security.xml 3.3 KB

原文件审查历史永久链接

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:beans="http://www.springframework.org/schema/beans" xmlns:p="http://www.springframework.org/schema/p"
             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <http pattern="/images/**" security="none"/>
    <http pattern="/styles/**" security="none"/>
    <http pattern="/scripts/**" security="none"/>
    <http pattern="/assets/**" security="none"/>
    <http pattern="/a/**" security="none"/>


    <http auto-config="true">
        <!--<intercept-url pattern="/app/admin/**" access="ROLE_ADMIN"/>-->
        <!--<intercept-url pattern="/app/passwordHint*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/>-->
        <!--<intercept-url pattern="/app/requestRecoveryToken*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER" />-->
        <!--<intercept-url pattern="/app/updatePassword*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER" />-->
        <!--<intercept-url pattern="/app/signup*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/>-->
        <!--<intercept-url pattern="/app/storage/**" access="ROLE_ANONYMOUS"/>-->
        <intercept-url pattern="/app/userform**" access="ROLE_DEFAULT"/>
        <intercept-url pattern="/app/updatePassword**" access="ROLE_DEFAULT"/>
        <intercept-url pattern="/app/storage/**" access="ROLE_DEFAULT"/>
        <intercept-url pattern="/app/user/role*" access="ROLE_MANAGE_ROLE"/>
        <intercept-url pattern="/app/user/user*" access="ROLE_MANAGE_USER"/>
        <intercept-url pattern="/app/dataLog/*" access="ROLE_MANAGE_DATALOG"/>
        <intercept-url pattern="/app/barcode/*" access="ROLE_MANAGE_BARCODE"/>
        <intercept-url pattern="/app/system/*" access="ROLE_DEFAULT"/>
        <intercept-url pattern="/app/component/component*" access="ROLE_MANAGE_COMPONENT"/>
        <intercept-url pattern="/app/component/bom*" access="ROLE_MANAGE_BOM"/>
        <intercept-url pattern="/app/component/storagePosFind*" access="ROLE_MANAGE_STACK_OUT"/>
        <intercept-url pattern="/app/workOrder/*" access="ROLE_MANAGE_WORKORDER,ROLE_MANAGE_STACK_OUT,ROLE_MANAGE_FEEDER"/>

        <form-login login-page="/login" authentication-failure-url="/login?error=true" login-processing-url="/j_security_check"/>
        <remember-me user-service-ref="userDao" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/>
    </http>

    <authentication-manager>
        <authentication-provider user-service-ref="userDao">
            <password-encoder ref="passwordEncoder"/>
        </authentication-provider>
    </authentication-manager>


    <!-- Override the default password-encoder (BCrypt) by uncommenting the following and changing the class -->
    <!-- <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/> -->

    <!--<global-method-security>-->
        <!--<protect-pointcut expression="execution(* *..service.UserManager.getUsers(..))" access="ROLE_ADMIN"/>-->
        <!--<protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))" access="ROLE_ADMIN"/>-->
    <!--</global-method-security>-->
</beans:beans>