"></sec:http>
<sec:http pattern="/**/*.js" security="none"></sec:http>
<sec:http pattern="/**/*.css" security="none"></sec:http>
<sec:http pattern="/services/*" security="none"></sec:http>
<sec:http pattern="/randomCode!autocode.action" security="none"></sec:http>
<sec:http pattern="/login!login.action*" security="none"></sec:http>
<sec:http auto-config="true" access-decision-manager-ref="accessDecisionManager"
spring framework版本 servlet-api-provision="false">
<sec:form-login login-page="/login.jsp" authentication-success-handler-ref="loginSuccessHandler"
login-processing-url="/loginVerify.action" default-target-url="/main.action"
authentication-failure-url="/login!login.action"
always-use-default-target="true" />
<sec:logout invalidate-session="true" success-handler-ref="loginOutSuccessHandler"
logout-url="/loginOut.action" />
<sec:access-denied-handler error-page="/error/noPermission.jsp" />
这样我们的过滤器会先于原来的过滤器执行,因为它的功能与老过滤器完全一样,所以这就等于把原来的过滤器替换掉了。 -->
<sec:custom-filter ref="filterSecurityInterceptor"
before="FILTER_SECURITY_INTERCEPTOR" />
<sec:session-management invalid-session-url="/error/timeout_session.jsp"
session-authentication-error-url="/error/error_login_use.jsp">
<sec:concurrency-control max-sessions="1"
error-if-maximum-exceeded="true" expired-url="/error/noLoginSession.jsp" />
</sec:session-management>
</sec:http>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider
user-service-ref="userDetailsServiceImpl">
<sec:password-encoder hash="md5">
</sec:password-encoder>
</sec:authentication-provider>
</sec:authentication-manager>
<bean id="loginSuccessHandler" class="com.parksonmon.LoginSuccessHandler" parent="successHandler" >
</bean>
<bean id="loginOutSuccessHandler" class="com.parksonmon.LoginOutSuccessHandler" parent="simpleUrlLogoutSuccessHandler"></bean>
<bean id="simpleUrlLogoutSuccessHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论