Spring Security3 摘要笔记

<http use-expressions="true">  
<!-- 非匿名用户就允许访问 -->  
<intercept-url pattern="/index.jsp" access="isAuthenticated()"/>  


<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=true"  always-use-default-target="true" default-target-url="/index.jsp" />  
<logout logout-success-url="/login.jsp"/>  

<!-- 没有权限访问的页面 -->  
<access-denied-handler error-page="/403.jsp"/>  
<session-management></session-management>  
<remember-me/>  
<custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR"/>  
</http>  

AntPathRequestMatcher（** 匹配0或者更多的目录，如/aa/** 可以配 /aa /aa/bb …）

// 加载地址资源与角色关系
private void loadResourceDefine() {
	resourceMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
	Map<String, String> resource = getResource();
	for (Map.Entry<String, String> entry : resource.entrySet()) {
		Collection<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();
		configAttributes.add(new SecurityConfig(entry.getValue()));
		resourceMap.put(new AntPathRequestMatcher(entry.getKey()), configAttributes);
	}
}

// 返回所请求资源所需要的权限
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
	HttpServletRequest request = ((FilterInvocation) object).getRequest();
	if (null == resourceMap) {
		System.out.println("请求地址 " + ((FilterInvocation) object).getRequestUrl());
		loadResourceDefine();
		System.out.println("我需要的认证：" + resourceMap.toString());
	}
	for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : resourceMap.entrySet()) {
	    // 通过matches方法进行资源匹配
		if (entry.getKey().matches(request)) {
			return entry.getValue();
		}
	}
	return null;
}

参考地址：
https://www.cnblogs.com/fan-yuan/p/6249064.html