spring-security-4.2.1.RELEASE命名空间基本配置(xml)

spring-security版本号 4.2.1.RELEASE

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 不拦截静态资源 -->
<http pattern="/assets/**" security="none" />
<!-- 不拦截自定义登录页面 -->
<http pattern="/view/login" security="none" />
<!-- -->
<http auto-config="true">
<!-- 关闭csrf-->
<csrf disabled="true" />
<!-- 除了排除的路径,其他所有路径需要有ROLE_USER权限的用户才能访问-->
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<!-- 指定登录页面路径/view/login.html -->
<form-login login-page="/view/login" default-target-url="/index" always-use-default-target="true" />
<!-- 配置退出功能 -->
<logout invalidate-session="true" logout-success-url="/view/login?logout" logout-url="/logout" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="jimi" password="123456" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="bob" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</b:beans>