<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<bean id="customAccessDenied" class="org.joonzis.security.CustomAccessDeniedHandler"></bean>
<bean id="customLoginSuccess" class="org.joonzis.security.CustomLoginSuccessHandler"></bean>
<!-- 이동하는 경로 -->
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/sample/all" access="permitALL"/>
<security:intercept-url pattern="/sample/member" access="hasRole('ROLE_MEMBER')"/><!-- hasRole은 MEMBER에 권한을 가지고있는지 물어보는것 -->
<security:intercept-url pattern="/sample/admin" access="hasRole('ROLE_ADMIN')"/><!-- hasRole은 ADMIN에 권한을 가지고있는지 물어보는것 -->
<security:form-login login-page="/customLogin" authentication-success-handler-ref="customLoginSuccess"/> <!-- 로그인 -->
<security:logout logout-url="/customLogout" invalidate-session="true"/><!-- 로그아웃 -->
<!--<security:access-denied-handler error-page="/accessError"/> --> <!-- 접근 제한 처리 -->
<security:access-denied-handler ref="customAccessDenied"/>
<security:csrf disabled="true"/>
</security:http>
<!--인증절차 권한 -->
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="member" password="{noop}1234" authorities="ROLE_MEMBER"/>
<security:user name="admin" password="{noop}admin" authorities="ROLE_MEMBER, ROLE_ADMIN"/><!-- 한계정에 하위권한을 준것(다중권한) -->
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
