解决方法,我用的spirngsecurity jar包的版本是4.2.1,我原来springsecurity.xml里面的配置文件是这样写的:
<security:http auto-config="true">
<security:intercept-url pattern="/**" access="ROLE_USER"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="user" password="user"authorities="ROLE_USER"/>
<security:user name="root" password="root"authorities="ROLE_USER,ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
后来我改为下面这样就OK了,代码如下:
<security:http auto-config="true">
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="user" password="user"authorities="ROLE_USER"/>
<security:user name="root" password="root"authorities="ROLE_USER,ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>