一、实现FilterInvocationSecurityMetadataSource
读资源对应的权限,先进行一下筛选
//元数据,根据请求的资源到资源表去找合适的角色
@Service
public class WgcSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
@Autowired
private ResourceService resourceService;
@Override
public Collection<ConfigAttribute> getAttributes(Object request) throws IllegalArgumentException {
FilterInvocation req = (FilterInvocation) request;
String requestUrl = req.getRequestUrl();
if ("/login".equals(requestUrl)) {
System.out.println("登陆无需角色判断");
//登陆无需角色判断
return null;
}
AntPathMatcher pathMatcher = new AntPathMatcher(); //URL 匹配
List<Resource> allResource = resourceService.getAllResouces(); //读取所有资源是为了做模糊匹配
//假设 /user/add ===> list[]就有两个角色
for (Resource resource : allResou