spring security 3.0.X开始, org.springframework.security.web.access.intercept.FilterSecurityInterceptor中的ObjectDefinitionSource已被舍弃,继而由SecurityMetadataSource代替.
原来securiyt.xml中的配置如:
需转成:
原来securiyt.xml中的配置如:
<bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
<![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/myaccountsetting/*= ROLE_ADMIN
/portal/*= ROLE_ANYONE
]]>
</value>
</property>
<property name="observeOncePerRequest" value="false" />
<sec:custom-filter after="LAST" />
</bean>
需转成:
<beans:bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="accessDecisionManager" ref="accessDecisionManager"/>
<beans:property name="securityMetadataSource">
<filter-security-metadata-source>
<intercept-url pattern="/myaccount/*" access="ROLE_ADMIN" />
<intercept-url pattern="/portal/*" access="ROLE_ANYONE" />
</filter-security-metadata-source>
</beans:property>
<beans:property name="observeOncePerRequest" value="false" />
</beans:bean>