调试易

不太清楚，刚接触[img=http://forum.csdn.net/PointForum/ui/scripts/csdn/Plugin/001/face/16.gif][/img

来我的博客下载那个security开源项目实例吧,相对你看了我的做法,相信对你有帮助

给你我的配置部分代码。
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:s="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"
default-lazy-init="true"> <s:global-method-security secured-annotations="enabled" /> <s:http use-expressions="true" access-decision-manager-ref="accessDecisionManager" access-denied-page="/403">
<s:intercept-url pattern="/css/**" filters="none" />
<s:intercept-url pattern="/images/**" filters="none" />
<s:intercept-url pattern="/js/**" filters="none" />
<s:intercept-url pattern="/login" filters="none" />

<s:intercept-url pattern="/" access="isAuthenticated()" />

<s:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<s:custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="resourceSecurityInterceptor" />
<s:session-management session-authentication-strategy-ref="sas"/>

<!-- <s:form-login login-page="/login" login-processing-url="/j_security_check" default-target-url="/" authentication-failure-url="/login.jsp?error=1"
always-use-default-target="true" /> -->

<s:form-login login-page="/login" default-target-url="/" authentication-failure-url="/login?error=1" 
login-processing-url="/j_security_check"/>
<s:logout invalidate-session="true" logout-success-url="/login" logout-url="/logout" />
</s:http>

<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> <bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<property name="maximumSessions" value="1" />
<property name="exceptionIfMaximumExceeded" value="false" />
</bean> <bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/login?error=3" />
</bean> <s:authentication-manager alias="authenticationManager">
<s:authentication-provider user-service-ref="userDetailsService">
<s:password-encoder hash="md5" />
</s:authentication-provider>
</s:authentication-manager>