<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!--以下页面不拦截 这里面的配置没有权限也能访问资源--> <http pattern="/login.html" security="none"/> <http pattern="/login_error.html" security="none"/> <!-- 页面拦截规则 use-expressions禁用spel表达式 access访问这个路径的权限 写法必须以ROLE开头 后边跟大写字母--> <http use-expressions="false"> <intercept-url pattern="/**" access="ROLE_USER"/> <!--login-page指定登陆页面 default-target-url指定登陆成功后默认的页面 authentication-failure-url登陆失败后默认的页面--> <form-login login-page="/login.html" default-target-url="/index.html" authentication-failure-url="/login_error.html" /> <!--跨域访问禁用--> <csrf disabled="true"/> </http> <!--认证管理器--> <authentication-manager> <authentication-provider> <user-service> <user name="admin" password="123456" authorities="ROLE_USER"/> </user-service> </authentication-provider> </authentication-manager> </beans:beans>