login.jsp:
<form action="j_spring_security_check" method="post" ><!-- j_spring_security_check -->
<div id="loginWrapper">
<div id="logincontainer">
<div class="loginCont">
<div class="loginTitle"></div>
<div class="loginImg"></div>
<div class="outterloginInfo">
<div class="innerloginInfo">
<div class="loginInfo">
<p><label for="username" >用户名:</label><input type="text" id="userName" name="j_username"/></p>
<pre><p><label for="password" >密 码:</label><input type="password" id="password" name="j_password"/></p></pre>
<p><a href="javascript:login();" class="loginBut">登录</a><a href="javascript:void(0);" class="reset">重置</a></p>
</div>
</div>
<div class="loginFooter"></div>
</div>
</div>
</div>
</div>
</form>
security.xml:
<!--
<beans:bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener" />
-->
<!-- auto-config = true 则使用from-login. 如果不使用该属性 则默认为http-basic(没有session).
access-denied-page:出错后跳转到的错误页面;
--> <http auto-config="true" access-denied-page="/error.jsp"
lowercase-comparisons="true"
access-decision-manager-ref="accessDecisionManager"
session-fixation-protection="migrateSession">
<!-- intercept-url:拦截器,可以设定哪些路径需要哪些权限来访问. filters=none 不使用过滤,也可以理解为忽略 --> <intercept-url pattern="/rest/*" filters="none" />
<intercept-url pattern="/user/userPasswd.do" filters="none" />
<intercept-url pattern="/user/modPass.do" filters="none" />
<intercept-url pattern="/user/*.do"
access="role_admin,role_gbb" />
<intercept-url pattern="/ime/*.do" access="role_admin,role_gbb" />
<intercept-url pattern="/master/*.do"
access="role_admin,role_gbb" />
<intercept-url pattern="/contract/*.do"
access="role_gbb,role_gbb" />
<intercept-url pattern="/orderForm/*.do" access="role_gbb" />
<intercept-url pattern="/process/*.do"
access="role_gbb,role_zds,role_jgzx,role_bzdw,role_wl,role_lygs,role_admin" /> <!-- session-management是针对session的管理. 这里可以不配置. 如有需求可以配置. -->
<!-- id登陆唯一. 后登陆的账号会挤掉第一次登陆的账号 error-if-maximum-exceeded="true" 禁止2次登陆;
session-fixation-protection="none" 防止伪造sessionid攻击. 用户登录成功后会销毁用户当前的session.
创建新的session,并把用户信息复制到新session中.
-->
<concurrent-session-control exception-if-maximum-exceeded="true"
max-sessions="1" expired-url="/"
session-registry-ref="sessionRegistry" />
<!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面 默认登录保护url -->
<form-login login-page="/login.jsp"
authentication-failure-url="/login.jsp"
default-target-url="/index.do" />
<!-- logout-success-url:成功注销后跳转到的页面; -->
<logout logout-url="/logout.do" logout-success-url="/login.jsp"
invalidate-session="true" />
<http-basic />
</http>
<form action="j_spring_security_check" method="post" ><!-- j_spring_security_check -->
<div id="loginWrapper">
<div id="logincontainer">
<div class="loginCont">
<div class="loginTitle"></div>
<div class="loginImg"></div>
<div class="outterloginInfo">
<div class="innerloginInfo">
<div class="loginInfo">
<p><label for="username" >用户名:</label><input type="text" id="userName" name="j_username"/></p>
<pre><p><label for="password" >密 码:</label><input type="password" id="password" name="j_password"/></p></pre>
<p><a href="javascript:login();" class="loginBut">登录</a><a href="javascript:void(0);" class="reset">重置</a></p>
</div>
</div>
<div class="loginFooter"></div>
</div>
</div>
</div>
</div>
</form>
security.xml:
<!--
<beans:bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener" />
-->
<!-- auto-config = true 则使用from-login. 如果不使用该属性 则默认为http-basic(没有session).
access-denied-page:出错后跳转到的错误页面;
--> <http auto-config="true" access-denied-page="/error.jsp"
lowercase-comparisons="true"
access-decision-manager-ref="accessDecisionManager"
session-fixation-protection="migrateSession">
<!-- intercept-url:拦截器,可以设定哪些路径需要哪些权限来访问. filters=none 不使用过滤,也可以理解为忽略 --> <intercept-url pattern="/rest/*" filters="none" />
<intercept-url pattern="/user/userPasswd.do" filters="none" />
<intercept-url pattern="/user/modPass.do" filters="none" />
<intercept-url pattern="/user/*.do"
access="role_admin,role_gbb" />
<intercept-url pattern="/ime/*.do" access="role_admin,role_gbb" />
<intercept-url pattern="/master/*.do"
access="role_admin,role_gbb" />
<intercept-url pattern="/contract/*.do"
access="role_gbb,role_gbb" />
<intercept-url pattern="/orderForm/*.do" access="role_gbb" />
<intercept-url pattern="/process/*.do"
access="role_gbb,role_zds,role_jgzx,role_bzdw,role_wl,role_lygs,role_admin" /> <!-- session-management是针对session的管理. 这里可以不配置. 如有需求可以配置. -->
<!-- id登陆唯一. 后登陆的账号会挤掉第一次登陆的账号 error-if-maximum-exceeded="true" 禁止2次登陆;
session-fixation-protection="none" 防止伪造sessionid攻击. 用户登录成功后会销毁用户当前的session.
创建新的session,并把用户信息复制到新session中.
-->
<concurrent-session-control exception-if-maximum-exceeded="true"
max-sessions="1" expired-url="/"
session-registry-ref="sessionRegistry" />
<!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面 默认登录保护url -->
<form-login login-page="/login.jsp"
authentication-failure-url="/login.jsp"
default-target-url="/index.do" />
<!-- logout-success-url:成功注销后跳转到的页面; -->
<logout logout-url="/logout.do" logout-success-url="/login.jsp"
invalidate-session="true" />
<http-basic />
</http>
HTTP Status 404 - /gj/j_spring_security_checktype Status reportmessage /gj/j_spring_security_checkdescription The requested resource (/gj/j_spring_security_check) is not available.Apache Tomcat/6.0.30