配置Spring Security实现用户-角色-权限-资源四层管理,从3.0版本,升级到3.2.4版本时需要注意如下:
1、配置文件修改,样式改为http://www.springframework.org/schema/security/spring-security-3.2.xsd
2、代码修改,在3.2.4版本中没有UrlMatcher和AntUrlPathMatcher,自定义类LssrcFilterInvocationSecurityMetadataSourceImpl需要使用RequestMatcher和AntPathRequestMatcher作为替代。
3.0版
org.springframework.security.web.util.AntUrlPathMatcher;
org.springframework.security.web.util.UrlMatcher;
private UrlMatcher urlMatcher = new AntUrlPathMatcher();
String url = ((FilterInvocation) object).getRequestUrl();
int firstQuestionMarkIndex = url.indexOf("?");
if (firstQuestionMarkIndex != -1) {
url = url.substring(0, firstQuestionMarkIndex);
}
Iterator<String> ite = resourceMap.keySet().iterator();
while (ite.hasNext()) {
String resURL = ite.next();
if (urlMatcher.pathMatchesUrl(url, resURL)) {
return resourceMap.get(resURL);
}
}
3.2版
org.springframework.security.web.util.matcher.RequestMatcher;
org.springframework.security.web.util.matcher.AntPathRequestMatcher;
FilterInvocation filterInvocation = (FilterInvocation) object;
Iterator<String> ite = resourceMap.keySet().iterator();
while (ite.hasNext()) {
String requestURL = ite.next();
RequestMatcher requestMatcher = new AntPathRequestMatcher(requestURL);
if(requestMatcher.matches(filterInvocation.getHttpRequest())) {
return resourceMap.get(requestURL);
}
}
return null;