Java 如何在一个web应用程序中添加两个登录?
我正在与开发一个web应用程序。它应该能够被任何用户和管理员访问。用户登录已经通过Spring安全性实现 websecurity.xmlJava 如何在一个web应用程序中添加两个登录?,java,spring,spring-security,Java,Spring,Spring Security,我正在与开发一个web应用程序。它应该能够被任何用户和管理员访问。用户登录已经通过Spring安全性实现 websecurity.xml <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- Enables Spring Security debugging infrastructure, and should only be
used in a DEVELOPMENT environment -->
<!-- <debug /> -->
<http pattern="/static/**" security="none" />
<http use-expressions="true" >
<!-- Setting user permissions here -->
<intercept-url pattern="/login*" access="permitAll" />
<!--Setting user permissions here -->
<!--End Setting user permissions here -->
<form-login login-page="/timeres_login"
authentication-failure-url="/timeres_login?login_error=1"
default-target-url="/userlogin" />
<logout logout-url="/logout"
logout-success-url="/home"
delete-cookies="JSESSIONID" invalidate-session="true" />
<access-denied-handler error-page="/accessDenied" />
<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<session-management invalid-session-url="/home?error=sessionExpired"
session-authentication-strategy-ref="sas"
session-authentication-error-url="/timeres_login?error=alreadyLogin">
</session-management>
</http>
<beans:bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/session-expired" />
</beans:bean>
<beans:bean id="sas"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<beans:bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<authentication-manager>
<authentication-provider ref="daoAuthenticationProvider" />
</authentication-manager>
<beans:bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService" />
<!-- <beans:property name="passwordEncoder" ref="passwordEncoder" /> -->
</beans:bean>
<beans:bean id="userDetailsService"
class="com.timeres.security.AuthenticationUserDetailService">
</beans:bean>
<!-- <beans:bean id="passwordEncoder" -->
<!-- class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"> -->
<!-- <beans:constructor-arg index="0" value="256" /> -->
<!-- </beans:bean> -->
</beans:beans>
(我应该在哪里更改,应该实现哪些类?登录后->如果用户==管理员->转到管理员页面,如果用户==正常用户-->转到主页-->否则转到错误页面当这样做时,管理员和用户都使用同一页面登录,不是吗?不一定。您可以有两个页面指向同一个业务逻辑,然后我想向xml文件中添加另一个页面。但是它不起作用。为什么您不能为两个用户提供相同的登录页面?这只是一个登录页面。详细信息/安全页面应仅在登录后出现。如果您无法检测到具有用户id的用户角色,那么还可以提供一个下拉列表,以及用户id/密码,以便用户指定admin或normal user