转载 http://alimama.iteye.com/blog/616854
1.网上常见的重写FilterInvocationDefinitionSource的做法
http://www.family168.com/oa/springsecurity/html/ch005-resource-db.html#d0e585
具体方法参照这里
http://www.iteye.com/topic/319965
此种方法存在一个问题:系统会在初始化时一次将所有资源加载到内存中,即使在数据库中修改了资源信息,系统也不会再次去从数据库中读取资源信息。这就造成了每次修改完数据库后,都需要重启系统才能时资源配置生效。
解决方案:如果数据库中的资源出现的变化,需要刷新内存中已加载的资源信息
2.SpringSide3新写了一个 FactoryBean,向默认的DefaultFilterInvocationDefinitionSource注入从 ResourceDetailService中返回的RequestMap.
springside中applicationContext-security.xml代码如下
Applicationcontext-security.xml代码 
- <?xml version="1.0" encoding="UTF-8"?>
- <beans xmlns="http://www.springframework.org/schema/beans" xmlns:s="http://www.springframework.org/schema/security"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd"
- default-autowire="byType" default-lazy-init="true">
- <description>SpringSecurity安全配置</description>
- <!-- http安全配置 -->
- <s:http auto-config="true" access-decision-manager-ref="accessDecisionManager">
- <s:form-login login-page="/login.action" default-target-url="/"
- authentication-failure-url="/login.action?error=true" />
- <s:logout logout-success-url="/" />
- <s:remember-me key="e37f4b31-0c45-11dd-bd0b-0800200c9a66" />
- </s:http>
- <!-- 认证配置 -->
- <s:authentication-provider user-service-ref="userDetailsService">
- <!-- 可设置hash使用sha1或md5散列密码后再存入数据库 -->
- <s:password-encoder hash="plaintext" />
- </s:authentication-provider>
- <!-- 项目实现的用户查询服务 -->
- <bean id="userDetailsService" class="org.springside.examples.miniweb.service.security.UserDetailsServiceImpl" />
- <!-- 重新定义的FilterSecurityInterceptor,使用databaseDefinitionSource提供的url-授权关系定义 -->
- <bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
- <s:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
- <property name="accessDecisionManager" ref="accessDecisionManager" />
- <property name="objectDefinitionSource" ref="databaseDefinitionSource" />
- </bean>
- <!-- DefinitionSource工厂,使用resourceDetailsService提供的URL-授权关系. -->
- <bean id="databaseDefinitionSource" class="org.springside.modules.security.springsecurity.DefinitionSourceFactoryBean">
- <property name="resourceDetailsService" ref="resourceDetailsService" />
- </bean>
- <!-- 项目实现的URL-授权查询服务 -->
- <bean id="resourceDetailsService" class="org.springside.examples.miniweb.service.security.ResourceDetailsServiceImpl" />
- <!-- 授权判断配置, 将授权名称的默认前缀由ROLE_改为A_. -->
- <bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
- <property name="decisionVoters">
- <list>
- <bean class="org.springframework.security.vote.RoleVoter">
- <property name="rolePrefix" value="A_" />
- </bean>
- <bean class="org.springframework.security.vote.AuthenticatedVoter" />
- </list>
- </property>
- </bean>
- </beans>
springside具体代码参照这里
http://www.springside.org.cn/
