<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://repo.alibaba-inc.com/schema/roma/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://repo.alibaba-inc.com/schema/roma/security http://repo.alibaba-inc.com/schema/roma/roma-security-2.0.xsd"> <http entry-point-ref="casAuthenticationFilterEntryPoint" access-denied-page="/permission_denied.htm" access-decision-manager-ref="accessDecisionManager"> <intercept-url pattern="/common/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/admin/**" access="ROLE_ADMIN" /> <intercept-url pattern="/**" access="ROLE_USER" /> <intercept-url pattern="/login.htm" filters="none"/> <anonymous granted-authority="IS_AUTHENTICATED_ANONYMOUSLY" username="anonymous" /> <security-context-repository ref="mySecurityContextRepository" /> <httponly-cookie default-httponly="true" not-httponly-cookies="departmentTree"/> </http> <beans:bean id="accessDecisionManager" </span>class="org.springframework.security.vote.AffirmativeBased"> </span><beans:property name="allowIfAllAbstainDecisions" </span>value="false" /> </span><beans:property name="decisionVoters"> </span><beans:list> </span><beans:bean class="org.springframework.security.vote.RoleVoter" /> </span><beans:bean class="org.springframework.security.vote.AuthenticatedVoter" /> </span></beans:list> </span></beans:property> </span></beans:bean> <beans:bean name="mySecurityContextRepository" </span>class="my.MyBasedSecurityContextRepository"> </span></beans:bean> </beans:beans>
accessDecisionManager作为主入口,进行全新判断。其下有若干Voter,一起投票进行表决
securityContextRepository做用户权限信息的主要类,通过实现接口SecurityContextRepository.loadContext返回SecurityContext, 通过SecurityContext.getAuthentication().getAuthorities(),得到GrantedAuthority[]数组,表示用户拥有的权限列表。从而到decisionManager中进行权限投票。