spring_security 问题求解

本人的项目是从spring_security2.0升级到spring_security3.1的，在2.0的时候是可以用的。
在更新的过程中做了相应的修改后，登陆的方法已经是返回success了，但登陆完成后还是重新跳转到
login.jsp页面，特将配置文件及logon方法贴出，求大家解惑，谢谢了~~
security.xml配置文件：
<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<global-method-security secured-annotations="enabled"/>
<http pattern="/login.jsp" security="none" ></http>
<http pattern="/loging.jsp" security="none"></http>
<http pattern="/wap/login/wap_login.jsp*" security="none"></http>
<http pattern="/wap/dosktop/desktop_ifrm.jsp*" security="none"></http>
<http pattern="/wap/dosktop/default_unsettldMission.jsp*" security="none" ></http>
<http pattern="/msg.jsp*" security="none"></http>
<http pattern="logon.action*" security="none"></http>
<http pattern="/forceLogon.action*" security="none"></http>
<http pattern="/loginSelectUnit.action*" security="none" ></http>
<http pattern="/dwr/*" security="none" ></http>
<http pattern="/commons/*" security="none" ></http>
<http pattern="/includes/*" security="none"/>
<http pattern="/web-resources/*" security="none" ></http>
<http pattern="/wap/findUnitsByLogonName_login.action?*" security="none"/>
<http pattern="/default.jsp" security="none"></http>



<http auto-config="true" access-denied-page="/commons/403.jsp">
<form-login login-page="/login.jsp" default-target-url="/index.jsp" />
<intercept-url pattern="/index.jsp" access="ROLE_USER,ROLE_SUPERVISOR,ROLE_MENU_SAFETYMANAGER,ROLE_MENU_SAFETYMANAGER_SAFETYDEAL_FOODHEALTHSAFETYOFFICE,ROLE_MENU_SAFETYMANAGER_SAFETYDEAL_SCHOOLESAFETYOFFICE,ROLE_MENU_SAFETYMANAGER_SAFETYDEAL_PRODUCTIONSAFETYOFFICE,ROLE_ACCOUNTCENTER" />
<intercept-url pattern="/default.jsp" access="ROLE_USER,ROLE_SUPERVISOR,ROLE_MENU_SAFETYMANAGER,ROLE_MENU_SAFETYMANAGER_SAFETYDEAL_FOODHEALTHSAFETYOFFICE,ROLE_MENU_SAFETYMANAGER_SAFETYDEAL_SCHOOLESAFETYOFFICE,ROLE_MENU_SAFETYMANAGER_SAFETYDEAL_PRODUCTIONSAFETYOFFICE,ROLE_ACCOUNTCENTER" />
<intercept-url pattern="/indexdesktop.jsp"  access="ROLE_USER,ROLE_SUPERVISOR,ROLE_MENU_SAFETYMANAGER,ROLE_MENU_SAFETYMANAGER_SAFETYDEAL_FOODHEALTHSAFETYOFFICE,ROLE_MENU_SAFETYMANAGER_SAFETYDEAL_SCHOOLESAFETYOFFICE,ROLE_MENU_SAFETYMANAGER_SAFETYDEAL_PRODUCTIONSAFETYOFFICE,ROLE_ACCOUNTCENTER" />


<logout invalidate-session="true" logout-success-url="/login.jsp" />
<session-management>
<concurrency-control expired-url="/login.jsp" error-if-maximum-exceeded="false" max-sessions="1"/>
</session-management>
</http>
<authentication-manager>
<authentication-provider user-service-ref="userManager">
<password-encoder hash="md5"/>


</authentication-provider>
</authentication-manager>

<beans:bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<beans:property name="basename" value="config/i18n/messages"/>
</beans:bean>

</beans:beans>
spring_securityspringsecurity

解决方案 »

免费领取超大流量手机卡，每月29元包185G流量+100分钟通话, 中国电信官方发货

logon方法：
public String logon() {
try {
if(user==null)user=new User();
Pattern p=Pattern.compile("[a-zA-Z0-9_]{1,30}");
Pattern p1=Pattern.compile("[a-zA-Z0-9]{32}");
if(user.getName()!=null&&!"".equals(user.getName().trim())&&user.getPassword()!=null&&!"".equals(user.getPassword().trim())){
user.setName(StrUtils.stringFilter(user.getName().trim()));
user.setPassword(StrUtils.stringFilter(user.getPassword().trim()));
if(!(p.matcher(user.getName()).matches())&&!(p1.matcher(user.getPassword())).matches()){
user.setMsg("您的用户名或密码有误，请重新登录");
if(unitID!=null && !"".equals(unitID)){
return "LoginFail";
}
return ERROR;
}
if(sql_inj(user.getName())||sql_inj(user.getPassword())){
user.setMsg("您输入的用户名或者密码中含有sql关键字，请重新登录");
if(unitID!=null && !"".equals(unitID)){
return "LoginFail";
}
return ERROR;
}
}else{
user.setMsg("请重新登录!");
if(unitID!=null && !"".equals(unitID)){
return "LoginFail";
}
return ERROR;
}
List<User> users = findUsersByLogonNameAndPassword(user.getName().trim(), user.getPassword().trim());
/*
String _vali_code= null;
try {
_vali_code= ActionContext.getContext().getSession().get("randomImageStr").toString();
} catch (Exception e) {
// e.printStackTrace();
}

if(vali_code!=null&&!vali_code.equalsIgnoreCase(_vali_code)){
System.out.println("验证码错误!");
user.setId(null);
user.setMsg("您的验证码有误,请检查!");
return  ERROR;
}
*/
if (users.size() > 1 && ( unitID==null || "".equals(unitID) )) {
user = users.get(0);
units = findUnitsByLogonNameAndPassword(user.getName().trim(),
user.getPassword().trim());
return "toLoginSelectUnit";
} else if (users.size() == 1) {
user = users.get(0);
if (StringUtils.isNotBlank(user.getId())&& ( unitID==null || "".equals(unitID) )) {
String uType = user.getUserType();
if(acAttendanceInstanceService.isBelunitUser(user)){
if (UserManager.onlineKjzxPersonMap.containsKey(user.getId())) {// 判断当前个人用户是否已经登录，或是非正常退出
user.setMsg("您的账号在别处已经登录或您是未正常退出或是您在重复登录平台。请确认是否强制登录平台。");
if(unitID!=null && !"".equals(unitID)){
return "LoginFail";
}
return ERROR;
}
}else {
if ("1".equals(uType)) {// 是个人登录
if (UserManager.onlinePersonMap.containsKey(user.getId())) {// 判断当前个人用户是否已经登录，或是非正常退出
user.setMsg("您的账号在别处已经登录或您是未正常退出或是您在重复登录平台。请确认是否强制登录平台。");
if(unitID!=null && !"".equals(unitID)){
return "LoginFail";
}
return ERROR;
}
}else if ("2".equals(uType)) {// 单位登录
if (UserManager.onlineUnitMap.containsKey(user.getId())) {
user.setMsg("您的账号在别处已经登录或您是未正常退出或是您在重复登录平台。请确认是否强制登录平台。");
if(unitID!=null && !"".equals(unitID)){
return "LoginFail";
}
return ERROR;
}
}
  }
}
// 修改 user.getName() 为user.getId()
parameters = "j_username=" + user.getId() + "&j_password="
+ user.getPassword();
List<Resource> resources = resourceManager.gerResourcesByUser(user.getId());
Map<String, String> userAuthorities = new HashMap<String, String>();
        for(Resource resource : resources) {
         userAuthorities.put(resource.getContent(), resource.getRoleAuthorities());
        }


        request.getSession().setAttribute("userName", user.getName());
        if(user.getUnit().getId().equals("1BD62CB223EE451BA325D2F0C4BB7C84")){
        if(!user.getUserType().equals("2")){
        vdt=viewDepartmentManager.getEntity(user.getId()).getFather();
        request.getSession().setAttribute("bumen", vdt.getName());
        }
        }
        request.getSession().setAttribute("loginResourceAuthorities", userAuthorities);
        System.out.println(user.getUnit().getId());
     if(unitID!=null && !"".equals(unitID)){
request.getSession().setAttribute("unitID", unitID);
}else{
request.getSession().removeAttribute("unitID");
}
return SUCCESS;
} else {
user.setId(null);
user.setMsg("您的用户名或密码有误,请检查!");
if(unitID!=null && !"".equals(unitID)){
return "LoginFail";
}
return ERROR;
}
} catch (Exception e) {
user.setId(null);
user.setMsg("系统错误，请联系管理员。");
e.printStackTrace();
if(unitID!=null && !"".equals(unitID)){
return "LoginFail";
}
return ERROR;
}
}
跳转的配置文件：
<struts>
<package name="/" extends="default">
<action name="*" class="logonAction" method="{1}">
<result name="success" type="redirect">
/j_spring_security_check?${parameters}
</result>
<result name="error">/login.jsp</result>
<result name="toLoginSelectUnit">
/pub_login_choose_unit.jsp
</result>
<result name="LoginSuccess">/wap/dosktop/desktop_ifrm.jsp</result>
<result name="LoginFail">/wap/login/login_wap.jsp</result>
</action>
</package>
</struts>