spring-security.xmlプロファイルログイン暗号化
17568 ワード
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
">
<!-- -->
<security:http pattern="/login.jsp" security="none"></security:http>
<security:http pattern="/error.jsp" security="none"></security:http>
<security:http pattern="/favicon.ico" security="none"></security:http>
<security:http pattern="/css/**" security="none"></security:http>
<security:http pattern="/img/**" security="none"></security:http>
<security:http pattern="/plugins/**" security="none"></security:http>
<!--
auto-config=" "
use-expressions=" spel ", :hasRole('ROLE_USER')
-->
<security:http auto-config="true" use-expressions="false">
<!-- , ROLE_USER -->
<security:intercept-url pattern="/**" access="ROLE_USER"/>
<!-- -->
<!--login-page:
login-processing-url: -
default-target-url:
authentication-failure-url;
-->
<security:form-login login-page="/login.jsp"
login-processing-url="/login"
default-target-url="/index.jsp"
authentication-failure-url="/login.jsp"
></security:form-login>
<!-- -->
<security:csrf disabled="true"></security:csrf>
<!-- -->
<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.jsp"/>
</security:http>
<!-- ( ) : -->
<security:authentication-manager>
<!-- : - -->
<!--
security:authentication-provider, security:password-encoder‘
,
, spring passwordEncoder, ,
-->
<security:authentication-provider user-service-ref="userService">
<!-- -->
<security:password-encoder ref="passwordEncoder"></security:password-encoder>
<!-- -->
<!--<security:user-service>-->
<!-- : -->
<!--{noop}: -->
<!--authorities: -->
<!--<security:user name="admin" password="{noop}admin" authorities="ROLE_USER"/>-->
<!--</security:user-service>-->
</security:authentication-provider>
</security:authentication-manager>
<!-- -->
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></bean>
</beans>