Spring Security 匿名认证

1、项目截图:

Spring Security 匿名认证

2、匿名认证配置:

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xmlns:security="http://www.springframework.org/schema/security"

       xsi:schemaLocation="http://www.springframework.org/schema/beans

       http://www.springframework.org/schema/beans/spring-beans.xsd

       http://www.springframework.org/schema/security

       http://www.springframework.org/schema/security/spring-security.xsd">

    <security:http auto-config="true">

        <security:anonymous enabled="true" key="doesNotMatter" granted-authority="ROLE_ANONYMOUSLY" username="user"></security:anonymous>

        <security:intercept-url pattern="/admin/**" access="ROLE_USER"/> --设置ROLE_USER访问权限

        <security:intercept-url pattern="/common/**" access="ROLE_USER,ROLE_ANONYMOUSLY"/>

        <security:intercept-url pattern="/**" access="ROLE_USER,ROLE_ANONYMOUSLY"></security:intercept-url>

    </security:http>

<!--    <bean id="anonymousAuthFilter"

          class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">

        <property name="key" value="doesNotMatter" />

        <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS" />

    </bean>



    <bean id="anonymousAuthenticationProvider"

          class="org.springframework.security.authentication.AnonymousAuthenticationProvider">

        <property name="key" value="doesNotMatter" />

    </bean>-->

    <security:authentication-manager>

        <security:authentication-provider>

            <security:user-service>

                <security:user name="admin" password="admin" authorities="ROLE_USER"></security:user>

                <security:user name="user" password="user" authorities="ROLE_ANONYMOUSLY"></security:user>

            </security:user-service>

        </security:authentication-provider>

    </security:authentication-manager>

</beans>

admin 登陆后能访问所有页面,而user登陆将返回拒绝授权,如图:

Spring Security 匿名认证

你可能感兴趣的:(Spring Security)