我正在使用spring进行Web应用程序。它应该能够被任何用户和管理员访问。用户登录已经使用spring-security实现。
网络-security.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- Enables Spring Security debugging infrastructure, and should only be
used in a DEVELOPMENT environment -->
<!-- <debug /> -->
<http pattern="/static/**" security="none" />
<http use-expressions="true" >
<!-- Setting user permissions here -->
<intercept-url pattern="/login*" access="permitAll" />
<!--Setting user permissions here -->
<!--End Setting user permissions here -->
<form-login login-page="/timeres_login"
authentication-failure-url="/timeres_login?login_error=1"
default-target-url="/userlogin" />
<logout logout-url="/logout"
logout-success-url="/home"
delete-cookies="JSESSIONID" invalidate-session="true" />
<access-denied-handler error-page="/accessDenied" />
<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<session-management invalid-session-url="/home?error=sessionExpired"
session-authentication-strategy-ref="sas"
session-authentication-error-url="/timeres_login?error=alreadyLogin">
</session-management>
</http>
<beans:bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/session-expired" />
</beans:bean>
<beans:bean id="sas"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<beans:bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<authentication-manager>
<authentication-provider ref="daoAuthenticationProvider" />
</authentication-manager>
<beans:bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService" />
<!-- <beans:property name="passwordEncoder" ref="passwordEncoder" /> -->
</beans:bean>
<beans:bean id="userDetailsService"
class="com.timeres.security.AuthenticationUserDetailService">
</beans:bean>
<!-- <beans:bean id="passwordEncoder" -->
<!-- class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"> -->
<!-- <beans:constructor-arg index="0" value="256" /> -->
<!-- </beans:bean> -->
</beans:beans>
现在我想添加管理员登录部分。
首先,我想知道它是否能够在一个Web应用程序中添加两个不同的登录。 如果它能够做到,怎么样? (我应该在哪里更改,我应该实现哪些类)