第一个问题,Acegi提供标签来实现资源显示:<security:authorize ifAllGranted="ROLE_ADMIN">
ifAllGranted:must have all authorities<br/>
ifAnyGranted:at least have one authority<br/>
ifNotGranted:must have never of authorities<br/>
</security:authorize>
第二个问题:
拥有ROLE_ADMIN权限的url就是http://localhost/page.jsp?id=1
其它url权限是ROLE_USER可以用通配符*表达