-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecurity.xml
35 lines (32 loc) · 2.08 KB
/
security.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http access-denied-page="/resources/error403.html">
<intercept-url pattern="/auth*" access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMIN"/>
<intercept-url pattern="/loggedOut*" access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMIN"/>
<intercept-url pattern="/newUser*" access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMIN"/>
<intercept-url pattern="/users*" access="ROLE_ADMIN"/>
<intercept-url pattern="/*" access="ROLE_USER"/>
<!--intercept-url pattern="/*" access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMIN"/-->
<form-login login-page="/auth.do" authentication-failure-url="/auth.do?error"/>
<logout logout-success-url="/loggedOut.do"/>
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="securityDataSource"
users-by-username-query="select username, password, 1 as enabled from users where username = ?"
authorities-by-username-query="select username, role from (
select username, 'ROLE_ADMIN' role
from users
where (isadmin = 1)
UNION
select username, 'ROLE_USER' role
from users
) where username = ?"/>
</authentication-provider>
</authentication-manager>
</beans:beans>