<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 页面拦截规则 -->
<http use-expressions="false">
<!--拦截所有路径, access设置访问这个路径的权限 只有用户拥有ROLE_USER权限才可以放行-->
<intercept-url pattern="/**" access="ROLE_USER" />
<!-- login-page:指定登录页面, default-target-url:指定登录成功后默认的页面, authentication-failure-url:登录失败跳转的页面 -->
<form-login login-page="/login.html" default-target-url="/index.html" authentication-failure-url="/login_error.html"/>
<!-- 禁用csrf认证, 设置后系统可以进行跨域访问. -->
<csrf disabled="true"/>
</http>
<!-- 认证管理器 -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="123456" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>