<!-- 此文件用于标准登录方式 --> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd"> <http security="none" pattern="/get_contract_image"/> <http security="none" pattern="/post_sign"/> <http security="none" pattern="/sign_keyword_locations"/> <http security="none" pattern="/aes/encrypt"/> <http security="none" pattern="/aes/decrypt"/> <http security="none" pattern="/hls_file/**"/> <http security="none" pattern="/resources/**"/> <http security="none" pattern="/leafresource/**"/> <http security="none" pattern="/lib/**"/> <http security="none" pattern="/timeout"/> <http security="none" pattern="/verifiCode"/> <http security="none" pattern="/resource/**"/> <!--leaf--> <http security="none" pattern="/css/**"/> <http security="none" pattern="/sys/office/open/* "/> <http security="none" pattern="/images/**"/> <http security="none" pattern="/javascripts/**"/> <http security="none" pattern="/kindeditor/**"/> <http security="none" pattern="/office_edit_online/**"/> <http security="none" pattern="/modules/zjwfl/javascripts/**"/> <http security="none" pattern="/modules/doodream/doodream_response.lsc"/> <http security="none" pattern="/modules/sys/SYS404/ds_sys_sms_send.lsc"/> <http security="none" pattern="/modules/interface/INTERFACE_EAI/hls_sap_eai_EtPayment.lsc"/> <http security="none" pattern="/modules/interface/INTERFACE_EAI/hls_sap_eai_MoAccount.lsc"/> <http security="none" pattern="/modules/interface/INTERFACE_EAI/hls_sap_eai_CrAccount_job.lsc"/> <http security="none" pattern="/modules/interface/INTERFACE_EAI/hls_sap_eai_ReAccount_job.lsc"/> <http security="none" pattern="/modules/interface/INTERFACE_WX/wx_update_company_Info.lsc"/> <http security="none" pattern="/modules/interface/INTERFACE_WX/wx_update_trailer_result.lsc"/> <http security="none" pattern="/modules/interface/INTERFACE_WX/get_wx_trailer_Info.lsc"/> <http security="none" pattern="/modules/interface/INTERFACE_WX/get_wx_usedcar_Info.lsc"/> <http security="none" pattern="/contract/signature/**"/> <http security="none" pattern="/jacob/**"/> <!--<http security="none" pattern="/**/*.lsc"/>--> <!--<http security="none" pattern="/**/*.lview"/>--> <http access-decision-manager-ref="accessDecisionManager" entry-point-ref="loginEntryPoint"> <csrf request-matcher-ref="csrfSecurityRequestMatcher"/> <!--<csrf disabled="true"/>--> <intercept-url pattern="/**/*.lsc" access="permitAll"/> <intercept-url pattern="/**/*.lview" access="permitAll"/> <intercept-url pattern="/autocrud/**" access="permitAll"/> <intercept-url pattern="/sys/office/**" access="permitAll" /> <intercept-url pattern="/login" access="permitAll"/> <intercept-url pattern="/login.html" access="permitAll"/> <!-- <intercept-url pattern="/common/**" access="permitAll" />--> <intercept-url pattern="/websocket/**" access="permitAll"/> <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/> <access-denied-handler error-page="/access-denied"/> <session-management invalid-session-url="/timeout"/> <!--<form-login login-page='/login' authentication-success-handler-ref="successHandler" authentication-failure-handler-ref="loginFailureHandler"/>--> <!--authentication-failure-url="/login?error=true"/>--> <!-- 验证码拦截器 --> <custom-filter ref="captchaVerifierFilter" before="FORM_LOGIN_FILTER"/> <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" /> <logout logout-url="/logout" success-handler-ref="logoutHandler"/> <headers defaults-disabled="true"> <!-- <xss-protection enabled="true"></xss-protection>--> <cache-control/> </headers> </http> <beans:bean id="loginFailureHandler" class="com.hand.hap.security.LoginFailureHandler"/> <beans:bean class="com.hand.hap.security.UserLoginInfoCollectionLisenter"></beans:bean> <!-- 认证管理器,确定用户,角色及相应的权限 --> <beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"> <!-- 投票器 --> <beans:constructor-arg> <beans:list> <beans:bean class="com.hand.hap.security.CustomWebExpressionVoter"/> <beans:bean class="org.springframework.security.access.vote.RoleVoter"/> <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/> <beans:bean class="com.hand.hls.security.LeafResourceVoter"/> </beans:list> </beans:constructor-arg> </beans:bean> <!-- 扩展UsernamePasswordAuthenticationFilter并替代<login-form> --> <beans:bean id="authenticationFilter" class="com.hand.hap.security.filter.UsernamePasswordAuthenticationExtendFilter" > <beans:property name="authenticationManager" ref="authenticationManager"/> <beans:property name="authenticationSuccessHandler" ref="successHandler" /> <beans:property name="authenticationFailureHandler" ref="loginFailureHandler"/> </beans:bean> <beans:bean id="loginEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <beans:constructor-arg value="/login" /> </beans:bean> <!--<beans:import resource="standardSecurity-LDAP.xml"/>--> <authentication-manager alias="authenticationManager"> <!--Ldap验证--> <!-- <authentication-provider ref="ldapAuthProvider" />--> <!--标准登录验证--> <!--生成开发此处不同 add chenlingfeng for ds--> <!--<authentication-provider user-service-ref="customUserDetailsService">--> <authentication-provider user-service-ref="leafUserDetailsService"> <password-encoder ref="passwordManager"/> </authentication-provider> </authentication-manager> <beans:bean id="captchaVerifierFilter" class="com.hand.hap.security.CaptchaVerifierFilter"> <beans:property name="captchaField" value="verifiCode"/> </beans:bean> <beans:bean id="successHandler" class="com.hand.hap.security.CustomAuthenticationSuccessHandler"/> <beans:bean id="logoutHandler" class="com.hand.hap.security.CustomLogoutSuccessHandler"/> <beans:bean id="csrfSecurityRequestMatcher" class="com.hand.hls.security.LeafCsrfSecurityRequestMatcher"> <beans:property name="excludeUrls"> <beans:list> <beans:value>/login</beans:value> <beans:value>/websocket/**</beans:value> <beans:value>/autocrud/**</beans:value> <beans:value>/sys/office/**</beans:value> <beans:value>/atm_upload.lsc;**</beans:value> </beans:list> </beans:property> </beans:bean> </beans:beans>