ObjectDefinitionSource转SecurityMetadataSource
转 http://chembo.iteye.com/blog/976617
spring security 3.0.X开始, org.springframework.security.web.access.intercept.FilterSecurityInterceptor中的ObjectDefinitionSource已被舍弃,继而由SecurityMetadataSource代替.
原来securiyt.xml中的配置如:
- <bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
- <property name="authenticationManager" ref="authenticationManager"/>
- <property name="accessDecisionManager" ref="accessDecisionManager"/>
- <property name="objectDefinitionSource">
- <value>
- <![CDATA[
- CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
- PATTERN_TYPE_APACHE_ANT
- /myaccountsetting/*= ROLE_ADMIN
- /portal/*= ROLE_ANYONE
- ]]>
- </value>
- </property>
- <property name="observeOncePerRequest" value="false" />
- <sec:custom-filter after="LAST" />
- </bean>
需转成:
- <beans:bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
- <beans:property name="authenticationManager" ref="authenticationManager"/>
- <beans:property name="accessDecisionManager" ref="accessDecisionManager"/>
- <beans:property name="securityMetadataSource">
- <filter-security-metadata-source>
- <intercept-url pattern="/myaccount/*" access="ROLE_ADMIN" />
- <intercept-url pattern="/portal/*" access="ROLE_ANYONE" />
- </filter-security-metadata-source>
- </beans:property>
- <beans:property name="observeOncePerRequest" value="false" />
- </beans:bean>