默认namespace:"http://www.springframework.org/schema/security"
根节点可能是http, authentication-provider, authentication-manager, user-service, jdbc-user-service, ldap-user-service, filter-invocation-definition-source, ldap-server或者global-method-security。
还有几个元素可以嵌入到其他bean标签里,filter-chain-map, custom-filter, custom-authentication-provider, intercept-methods。
<b:bean id="springSecurityFilterChain"
class="org.springframework.security.util.FilterChainProxy">
<filter-chain-map path-type="ant">
<filter-chain pattern="/**"
path-type="ant|regex"
filters="httpSessionContextIntegrationFilter,
authenticationProcessingFilter,
exceptionTranslationFilter,
filterInvocationInterceptor" />
</filter-chain-map>
</b:bean>
<filter-invocation-definition-source id="string" lowercase-comparisons="boolean" path-type="ant|regex">
<intercept-url pattern="string"
access="string"
method="GET|DELETE|HEAD|OPTIONS|POST|PUT|TRACE"
filters="none"
requires-channel="http|https|any"/>
</filter-invocation-definition-source>
<b:bean id="authenticationProcessingFilter"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<custom-filter before="AUTHENTICATION_PROCESSING_FILTER" /><!-- before|position|after -->
</b:bean>
named-security-filter =
"FIRST"
| "CHANNEL_FILTER"
| "CONCURRENT_SESSION_FILTER"
| "SESSION_CONTEXT_INTEGRATION_FILTER"
| "LOGOUT_FILTER"
| "X509_FILTER"
| "PRE_AUTH_FILTER"
| "CAS_PROCESSING_FILTER"
| "AUTHENTICATION_PROCESSING_FILTER"
| "OPENID_PROCESSING_FILTER"
| "BASIC_PROCESSING_FILTER"
| "SERVLET_API_SUPPORT_FILTER"
| "REMEMBER_ME_FILTER"
| "ANONYMOUS_FILTER"
| "EXCEPTION_TRANSLATION_FILTER"
| "NTLM_FILTER"
| "FILTER_SECURITY_INTERCEPTOR"
| "SWITCH_USER_FILTER"
| "LAST"
<http auto-config="boolean"
create-session="ifRequired|always|never"
path-type="ant|regex"
lowercase-comparisons="boolean"
access-decision-manager-ref="string"
realm="Spring Security Application"
session-fixation-protection="none|newSession|migrateSession"
entry-point-ref="string"
once-per-request="boolean"
access-denied-page="string">
<intercept-url pattern="string"
access="string"
method="GET|DELETE|HEAD|OPTIONS|POST|PUT|TRACE"
filters="none"
requires-channel="http|https|any"/>
<form-login login-processing-url="string"
default-target-url="string"
always-use-default-target="boolean"
login-page="string"
authentication-failure-url="string"/>
<openid-login login-processing-url="string"
default-target-url="string"
always-use-default-target="boolean"
login-page="string"
authentication-failure-url="string"
user-service-ref="string"/>
<x509 subject-principal-regex="string"
user-service-ref="string"/>
<http-basic/>
<logout logout-url=""
logout-success-url=""
invalidate-session="boolean"/>
<concurrent-session-control max-sessions="positiveInteger"
expired-url="string"
exception-if-maximum-exceeded="boolean"
session-registry-alias="string"
session-registry-ref="string"/>
<remember-me key="string"
token-repository-ref="string"
remember-me-data-source-ref="string"
remember-me-services-ref="string"
user-service-ref="string"
token-validity-seconds="positiveInteger"/>
<anonymous key="string"
username="string"
granted-authority="string"/>
<port-mappings>
<port-mapping http="" https=""/>
</port-mappings>
</http>
<authentication-provider user-service-ref="string">
<user-service id="string" properties="string">
<user name="string" password="string" authorities="string" locked="boolean" disabled="boolean"/>
</user-service>
<jdbc-user-service id="string"
data-source-ref="string"
cache-ref="string"
users-by-username-query="string"
authorities-by-username-query="string"
group-authorities-by-username-query="string"
role-prefix="string"/>
<ldap-user-service id="string"
ldap-server-ref="string"
user-search-filter="string"
user-search-base="string"
group-search-filter="string"
group-search-base="string"
group-role-attribute="string"
cache-ref="string"
role-prefix="string"
user-details-class="string"/>
<password-encoder hash="plaintext|sha|sha-256|md5|md4|{sha}|{ssha}" base64="boolean">
<salt-source user-property="string" system-wide="string"/>
</password-encoder>
</authentication-provider>
<authentication-manager alias="string" session-controller-ref="string"/>
<b:bean id="casAuthenticationProvider"
class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<custom-authentication-provider/>
</b:bean>
<ldap-server id="string"
url="string"
port="integer"
manager-dn="string"
manager-password="string"
ldif="string"
root="string"
server-ref="string">
</ldap-server>
<ldap-authentication-provider ldap-server-ref="string"
user-search-filter="string"
user-search-base="string"
group-search-filter="string"
group-search-base="string"
group-role-attribute="string"
cache-ref="string"
role-prefix="string"
user-details-class="string">
<password-compare password-attribute="string" hash="string">
<password-encoder hash="plaintext|sha|sha-256|md5|md4|{sha}|{ssha}" base64="boolean">
<salt-source user-property="string" system-wide="string"/>
</password-encoder>
</password-compare>
</ldap-authentication-provider>
<b:bean id="securedObject"
class="com.habuma.expectations.springsecurity.intercept.SecuredObject">
<intercept-methods access-decision-manager-ref="string">
<protect access="ROLE_SECRET_AGENT" method="getSecuredData"/>
</intercept-methods>
</b:bean>
<global-method-security secured-annotations="disabled|enabled"
jsr250-annotations="disabled|enabled"
access-decision-manager-ref="string">
<protect-pointcut expression="string" access="string"/>
</global-method-security>