applicationContext-security.xml 也要修改

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:s="http://www.springframework.org/schema/security"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"
 default-lazy-init="true">

 <description>SpringSecurity安全配置</description>
 
 <!-- 方法安全配置 -->
 <s:global-method-security secured-annotations="enabled"
  jsr250-annotations="enabled" pre-post-annotations="enabled"> 
 </s:global-method-security>
 <!-- 方法安全配置结束 -->
 
 <!-- http安全配置 -->
 <!-- access-denied-page="" -->
 <s:http auto-config="true" use-expressions="true">
  
  <!--  login.action自动回去找login.jsp的-->
  <!-- login-page登录页面 default-target-url登录成功以后跳转页面 authentication-failure-url认证失败的页面
   <access-denied-handler>errorPage 提示没有权限的页面
   springside不足1:
   always-use-default-target = "true" 不写的话不能正常的跳转到default-target-url
  -->
  <s:form-login login-page="/manager/login.jsp"
   default-target-url="/swp/mainPage" always-use-default-target="true"
   authentication-failure-url="/manager/login.jsp?error=true" />
  <s:logout logout-success-url="/" />
  
  <!--  springside 不足2-->
  <!-- session管理配置 -->
   <s:session-management invalid-session-url="/common/timeout.jsp">
   </s:session-management>
  <!-- session管理配置结束 -->
  
  <!-- 进行WEB安全配置 -->
  <s:intercept-url pattern="/css/**" filters="none" />
  <s:intercept-url pattern="/img/**" filters="none" />
  <s:intercept-url pattern="/js/**" filters="none" />
  <s:intercept-url pattern="/manager/login.jsp" filters="none" />
  <s:intercept-url pattern="/manager/register.jsp" filters="none" />

  <s:intercept-url pattern="/login"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/swp/*"
   access="hasAnyRole('ROLE_ADMIN','ROLE_USER')" />
  <s:intercept-url pattern="/manager/*"
   access="hasAnyRole('ROLE_ADMIN')" />

  <s:intercept-url pattern="/page"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/page/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/mod" access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/mod/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/site"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/site/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/style"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/style/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/sitemodproperty"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/sitemodproperty/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/sitepage"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/sitepage/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/sitecategory"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/sitecategory/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/pageproperty"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/pageproperty/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/pagemodproperty"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/pagemodproperty/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/pagemod"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/pagemod/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/pagelayoutcategory"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/pagelayoutcategory/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/pagecategory"
   access="hasAnyRole('ROLE_管理员')" />
  <s:intercept-url pattern="/pagecategory/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/modproperty"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/modproperty/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/modcategory"
   access="hasAnyRole('ROLE_ADMIN')" />
  <s:intercept-url pattern="/modcategory/*"
   access="hasAnyRole('ROLE_ADMIN')" />
  <!-- WEB安全配置结束 -->
 </s:http>

 <!-- 认证配置, 使用userDetailsService提供的用户信息 -->
 <s:authentication-manager alias="authenticationManager">
  <s:authentication-provider
   user-service-ref="userDetailsService">
   <s:password-encoder hash="plaintext" />
  </s:authentication-provider>
 </s:authentication-manager>

 <!-- 项目实现的用户查询服务 -->
 <bean id="userDetailsService"
  class="com.snda.swp.account.service.UserDetailsServiceImpl" />
</beans>