spring核心配置文件_Shiro权限控制配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
 xmlns:context="http://www.springframework.org/schema/context"
 xmlns:jdbc="http://www.springframework.org/schema/jdbc" xmlns:tx="http://www.springframework.org/schema/tx"
 xmlns:jpa="http://www.springframework.org/schema/data/jpa" xmlns:task="http://www.springframework.org/schema/task"
 xsi:schemaLocation="
  http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
  http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
  http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
  http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc.xsd
  http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
  http://www.springframework.org/schema/data/jpa
  http://www.springframework.org/schema/data/jpa/spring-jpa.xsd">
 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
  <!-- 安全管理器 -->
  <property name="securityManager" ref="securityManager" />
  <!-- 未认证要跳转的页面 -->
  <property name="loginUrl" value="/login.html" />
  <!-- 登陆成功要跳转的页面 -->
  <property name="successUrl" value="/index.html" />
  <!-- 认证后，未授权要跳转的页面 -->
  <property name="unauthorizedUrl" value="/unauthorized.html" />
  <!-- shiro URL 控制过滤器规则 -->
  <property name="filterChainDefinitions">
   <value>
    /login.html* = anon
    /validatecode.jsp* = anon
    /user_login.action* = anon
    /css/** = anon
    /js/** = anon
    /images/**=anon
    /upload/** = anon
    /services/** = anon
    /pages/base/courier.html* =perms[courier:list]
    /pages/base/area.html* = roles[base]
    /** = authc
   </value>
  </property>
 </bean>
 <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
  <property name="realm" ref="bosRealm"></property>
 </bean>

 <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

 <bean
  class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
  depends-on="lifecycleBeanPostProcessor">
  <property name="proxyTargetClass" value="true"></property>
 </bean>
 <bean
  class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
  <property name="securityManager" ref="securityManager" />
 </bean>
</beans>