求 Spring Security 2.0 连接数据库实例解决方案

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"><!-- 过滤器链配置，其中filterInvocationDefinitionSource属性为配置过滤器的种类与先后顺序，注意，顺序不能配置错误哦 -->    <bean id="filterChainProxy"         class="org.springframework.security.util.FilterChainProxy">        <property name="filterInvocationDefinitionSource">            <value><![CDATA[             CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON             PATTERN_TYPE_APACHE_ANT             /**=httpSessionIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor]]>            </value>        </property>    </bean>    <!-- 看看你是否已经登录了，如果登录了就略过下面的过滤器了，直接访问资源 -->    <bean id="httpSessionIntegrationFilter"         class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />    <!-- 安全验证入口 -->    <bean id="authenticationEntryPoint"         class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">        <property name="loginFormUrl" value="/index.jsp" /><!--默认登录页面-->        <property name="forceHttps" value="true" /><!--使登录页面通过 HTTPS安全地进行显示-->    </bean>    <!-- 身份验证过滤器，就是验证身份用的嘛 -->    <bean id="authenticationProcessingFilter"         class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">        <!-- 验证连接名称，对应表单的action -->        <property name="filterProcessesUrl"             value="/j_spring_security_check" />            <!-- 验证失败后去哪 -->        <property name="authenticationFailureUrl"             value="/index.jsp?error=1" />            <!-- 验证成功后去哪 -->        <property name="defaultTargetUrl"             value="/security/security.jsp" />        <!--依靠一个身份验证管理器来验证身份 其实这个才是干活的BEAN-->        <property name="authenticationManager"             ref="authenticationManager" />    </bean>    <!-- 用于处理登录失败异常和权限不足异常 -->    <bean id="exceptionTranslationFilter"         class="org.springframework.security.ui.ExceptionTranslationFilter">        <!--配置出现exception时跳转到登录页-->        <property name="authenticationEntryPoint"             ref="authenticationEntryPoint" />        <!--配置403(权限不足)错误后跳转的页面-->        <property name="accessDeniedHandler" ref="accessDeniedHandler" />    </bean>    <!-- 配置权限不足时跳转到的页面 -->    <bean id="accessDeniedHandler"         class="org.springframework.security.ui.AccessDeniedHandlerImpl">        <property name="errorPage" value="/error.jsp" />    </bean>    <!-- 安全拦截器，下面看看它是干嘛的 -->    <bean id="filterSecurityInterceptor"         class="org.springframework.security.intercept.web.FilterSecurityInterceptor">        <!-- 验证管理者 -->        <property name="authenticationManager"             ref="authenticationManager" />        <!-- 权限决定管理者，他手下的一帮人投票决定登录者是否有权访问该资源 -->        <property name="accessDecisionManager"             ref="accessDecisionManager" />        <!--受保护资源-->        <property name="objectDefinitionSource">            <!-- 下面表示/security/security.jsp需要ROLE_ADMIN权限才能访问 -->            <value><![CDATA[                 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON                 PATTERN_TYPE_APACHE_ANT                 /security/security.jsp=ROLE_ADMIN]]>            </value>        </property>    </bean>    <!-- 验证管理者，他管理DAO验证提供者来验证 -->    <bean id="authenticationManager"         class="org.springframework.security.providers.ProviderManager">        <property name="providers">            <list>                <!-- DAO验证提供者，SPRING SECURITY支持各种验证，这里可以添加相应配置 -->                <ref local="daoAuthenticationProvider" />            </list>        </property>    </bean>    <!--  -->    <bean id="accessDecisionManager"         class="org.springframework.security.vote.AffirmativeBased">        <!-- 如果所有投票者都弃权则不让访问 -->        <property name="allowIfAllAbstainDecisions">            <value>false</value>        </property>        <!-- 参加投票的BEAN -->        <property name="decisionVoters">            <list>                <bean class="org.springframework.security.vote.RoleVoter">                    <!-- 权限的前缀 -->                    <property name="rolePrefix" value="ROLE_" />                </bean>                <bean class="org.springframework.security.vote.AuthenticatedVoter" />            </list>        </property>    </bean>    <!-- DAO验证提供者依靠userDetailsService获得一个userDetails实例，进而验证权限 -->    <bean id="daoAuthenticationProvider"         class="org.springframework.security.providers.dao.DaoAuthenticationProvider">        <!-- jdbcDaoImpl实现了userDetailsService接口 -->        <property name="userDetailsService">            <ref local="jdbcDaoImpl" />        </property>    </bean>    <bean id="jdbcDaoImpl"         class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">        <!-- 根据用户名获得用户名、密码、用户是否启用等信息 -->        <property name="usersByUsernameQuery">            <value>                 select username,password,enabled from user where                 username=?            </value>        </property>        <!-- 通过用户名获取用户权限 -->        <property name="authoritiesByUsernameQuery">            <value>                 select username,authority from authentication where                 username=?            </value>        </property>        <!-- DataSource，不用我说了吧 -->        <property name="dataSource">            <ref local="dataSource" />        </property>    </bean>    <bean id="dataSource"         class="org.apache.commons.dbcp.BasicDataSource">        <property name="driverClassName"             value="org.gjt.mm.mysql.Driver">        </property>        <property name="url" value="jdbc:mysql://localhost:3306/user">        </property>        <property name="username" value="root"></property>        <property name="password" value="hicc"></property>    </bean></beans>