求 spring security 3.x 高手


我通过login.jsp 登录,结果没有登录成功,但是我找不到原因。以下是拦截信息“-----”是我做的标记求大虾们指教。。--------------------FilterInvocation: URL: /index.jsp
-----needRole:ROLE_ADMIN
----userRole:ROLE_ANONYMOUS
no right...
Hibernate: 
    select
        admin0_.id as id0_,
        admin0_.createDate as createDate0_,
        admin0_.modifyDate as modifyDate0_,
        admin0_.department as department0_,
        admin0_.email as email0_,
        admin0_.isAccountEnabled as isAccoun6_0_,
        admin0_.isAccountLocked as isAccoun7_0_,
        admin0_.isCredentialsExpired as isCreden8_0_,
        admin0_.lockedDate as lockedDate0_,
        admin0_.loginDate as loginDate0_,
        admin0_.loginFailureCount as loginFa11_0_,
        admin0_.loginIp as loginIp0_,
        admin0_.mobile as mobile0_,
        admin0_.password as password0_,
        admin0_.username as username0_ 
    from
        Admin admin0_ 
    where
        admin0_.username=?
Hibernate: 
    select
        roleset0_.adminSet_id as adminSet1_1_,
        roleset0_.roleSet_id as roleSet2_1_,
        role1_.id as id2_0_,
        role1_.createDate as createDate2_0_,
        role1_.modifyDate as modifyDate2_0_,
        role1_.description as descript4_2_0_,
        role1_.isSystem as isSystem2_0_,
        role1_.name as name2_0_,
        role1_.value as value2_0_ 
    from
        Admin_Role roleset0_ 
    left outer join
        Role role1_ 
            on roleset0_.roleSet_id=role1_.id 
    where
        roleset0_.adminSet_id=?
-------setROLE_USER
-------setROLE_ADMIN
application-security.xml<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:aop="http://www.springframework.org/schema/aop"
 xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans 
                    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                     http://www.springframework.org/schema/aop
           http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
           http://www.springframework.org/schema/tx 
           http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
                         http://www.springframework.org/schema/security
                         http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http access-denied-page="/404.jsp" auto-config="true">
<form-login always-use-default-target="true"
default-target-url="/welcome.jsp" login-page="/login.jsp"
authentication-failure-url="/error.jsp" />
<intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/error.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<http-basic/>
       <custom-filter before="FILTER_SECURITY_INTERCEPTOR"
            ref="myFilter" />
        
</http>



 <beans:bean id="myFilter" class="com.wangy.security.MyFilterSecurityInterceptor">
        <beans:property name="authenticationManager"
            ref="authenticationManager" />
        <beans:property name="accessDecisionManager"
            ref="accessDecisionManager" />
        <beans:property name="securityMetadataSource"
            ref="securityMetadataSource" />
    </beans:bean>

   
    <authentication-manager alias="authenticationManager">
        <authentication-provider
            user-service-ref="adminDetailsServiceImpl">
            <!--   如果用户的密码采用加密的话,可以加点“盐”
                <password-encoder hash="md5" />
            -->
        </authentication-provider>
    </authentication-manager>
       <!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 -->
    <beans:bean id="accessDecisionManager"
        class="com.wangy.security.MyAccessDecisionManager">
    </beans:bean>
    
    <!-- 资源源数据定义,即定义某一资源可以被哪些角色访问 -->
    <beans:bean id="securityMetadataSource"
        class="com.wangy.security.MyInvocationSecurityMetadataSource" />   
</beans:beans>