spring security 权限分配问题

我在测试的项目上引进了spring security 基于名称空间配置的安全架构,遇到一个问题,请指教下!
配置代码如下:
<?xml version="1.0" encoding="UTF-8"?>
<!--
  - 基于名称空间配置
  -->
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">

	<global-method-security secured-annotations="enabled">
	</global-method-security>
											
    <http access-denied-page="/error.jsp" session-fixation-protection="newSession" auto-config="true" path-type="ant" ><!--session-fixation-protection属性可以防止session固定攻击  -->
       <!-- 权限入口的顺序十分重要,注意必须把特殊的URL权限写在一般的URL权限之前。 -->        
		<intercept-url pattern="/acegiTest.do" access="ROLE_SUPERVISOR"/>        
        <intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_REMEMBERED" />
        <intercept-url pattern="/role1.jsp" access="ROLE_USER_1"/>
        <intercept-url pattern="/role2.jsp" access="ROLE_USER_2"/>
        <intercept-url pattern="/role3.jsp" access="ROLE_USER_3"/>
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<!--
    	x509认证
        <x509 /> 
		-->

        <!-- All of this is unnecessary if auto-config="true"
        <form-login />
        <anonymous />
        <http-basic />
        <logout />
        <remember-me /> -->
        <form-login login-page="/login.jsp" default-target-url="/index.jsp" authentication-failure-url="/login.jsp?login_error=1" />
        <anonymous key="cookie_key" username="ananoymous" granted-authority="IS_AUTHENTICATED_ANONYMOUSLY"/>        
        <logout invalidate-session="true" />
        <!-- session并发控制
        <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
		-->				
		<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="false" /><!-- exception-if-maximum-exceeded="true" 第二次登入失效 -->
    </http>   
  
    <authentication-provider > 
             <password-encoder hash="md5"/><!-- 密码md5加密 -->    
	    <jdbc-user-service data-source-ref="f3CenterDS" 
	    		users-by-username-query="select name as 'username',password,'true' from users where name = ?"
	    		authorities-by-username-query="select name as 'username',authorities as 'authority' from authentication where name =?" 
	    		 />     
	
	</authentication-provider>
	
</beans:beans>



在代码中
authorities-by-username-query="select name as 'username',authorities as 'authority' from authentication where name =?" 
,如果数据库里分配多个权限给用户的话,用户登入系统就不能正常使用(不能访问),倘若只分配一个权限则可以正常访问,还请指教一二!!!

你可能感兴趣的:(spring,xml,Security)