<!-- 此文件用于标准登录方式 --> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd"> <!--leaf--> <http security="none" pattern="/css/**"/> <http security="none" pattern="/images/**"/> <http security="none" pattern="/javascripts/**"/> <http security="none" pattern="/kindeditor/**"/> <http security="none" pattern="/office_edit_online/**"/> <http security="none" pattern="/modules/zjwfl/javascripts/**"/> <http security="none" pattern="/sys/office/open/* "/> <http security="none" pattern="/**/*.lsc"/> <http security="none" pattern="/**/*.lview"/> <http security="none" pattern="/**/*.js"/> <http security="none" pattern="/**/*.css"/> <http security="none" pattern="/jacob/**"/> <http security="none" pattern="/get_contract_image"/> <http security="none" pattern="/post_sign"/> <http security="none" pattern="/aes/encrypt"/> <http security="none" pattern="/aes/decrypt"/> <!--end leaf--> <http security="none" pattern="/resources/**"/> <http security="none" pattern="/resource/**"/> <http security="none" pattern="/lib/**"/> <http access-decision-manager-ref="accessDecisionManager" entry-point-ref="loginEntryPoint" > <csrf request-matcher-ref="csrfSecurityRequestMatcher"/> <!--<csrf disabled="true"/>--> <intercept-url pattern="/login" access="permitAll"/> <intercept-url pattern="/timeout" access="permitAll"/> <intercept-url pattern="/login.html" access="permitAll"/> <intercept-url pattern="/verifiCode" access="permitAll"/> <intercept-url pattern="/sys/office/**" access="permitAll" /> <intercept-url pattern="/common/**" access="permitAll"/> <intercept-url pattern="/websocket/**" access="permitAll"/> <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/> <access-denied-handler error-page="/access-denied"/> <session-management invalid-session-url="/timeout"/> <!--<form-login login-page='/login' authentication-success-handler-ref="successHandler" authentication-failure-handler-ref="loginFailureHandler"/>--> <!--authentication-failure-url="/login?error=true"/>--> <!-- 验证码拦截器 --> <custom-filter ref="captchaVerifierFilter" before="FORM_LOGIN_FILTER"/> <!-- 替换默认的<form-login>认证 --> <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" /> <logout logout-url="/logout" success-handler-ref="logoutHandler"/> <headers defaults-disabled="true"> <cache-control/> </headers> </http> <!-- 替换<form-login>拦截需要配置登录入口点 --> <beans:bean id="loginEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <!-- 默认登录页的url --> <beans:constructor-arg value="/login" /> </beans:bean> <beans:bean id="loginFailureHandler" class="com.hand.hap.security.LoginFailureHandler"/> <!-- 认证管理器,确定用户,角色及相应的权限 --> <beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"> <!-- 投票器 --> <beans:constructor-arg> <beans:list> <beans:bean class="com.hand.hap.security.CustomWebExpressionVoter"/> <beans:bean class="org.springframework.security.access.vote.RoleVoter"/> <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/> <beans:bean class="com.hand.hap.security.PermissionVoter"/> </beans:list> </beans:constructor-arg> </beans:bean> <!-- 扩展UsernamePasswordAuthenticationFilter并替代<login-form> --> <beans:bean id="authenticationFilter" class="com.hand.hap.security.filter.UsernamePasswordAuthenticationExtendFilter" > <beans:property name="authenticationManager" ref="authenticationManager"/> <beans:property name="authenticationSuccessHandler" ref="successHandler" /> <beans:property name="authenticationFailureHandler" ref="loginFailureHandler"/> </beans:bean> <!--<beans:import resource="standardSecurity-LDAP.xml"/>--> <authentication-manager alias="authenticationManager"> <!--Ldap验证--> <!-- <authentication-provider ref="ldapAuthProvider" />--> <!--标准登录验证--> <authentication-provider user-service-ref="customUserDetailsService"> <password-encoder hash="md5"> </password-encoder> </authentication-provider> </authentication-manager> <beans:bean id="captchaVerifierFilter" class="com.hand.hap.security.CaptchaVerifierFilter"> <beans:property name="captchaField" value="verifiCode"/> </beans:bean> <beans:bean id="successHandler" class="com.hand.hap.security.CustomAuthenticationSuccessHandler"> <!-- <beans:property name="defaultTargetUrl" value="/index"/>--> </beans:bean> <beans:bean id="logoutHandler" class="com.hand.hap.security.CustomLogoutSuccessHandler"></beans:bean> <beans:bean id="csrfSecurityRequestMatcher" class="com.hand.hap.security.CsrfSecurityRequestMatcher"> <beans:property name="excludeUrls"> <beans:list> <beans:value>/login</beans:value> <beans:value>/websocket/**</beans:value> <beans:value>/autocrud/**</beans:value> <beans:value>/**/*.svc</beans:value> <beans:value>/**/*.screen</beans:value> <beans:value>/sys/office/**</beans:value> </beans:list> </beans:property> </beans:bean> </beans:beans>