<b:beans xmlns="http://www.springframework.org/schema/security" xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- <debug /> --> <!-- 使用spring-security进行后台鉴权 --> <!--<global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" secured-annotations="enabled"/>--> <!-- Static resources --> <http pattern="/version.html" security="none" /> <http pattern="/ping.html" security="none" /> <http entry-point-ref="restAuthenticationEntryPoint" create-session="stateless"> <!-- https://springcloud.cc/spring-security-zhcn.html --> <intercept-url pattern="/api/v1/cache/getallcache" access="permitAll" /> <intercept-url pattern="/api/v1/user/login" access="permitAll" /> <intercept-url pattern="/api/v1/approval/**" access="permitAll" /> <intercept-url pattern="/ebs/api/v1/dd/**" access="permitAll" /> <intercept-url pattern="/api/**" access="authenticated" /> <intercept-url pattern="/**" access="permitAll" /> <headers> <frame-options policy="SAMEORIGIN" /> </headers> <csrf disabled="true" /> <custom-filter position="PRE_AUTH_FILTER" ref="jwtAuthenticationFilter" /> </http> <b:bean id="jwtAuthenticationFilter" class="pwc.taxtech.atms.security.JwtAuthenticationFilter"> <b:property name="authenticationManager" ref="authenticationManager" /> <b:property name="authenticationSuccessHandler" ref="jwtAuthenticationSuccessHandler" /> </b:bean> <authentication-manager alias="authenticationManager"> <authentication-provider ref="jwtAuthenticationProvider" /> </authentication-manager> </b:beans>