<sec:authentication-manager>
<sec:authentication-provider>
<!-- users-by-username-query:通过用户名称获取用户名,密码,是否被启用 -->
<!-- authorities-by-username-query:通过用户名称获取用户名(username),角色名(authority) -->
<sec:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,enabled
from users where username=?"
authorities-by-username-query="select u.username,
r.name as authority
from users u
join user_role ur on u.userid=ur.userid
join roles r on r.roleid=ur.roleid
where u.username=?"/>
<!-- 即可以通过配置文件指定用户,也可以用jdbc连接数据库取得用户,密码,角色
<sec:user-service>
<sec:user name="accp" password="accp" authorities="ROLE_USER"/>
<sec:user name="admin" password="admin" authorities="ROLE_ADMIN"/>
</sec:user-service>
-->