spring-security.xmlプロファイルログイン暗号化

17568 ワード

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd
">
    <!--          -->
    <security:http pattern="/login.jsp" security="none"></security:http>
    <security:http pattern="/error.jsp" security="none"></security:http>
    <security:http pattern="/favicon.ico" security="none"></security:http>
    <security:http pattern="/css/**" security="none"></security:http>
    <security:http pattern="/img/**" security="none"></security:http>
    <security:http pattern="/plugins/**" security="none"></security:http>

    <!--
               
        auto-config="       "
        use-expressions="    spel   ",       :hasRole('ROLE_USER')
    -->
    <security:http auto-config="true" use-expressions="false">
        <!--          ,          ROLE_USER    -->
        <security:intercept-url pattern="/**" access="ROLE_USER"/>
        <!--           -->
        <!--login-page:       
            login-processing-url:       -          
            default-target-url:          
            authentication-failure-url;            
        -->
        <security:form-login login-page="/login.jsp"
                             login-processing-url="/login"
                             default-target-url="/index.jsp"
                             authentication-failure-url="/login.jsp"
        ></security:form-login>

        <!--        -->
        <security:csrf disabled="true"></security:csrf>

        <!--    -->
        <security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.jsp"/>

    </security:http>


    <!--     (  )  :       -->
    <security:authentication-manager>
        <!--        :         -       -->
        <!--
                security:authentication-provider,             security:password-encoder‘
                   ,            
                    ,  spring        passwordEncoder,      ,            

        -->
        <security:authentication-provider user-service-ref="userService">
            <!--         -->
            <security:password-encoder ref="passwordEncoder"></security:password-encoder>
            <!--       -->
            <!--<security:user-service>-->
                <!---->
                <!--{noop}:      -->
                <!--authorities:          -->
                <!--<security:user name="admin" password="{noop}admin" authorities="ROLE_USER"/>-->
            <!--</security:user-service>-->
        </security:authentication-provider>
    </security:authentication-manager>

    <!--         -->
    <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></bean>
</beans>