<security:http auto-config="true" use-expressions="true" access-denied-page="/auth/denied" >
<security:intercept-url pattern="/auth/login" access="permitAll"/>
<security:intercept-url pattern="/main/common" access="permitAll"/>
<security:intercept-url pattern="/main/admin" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/user/view" access="hasRole('ROLE_USER')"/>
<security:intercept-url pattern="/user/edit" access="hasRole('ROLE_ADMIN')"/>
<security:form-login
login-page="/auth/login"
authentication-failure-url="/auth/login?error=true"
default-target-url="/main/common"/>
<security:logout
invalidate-session="true"
logout-success-url="/auth/login"
logout-url="/auth/logout"/>
</security:http>
上面的配置,效果如下:
当未登录,去访问一个需要权限的页面时,会跳到/auth/login页面,提醒登录。
当登录,去访问一个权限不够的页面时,会跳到/auth/denied页面,提示权限不足。
通过接口/auth/login登录成功后,进入页面/main/common;通过接口/auth/login登录失败时,访问/auth/login?error=true。
通过接口/auth/logout退出登录后,进入页面/auth/login。
demo下载地址:http://download.csdn.net/download/xuyouxin1/10138133
网友评论