[/code][code="java"]
配置
<global-method-security />
<http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">
<intercept-url pattern="/login.action*" filters="none" />
<intercept-url pattern="/index.action*" access="ROLE_COMPANY" />
<intercept-url pattern="/user.action*" access="ROLE_USER" />
<logout/>
<remember-me/>
</http>
<authentication-provider user-service-ref="customUserDetailsService" />
<beans:bean id="customUserDetailsService" class="com.jrd.security.CustomerUserDetailService" />
<beans:bean id="authenticationProcessingFilter" class="com.jrd.security.MyAuthenticationProcessingFilter">
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
<beans:property name="defaultTargetUrl" value="/logined.action" />
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<authentication-manager alias="authenticationManager" />
<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<beans:property name="loginFormUrl" value="/login.action" />
<beans:property name="forceHttps" value="false" />
</beans:bean>
2.
public class MyAuthenticationProcessingFilter extends
AuthenticationProcessingFilter