1. <?xml version="1.0" encoding="UTF-8"?>
    2. <beans xmlns="http://www.springframework.org/schema/beans"
    3.        xmlns:security="http://www.springframework.org/schema/security"
    4.        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    5.        xsi:schemaLocation="http://www.springframework.org/schema/beans
    6.     http://www.springframework.org/schema/beans/spring-beans.xsd
    7.     http://www.springframework.org/schema/security
    8.     http://www.springframework.org/schema/security/spring-security.xsd">
    10.     <!-- 配置不拦截的资源 -->
    11.     <security:http pattern="/login.jsp" security="none"/>
    12.     <security:http pattern="/failer.jsp" security="none"/>
    13.     <security:http pattern="/css/**" security="none"/>
    14.     <security:http pattern="/img/**" security="none"/>
    15.     <security:http pattern="/plugins/**" security="none"/>
    16.     <!--
    17.         配置具体的规则
    18.         auto-config="true"    不用自己编写登录的页面,框架提供默认登录页面
    19.         use-expressions="false"    是否使用SPEL表达式(没学习过)
    20.     -->
    21.     <security:http auto-config="true" use-expressions="true">
    22.         <!-- 配置具体的拦截的规则 pattern="请求路径的规则" access="访问系统的人,必须有ROLE_USER的角色" -->
    23.         <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/>
    25.         <!-- 定义跳转的具体的页面 -->
    26.         <security:form-login
    27.                 login-page="/login.jsp"
    28.                 login-processing-url="/login.do"
    29.                 default-target-url="/index.jsp"
    30.                 authentication-failure-url="/failer.jsp"
    31.                 authentication-success-forward-url="/pages/main.jsp"
    32.         />
    34.         <!-- 关闭跨域请求 -->
    35.         <security:csrf disabled="true"/>
    36.         <!-- 退出 -->
    37.         <security:logout invalidate-session="true" logout-url="/logout.do" logout-success-url="/login.jsp" />
    39.     </security:http>
    41.     <!-- 切换成数据库中的用户名和密码 -->
    42.     <security:authentication-manager>
    43.         <security:authentication-provider user-service-ref="userService">
    44.             <!-- 配置加密的方式-->
    45.             <security:password-encoder ref="passwordEncoder"/>
    46.         </security:authentication-provider>
    47.     </security:authentication-manager>
    49.     <!-- 配置加密类 -->
    50.     <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
    52.     <!-- 提供了入门的方式,在内存中存入用户名和密码
    53.     <security:authentication-manager>
    54.         <security:authentication-provider>
    55.             <security:user-service>
    56.                 <security:user name="admin" password="{noop}admin" authorities="ROLE_USER"/>
    57.             </security:user-service>
    58.         </security:authentication-provider>
    59.     </security:authentication-manager>
    60.     -->
    62. </beans>