jsp页面代码如下:
<form name="f" action="${ctx}/j_spring_security_check" method="post"
id="inputForm">
<input type="hidden" name="userType" value="admin" />
<div id="login_default">
<h1>Administrative login</h1>
<div class="login_zone">
<c:if test="${not empty param.error}">
<span style="color: red;" id="errorSpan"> Your login attempt
was not successful, try again.<br />
<br /> Reason: <c:out
value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />. </span>
</c:if>
<c:if test="${empty param.error}">
<br />
</c:if>
<table width="90%" border="0" cellspacing="2" cellpadding="3">
<tr>
<td width="39%">Login:</td>
<td width="61%">
<input type='text' maxlength="50"
class="wd230 required email" name='j_username'
value='<c:if test="${not empty param.error}"><c:out escapeXml = "false" value="${SPRING_SECURITY_LAST_USERNAME}" /></c:if>' />
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' maxlength="8"
class="wd230 required" name='j_password' />
</td>
</tr>
<c:if test="${not empty param.error}">
<tr>
<td>Access Code:</td>
<td><input type='text' maxlength="4" class="required"
name='j_code' id="j_code" size="16" /><img
src="${ctx}/captcha-image.img" id="kaptchaImage" />
</td>
</tr>
</c:if>
<!--
<tr>
<td>Remember me</td>
<td><input type="checkbox" name="_spring_security_remember_me" style="border: none;background: none;"/></td>
</tr>
-->
<tr>
<td> </td>
<td><input type="submit" name="submitBtn" class="button-64"
value="Login" />
<a href="${ctx}/back/forgotPassword" class="second_opt">Forgot password?</a>
</td>
</tr>
</table>
</div>
</div>
</form>
spring security的配置如下:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<description>SpringSecurity Config</description>
<s:http auto-config="true" servlet-api-provision="false" access-denied-page="/layout/noPrivilege.jsp">
<s:intercept-url pattern="/user/**" access="ROLE_Authority_Admin_Base"/>
<s:intercept-url pattern="/back/**" access="ROLE_Authority_Admin_Base"/>
<s:intercept-url pattern="/payment/**" access="ROLE_Authority_Chief_Admin"/>
<s:intercept-url pattern="/systemConfig" access="ROLE_Authority_Chief_Admin"/>
<s:intercept-url pattern="/appSerPack" access="ROLE_Authority_Chief_Admin"/>
<s:intercept-url pattern="/back/cltPayment" access="ROLE_Authority_Chief_Admin"/>
<s:intercept-url pattern="/user/**" access="ROLE_Authority_Chief_Admin"/>
<s:intercept-url pattern="/back/ca/**" access="ROLE_Authority_Chief_Admin"/>
<s:intercept-url pattern="/back/aa/**" access="ROLE_Authority_Account_Admin"/>
<s:intercept-url pattern="/back/dev/**" access="ROLE_Authority_Developer"/>
<s:intercept-url pattern="/back/qc/**" access="ROLE_Authority_Quality_Checker"/>
<s:form-login always-use-default-target="true"
login-page="/backLogin.jsp"
default-target-url="/login_success_by_role_redirect.jsp"
authentication-failure-url="/login_failure_by_role_redirect.jsp?error=1" />
<s:logout logout-success-url="/backLogout.jsp"/>
<s:anonymous enabled="true"/>
</s:http>
<bean id="userDetailsService" class="com.infindo.framework.spring.security.UserDetailsServiceImpl" />
<s:authentication-manager alias="authenticationManager">
<s:authentication-provider user-service-ref="userDetailsService">
<s:password-encoder hash="md5" />
</s:authentication-provider>
</s:authentication-manager>
</beans>
登陆成功后跳转到: login_success_by_role_redirect.jsp
<%@ page contentType="text/html;charset=UTF-8"%>
<%@ include file="/common/taglibs.jsp"%>
<security:authorize ifAllGranted="ROLE_Authority_Chief_Admin">
<c:redirect url="/back/caDashboard?locale=en_US"></c:redirect>
</security:authorize>
<security:authorize ifAllGranted="ROLE_Authority_Account_Admin">
<c:redirect url="/back/pendingPackage?locale=en_US"></c:redirect>
</security:authorize>
<security:authorize ifAllGranted="ROLE_Authority_Quality_Checker">
<c:redirect url="/back/pendingQc?locale=en_US"></c:redirect>
</security:authorize>
<security:authorize ifAllGranted="ROLE_Authority_Developer">
<c:redirect url="/back/pendingNewBinary?locale=en_US"></c:redirect>
</security:authorize>
<security:authorize
ifNotGranted="ROLE_Authority_Admin_Base, ROLE_Authority_Account_Admin, ROLE_Authority_Quality_Checker, ROLE_Authority_Developer">
<c:redirect url="/backLogin.jsp"></c:redirect>
</security:authorize>