zoukankan      html  css  js  c++  java
  • springSecurity的intercept配置

    需要注意,如果use-expressions="true"或"false"的配置方式是不一样的,如果启用表达式,则需要看一下org.springframework.security.access.expression.SecurityExpressionRoot类就能明白如何使用,该类是个抽象类,但类中并无抽象方法,这样设计一定有其用意,这个等过段时间了解了再写。示例如下:

    <s:http auto-config="true" use-expressions="true">
      <s:intercept-url pattern="/login.html" access="permitAll"/>
      <s:intercept-url pattern="/**" access="denyAll" />
      <s:form-login login-page="/login.html" default-target-url="/" authentication-failure-url="/login.html" />
     </s:http>

    如果没有启用表达式,则配置形式如下:

     <http auto-config="true">
             <!--  <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/> -->
             <intercept-url pattern="/pages/BackStage/*.do" access="ROLE_ADMIN"/>
             <intercept-url pattern="/pages/Users/*.do" access="ROLE_ADMIN,ROLE_USER"/>
             <intercept-url pattern="/CredentialImage" access="ROLE_USER"/>
             <intercept-url pattern="/pages/OrderInfo/*.do" access="ROLE_USER"/>
            <form-login login-page="/common/Login/login.do" authentication-failure-url="/common/Login/login.do" default-target-url="/pages/Users/gotoBaseInfo.do"/>
            <http-basic/>
            <logout logout-success-url="/index.jsp"/>
           
            <session-management invalid-session-url="/index.jsp">
             <concurrency-control max-sessions="1" expired-url="/test.jsp" />
         </session-management>
         
            <remember-me />
        </http>

  • 相关阅读:
    快考试了
    16号了
    终于找到网吧了,写写今天
    又打了一天的篮球
    (转载)Andoid2.X各字段意义
    (转载)AndroidMatrixCursor
    (转载)非常好 必须要顶
    (转载)Android Cursor之MergeCursor
    七天开发安卓软件(二)
    “Visual Studio.net已检测到指定的Web服务器运行的不是Asp.net1.1版。您将无法运行Asp.net Web应用程序或服务”问题的解决方法
  • 原文地址:https://www.cnblogs.com/hzhuxin/p/2290592.html
Copyright © 2011-2022 走看看