17 năm trước cách đây · 6ccdcec629
--- a/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -18,26 +18,26 @@
 
				         -->

			
 
				     </global-method-security>

			
 
				 

			
 
				-    <http auto-config="true">

			
 
				-        <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>

			
 
				-        <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />

			
 
				+    <http auto-config="true" use-expressions="true">

			
 
				+        <intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_SUPERVISOR')"/>

			
 
				+        <intercept-url pattern="/secure/**" access="isAuthenticated()" />

			
 
				         <!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead

			
 
				         <intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />

			
 
				         <intercept-url pattern="/post.html" access="ROLE_TELLER" />

			
 
				         -->

			
 
				-        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

			
 
				+        <intercept-url pattern="/**" access="permitAll" />

			
 
				         <remember-me />

			
 
				 <!--

			
 
				     Uncomment to enable X509 client authentication support

			
 
				         <x509 />

			
 
				 -->

			
 
				 

			
 
				-        <!-- All of this is unnecessary if auto-config="true"

			
 
				+<!-- All of this is unnecessary if auto-config="true"

			
 
				         <form-login />

			
 
				         <anonymous />

			
 
				         <http-basic />

			
 
				         <logout />

			
 
				-        <remember-me /> -->

			
 
				+-->

			
 
				 

			
 
				         <!-- Uncomment to limit the number of sessions a user can have

			
 
				         <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>

			
--- a/samples/tutorial/src/main/webapp/WEB-INF/classes/log4j.properties
+++ b/samples/tutorial/src/main/webapp/WEB-INF/classes/log4j.properties
@@ -1,18 +1,16 @@
 
				 # Global logging configuration

			
 
				-log4j.rootLogger=WARN, stdout, fileout

			
 
				+log4j.rootLogger=WARN, stdout

			
 
				 

			
 
				-log4j.logger.org.springframework.security=DEBUG, stdout, fileout

			
 
				+log4j.logger.org.springframework.security=DEBUG

			
 
				 

			
 
				 # Console output...

			
 
				 log4j.appender.stdout=org.apache.log4j.ConsoleAppender

			
 
				 log4j.appender.stdout.layout=org.apache.log4j.PatternLayout

			
 
				-log4j.appender.stdout.layout.conversionPattern=[%p,%c{1},%t] %m%n

			
 
				+log4j.appender.stdout.layout.conversionPattern=[%p,%c{1}] %m%n

			
 
				 

			
 
				 # Rolling log file output...

			
 
				-log4j.appender.fileout=org.apache.log4j.RollingFileAppender

			
 
				+log4j.appender.fileout=org.apache.log4j.FileAppender

			
 
				 log4j.appender.fileout.File=spring-security-tutorial.log

			
 
				-#log4j.appender.fileout.File=${webapp.root}/WEB-INF/log4j.log

			
 
				-log4j.appender.fileout.MaxFileSize=1024KB

			
 
				-log4j.appender.fileout.MaxBackupIndex=1

			
 
				 log4j.appender.fileout.layout=org.apache.log4j.PatternLayout

			
 
				 log4j.appender.fileout.layout.conversionPattern=%d{ABSOLUTE} %5p %c{1},%t:%L - %m%n

			
 
				+log4j.appender.fileout.Append=false