Spring Security 是一个功能强大且高度可定制的安全框架，主要用于保护基于 Spring 的应用程序。它提供了一整套用于身份验证、授权、加密、会话管理等功能的工具和 API，从而帮助开发者快速、有效地保护应用程序。

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {http.authorizeRequests().antMatchers("/", "/home").permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll().and().logout().permitAll();}@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.inMemoryAuthentication().withUser("user").password("{noop}password").roles("USER");}
}

<http><intercept-url pattern="/" access="permitAll" /><intercept-url pattern="/admin/**" access="hasRole('ADMIN')" /><form-login login-page="/login" /><logout logout-url="/logout" />
</http><authentication-manager><authentication-provider><user-service><user name="user" password="password" authorities="ROLE_USER" /></user-service></authentication-provider>
</authentication-manager>