<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"
default-lazy-init="true">
<s:authentication-manager>
<s:authentication-provider>
<s:user-service id = "userService ">
<s:user name="heda" password="111111" authorities="ROLE_USER, ROLE_ADMIN" />
<s:user name="twoqubed" password="longhorns" authorities="ROLE_USER" />
<s:user name="admin" password="admin" authorities="ROLE_ADMIN" />
</s:user-service>
</s:authentication-provider>
</s:authentication-manager>
<!-- 导入自定义的springsecurity国际化文件 -->
<bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:messages_zh_CN" />
</bean>
<bean id="localeResolver"
class="org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver" />
<s:http auto-config="true" use-expressions="true">
<!-- 指定登录页面 -->
<s:form-login login-page="/login" default-target-url="/"/>
<s:logout logout-success-url="/login" />
<s:remember-me />
<s:intercept-url pattern="/login" access="permitAll"/>
<s:intercept-url pattern="/register*" access="permitAll"/>
<s:intercept-url pattern="/resources/**" access="permitAll"/>
<s:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER, ROLE_ADMIN')"/>
<!-- 会话配置管理 -->
<s:session-management invalid-session-url="/login">
<!-- 只允许一个人登陆,并且第二个人登陆不了 -->
<s:concurrency-control max-sessions="1"
error-if-maximum-exceeded="true" />
</s:session-management>
</s:http>
<!-- 启动annotation -->
<s:global-method-security secured-annotations="enabled" />
</beans>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"
default-lazy-init="true">
<s:authentication-manager>
<s:authentication-provider>
<s:user-service id = "userService ">
<s:user name="heda" password="111111" authorities="ROLE_USER, ROLE_ADMIN" />
<s:user name="twoqubed" password="longhorns" authorities="ROLE_USER" />
<s:user name="admin" password="admin" authorities="ROLE_ADMIN" />
</s:user-service>
</s:authentication-provider>
</s:authentication-manager>
<!-- 导入自定义的springsecurity国际化文件 -->
<bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:messages_zh_CN" />
</bean>
<bean id="localeResolver"
class="org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver" />
<s:http auto-config="true" use-expressions="true">
<!-- 指定登录页面 -->
<s:form-login login-page="/login" default-target-url="/"/>
<s:logout logout-success-url="/login" />
<s:remember-me />
<s:intercept-url pattern="/login" access="permitAll"/>
<s:intercept-url pattern="/register*" access="permitAll"/>
<s:intercept-url pattern="/resources/**" access="permitAll"/>
<s:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER, ROLE_ADMIN')"/>
<!-- 会话配置管理 -->
<s:session-management invalid-session-url="/login">
<!-- 只允许一个人登陆,并且第二个人登陆不了 -->
<s:concurrency-control max-sessions="1"
error-if-maximum-exceeded="true" />
</s:session-management>
</s:http>
<!-- 启动annotation -->
<s:global-method-security secured-annotations="enabled" />
</beans>