日期:2014-05-19 浏览次数:20693 次
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd"> <http auto-config="true" lowercase-comparisons="false"> <!--intercept-url pattern="/images/*" filters="none"/> <intercept-url pattern="/styles/*" filters="none"/> <intercept-url pattern="/scripts/*" filters="none"/--> <intercept-url pattern="/system.html" access="ROLE_ADMIN"/> <intercept-url pattern="/system/*" access="ROLE_ADMIN"/> <intercept-url pattern="/admin/*" access="ROLE_ADMIN"/> <intercept-url pattern="/member/*" access="ROLE_ADMIN,ROLE_USER"/> <intercept-url pattern="/passwordHint.html*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> <intercept-url pattern="/signup.html*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> <intercept-url pattern="/a4j.res/*.html*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> <!-- APF-737, OK to remove line below if you're not using JSF --> <intercept-url pattern="/**/*.html*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/> <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=true" login-processing-url="/j_security_check"/> <remember-me user-service-ref="userDao" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/> </http> <authentication-provider user-service-ref="userDao"> <password-encoder ref="passwordEncoder"/> </authentication-provider> <!-- Override the default password-encoder (SHA) by uncommenting the following and changing the class --> <!-- <bean id="passwordEncoder" class="org.springframework.security.providers.encoding.ShaPasswordEncoder"/> --> <global-method-security> <protect-pointcut expression="execution(* *..service.UserManager.getUsers(..))" access="ROLE_ADMIN"/> <protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))" access="ROLE_ADMIN"/> </global-method-security> </beans:beans>