Contents
see List<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<beans:bean class="org.springframework.security.authentication.dao.ReflectionSaltSource" id="saltSource">
<beans:property name="userPropertyToUse" value="username" />
</beans:bean>
<beans:bean class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" id="passwordEncoder">
<beans:constructor-arg value="256" />
<beans:property name="encodeHashAsBase64" value="true" />
</beans:bean>
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/add/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')" />
<intercept-url pattern="/bbs/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')" />
<form-login login-page="/account/login.phy" authentication-failure-url="/account/login.phy?login_error=1"
default-target-url="/index.phy" />
<logout logout-success-url="/account/login.phy" invalidate-session="true" />
<session-management>
<concurrency-control max-sessions="1"/>
</session-management>
</http>
<jdbc-user-service id="jdbcUserService" data-source-ref="phyDataSource"
users-by-username-query="select mem_email as username,mem_pass as password,1 as enabled
from MEMBER where mem_email = ?"
authorities-by-username-query="select email as username,authority
from AUTHORITIES where email = ?" />
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="jdbcUserService">
<password-encoder ref="passwordEncoder">
<salt-source ref="saltSource" />
</password-encoder>
</authentication-provider>
</authentication-manager>
</beans:beans>
Comments ( 0 )