Spring Security 匿名认证
1、项目截图:
2、匿名认证配置:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <security:http auto-config="true"> <security:anonymous enabled="true" key="doesNotMatter" granted-authority="ROLE_ANONYMOUSLY" username="user"></security:anonymous> <security:intercept-url pattern="/admin/**" access="ROLE_USER"/> --设置ROLE_USER访问权限 <security:intercept-url pattern="/common/**" access="ROLE_USER,ROLE_ANONYMOUSLY"/> <security:intercept-url pattern="/**" access="ROLE_USER,ROLE_ANONYMOUSLY"></security:intercept-url> </security:http> <!-- <bean id="anonymousAuthFilter" class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter"> <property name="key" value="doesNotMatter" /> <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS" /> </bean> <bean id="anonymousAuthenticationProvider" class="org.springframework.security.authentication.AnonymousAuthenticationProvider"> <property name="key" value="doesNotMatter" /> </bean>--> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="admin" password="admin" authorities="ROLE_USER"></security:user> <security:user name="user" password="user" authorities="ROLE_ANONYMOUSLY"></security:user> </security:user-service> </security:authentication-provider> </security:authentication-manager> </beans>
admin 登陆后能访问所有页面,而user登陆将返回拒绝授权,如图: