springSecurity的intercept配置

需要注意,如果use-expressions="true"或"false"的配置方式是不一样的,如果启用表达式,则需要看一下org.springframework.security.access.expression.SecurityExpressionRoot类就能明白如何使用,该类是个抽象类,但类中并无抽象方法,这样设计一定有其用意,这个等过段时间了解了再写。示例如下:

<s:http auto-config="true" use-expressions="true">
  <s:intercept-url pattern="/login.html" access="permitAll"/>
  <s:intercept-url pattern="/**" access="denyAll" />
  <s:form-login login-page="/login.html" default-target-url="/" authentication-failure-url="/login.html" />
 </s:http>

如果没有启用表达式,则配置形式如下:

 <http auto-config="true">
         <!--  <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/> -->
         <intercept-url pattern="/pages/BackStage/*.do" access="ROLE_ADMIN"/>
         <intercept-url pattern="/pages/Users/*.do" access="ROLE_ADMIN,ROLE_USER"/>
         <intercept-url pattern="/CredentialImage" access="ROLE_USER"/>
         <intercept-url pattern="/pages/OrderInfo/*.do" access="ROLE_USER"/>
        <form-login login-page="/common/Login/login.do" authentication-failure-url="/common/Login/login.do" default-target-url="/pages/Users/gotoBaseInfo.do"/>
        <http-basic/>
        <logout logout-success-url="/index.jsp"/>
       
        <session-management invalid-session-url="/index.jsp">
         <concurrency-control max-sessions="1" expired-url="/test.jsp" />
     </session-management>
     
        <remember-me />
    </http>

你可能感兴趣的:(SpringSecurity)