默认namespace:"http://www.springframework.org/schema/security"
根节点可能是http, authentication-provider, authentication-manager, user-service, jdbc-user-service, ldap-user-service, filter-invocation-definition-source, ldap-server或者global-method-security。
还有几个元素可以嵌入到其他bean标签里,filter-chain-map, custom-filter, custom-authentication-provider, intercept-methods。
<b:bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy"> <filter-chain-map path-type="ant"> <filter-chain pattern="/**" path-type="ant|regex" filters="httpSessionContextIntegrationFilter, authenticationProcessingFilter, exceptionTranslationFilter, filterInvocationInterceptor" /> </filter-chain-map> </b:bean> <filter-invocation-definition-source id="string" lowercase-comparisons="boolean" path-type="ant|regex"> <intercept-url pattern="string" access="string" method="GET|DELETE|HEAD|OPTIONS|POST|PUT|TRACE" filters="none" requires-channel="http|https|any"/> </filter-invocation-definition-source> <b:bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"> <custom-filter before="AUTHENTICATION_PROCESSING_FILTER" /><!-- before|position|after --> </b:bean> named-security-filter = "FIRST" | "CHANNEL_FILTER" | "CONCURRENT_SESSION_FILTER" | "SESSION_CONTEXT_INTEGRATION_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_PROCESSING_FILTER" | "AUTHENTICATION_PROCESSING_FILTER" | "OPENID_PROCESSING_FILTER" | "BASIC_PROCESSING_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "NTLM_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"
<http auto-config="boolean" create-session="ifRequired|always|never" path-type="ant|regex" lowercase-comparisons="boolean" access-decision-manager-ref="string" realm="Spring Security Application" session-fixation-protection="none|newSession|migrateSession" entry-point-ref="string" once-per-request="boolean" access-denied-page="string"> <intercept-url pattern="string" access="string" method="GET|DELETE|HEAD|OPTIONS|POST|PUT|TRACE" filters="none" requires-channel="http|https|any"/> <form-login login-processing-url="string" default-target-url="string" always-use-default-target="boolean" login-page="string" authentication-failure-url="string"/> <openid-login login-processing-url="string" default-target-url="string" always-use-default-target="boolean" login-page="string" authentication-failure-url="string" user-service-ref="string"/> <x509 subject-principal-regex="string" user-service-ref="string"/> <http-basic/> <logout logout-url="" logout-success-url="" invalidate-session="boolean"/> <concurrent-session-control max-sessions="positiveInteger" expired-url="string" exception-if-maximum-exceeded="boolean" session-registry-alias="string" session-registry-ref="string"/> <remember-me key="string" token-repository-ref="string" remember-me-data-source-ref="string" remember-me-services-ref="string" user-service-ref="string" token-validity-seconds="positiveInteger"/> <anonymous key="string" username="string" granted-authority="string"/> <port-mappings> <port-mapping http="" https=""/> </port-mappings> </http>
<authentication-provider user-service-ref="string"> <user-service id="string" properties="string"> <user name="string" password="string" authorities="string" locked="boolean" disabled="boolean"/> </user-service> <jdbc-user-service id="string" data-source-ref="string" cache-ref="string" users-by-username-query="string" authorities-by-username-query="string" group-authorities-by-username-query="string" role-prefix="string"/> <ldap-user-service id="string" ldap-server-ref="string" user-search-filter="string" user-search-base="string" group-search-filter="string" group-search-base="string" group-role-attribute="string" cache-ref="string" role-prefix="string" user-details-class="string"/> <password-encoder hash="plaintext|sha|sha-256|md5|md4|{sha}|{ssha}" base64="boolean"> <salt-source user-property="string" system-wide="string"/> </password-encoder> </authentication-provider> <authentication-manager alias="string" session-controller-ref="string"/> <b:bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider"> <custom-authentication-provider/> </b:bean>
<ldap-server id="string" url="string" port="integer" manager-dn="string" manager-password="string" ldif="string" root="string" server-ref="string"> </ldap-server> <ldap-authentication-provider ldap-server-ref="string" user-search-filter="string" user-search-base="string" group-search-filter="string" group-search-base="string" group-role-attribute="string" cache-ref="string" role-prefix="string" user-details-class="string"> <password-compare password-attribute="string" hash="string"> <password-encoder hash="plaintext|sha|sha-256|md5|md4|{sha}|{ssha}" base64="boolean"> <salt-source user-property="string" system-wide="string"/> </password-encoder> </password-compare> </ldap-authentication-provider>
<b:bean id="securedObject" class="com.habuma.expectations.springsecurity.intercept.SecuredObject"> <intercept-methods access-decision-manager-ref="string"> <protect access="ROLE_SECRET_AGENT" method="getSecuredData"/> </intercept-methods> </b:bean> <global-method-security secured-annotations="disabled|enabled" jsr250-annotations="disabled|enabled" access-decision-manager-ref="string"> <protect-pointcut expression="string" access="string"/> </global-method-security>