<http use-expressions="true">
<!-- 非匿名用户就允许访问 -->
<intercept-url pattern="/index.jsp" access="isAuthenticated()"/>
<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=true" always-use-default-target="true" default-target-url="/index.jsp" />
<logout logout-success-url="/login.jsp"/>
<!-- 没有权限访问的页面 -->
<access-denied-handler error-page="/403.jsp"/>
<session-management></session-management>
<remember-me/>
<custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
</http>
AntPathRequestMatcher(** 匹配0或者更多的目录,如/aa/** 可以配 /aa /aa/bb …)
// 加载地址资源与角色关系
private void loadResourceDefine() {
resourceMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
Map<String, String> resource = getResource();
for (Map.Entry<String, String> entry : resource.entrySet()) {
Collection<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();
configAttributes.add(new SecurityConfig(entry.getValue()));
resourceMap.put(new AntPathRequestMatcher(entry.getKey()), configAttributes);
}
}
// 返回所请求资源所需要的权限
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
HttpServletRequest request = ((FilterInvocation) object).getRequest();
if (null == resourceMap) {
System.out.println("请求地址 " + ((FilterInvocation) object).getRequestUrl());
loadResourceDefine();
System.out.println("我需要的认证:" + resourceMap.toString());
}
for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : resourceMap.entrySet()) {
// 通过matches方法进行资源匹配
if (entry.getKey().matches(request)) {
return entry.getValue();
}
}
return null;
}