Spring Security使用数据库管理资源整理

转载  http://alimama.iteye.com/blog/616854

1.网上常见的重写FilterInvocationDefinitionSource的做法
http://www.family168.com/oa/springsecurity/html/ch005-resource-db.html#d0e585
具体方法参照这里
http://www.iteye.com/topic/319965

此种方法存在一个问题：系统会在初始化时一次将所有资源加载到内存中，即使在数据库中修改了资源信息，系统也不会再次去从数据库中读取资源信息。这就造成了每次修改完数据库后，都需要重启系统才能时资源配置生效。
解决方案：如果数据库中的资源出现的变化，需要刷新内存中已加载的资源信息

2.SpringSide3新写了一个 FactoryBean，向默认的DefaultFilterInvocationDefinitionSource注入从 ResourceDetailService中返回的RequestMap.

springside中applicationContext-security.xml代码如下

Applicationcontext-security.xml代码  

1. <?xml version="1.0" encoding="UTF-8"?>   
2. <beans xmlns="http://www.springframework.org/schema/beans" xmlns:s="http://www.springframework.org/schema/security"  
3.     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
4.     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd   
5.                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd"   
6.     default-autowire="byType" default-lazy-init="true">   
7.   
8.     <description>SpringSecurity安全配置</description>   
9.   
10.     <!-- http安全配置 -->   
11.     <s:http auto-config="true" access-decision-manager-ref="accessDecisionManager">   
12.         <s:form-login login-page="/login.action" default-target-url="/"  
13.             authentication-failure-url="/login.action?error=true" />   
14.         <s:logout logout-success-url="/" />   
15.         <s:remember-me key="e37f4b31-0c45-11dd-bd0b-0800200c9a66" />   
16.     </s:http>   
17.   
18.     <!-- 认证配置 -->   
19.     <s:authentication-provider user-service-ref="userDetailsService">   
20.         <!-- 可设置hash使用sha1或md5散列密码后再存入数据库 -->   
21.         <s:password-encoder hash="plaintext" />   
22.     </s:authentication-provider>   
23.   
24.     <!-- 项目实现的用户查询服务 -->   
25.     <bean id="userDetailsService" class="org.springside.examples.miniweb.service.security.UserDetailsServiceImpl" />   
26.   
27.     <!-- 重新定义的FilterSecurityInterceptor,使用databaseDefinitionSource提供的url-授权关系定义 -->   
28.     <bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">   
29.         <s:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />   
30.         <property name="accessDecisionManager" ref="accessDecisionManager" />   
31.         <property name="objectDefinitionSource" ref="databaseDefinitionSource" />   
32.     </bean>   
33.   
34.     <!-- DefinitionSource工厂,使用resourceDetailsService提供的URL-授权关系. -->   
35.     <bean id="databaseDefinitionSource" class="org.springside.modules.security.springsecurity.DefinitionSourceFactoryBean">   
36.         <property name="resourceDetailsService" ref="resourceDetailsService" />   
37.     </bean>   
38.        
39.     <!-- 项目实现的URL-授权查询服务 -->   
40.     <bean id="resourceDetailsService" class="org.springside.examples.miniweb.service.security.ResourceDetailsServiceImpl" />   
41.   
42.     <!-- 授权判断配置, 将授权名称的默认前缀由ROLE_改为A_. -->   
43.     <bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">   
44.         <property name="decisionVoters">   
45.             <list>   
46.                 <bean class="org.springframework.security.vote.RoleVoter">   
47.                     <property name="rolePrefix" value="A_" />   
48.                 </bean>   
49.                 <bean class="org.springframework.security.vote.AuthenticatedVoter" />   
50.             </list>   
51.         </property>   
52.     </bean>   
53. </beans>  

<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:s="http://www.springframework.org/schema/security" 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd" 	default-autowire="byType" default-lazy-init="true">  	<description>SpringSecurity安全配置</description>  	<!-- http安全配置 --> 	<s:http auto-config="true" access-decision-manager-ref="accessDecisionManager"> 		<s:form-login login-page="/login.action" default-target-url="/" 			authentication-failure-url="/login.action?error=true" /> 		<s:logout logout-success-url="/" /> 		<s:remember-me key="e37f4b31-0c45-11dd-bd0b-0800200c9a66" /> 	</s:http>  	<!-- 认证配置 --> 	<s:authentication-provider user-service-ref="userDetailsService"> 		<!-- 可设置hash使用sha1或md5散列密码后再存入数据库 --> 		<s:password-encoder hash="plaintext" /> 	</s:authentication-provider>  	<!-- 项目实现的用户查询服务 --> 	<bean id="userDetailsService" class="org.springside.examples.miniweb.service.security.UserDetailsServiceImpl" />  	<!-- 重新定义的FilterSecurityInterceptor,使用databaseDefinitionSource提供的url-授权关系定义 --> 	<bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor"> 		<s:custom-filter before="FILTER_SECURITY_INTERCEPTOR" /> 		<property name="accessDecisionManager" ref="accessDecisionManager" /> 		<property name="objectDefinitionSource" ref="databaseDefinitionSource" /> 	</bean>  	<!-- DefinitionSource工厂,使用resourceDetailsService提供的URL-授权关系. --> 	<bean id="databaseDefinitionSource" class="org.springside.modules.security.springsecurity.DefinitionSourceFactoryBean"> 		<property name="resourceDetailsService" ref="resourceDetailsService" /> 	</bean> 	 	<!-- 项目实现的URL-授权查询服务 --> 	<bean id="resourceDetailsService" class="org.springside.examples.miniweb.service.security.ResourceDetailsServiceImpl" />  	<!-- 授权判断配置, 将授权名称的默认前缀由ROLE_改为A_. --> 	<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased"> 		<property name="decisionVoters"> 			<list> 				<bean class="org.springframework.security.vote.RoleVoter"> 					<property name="rolePrefix" value="A_" /> 				</bean> 				<bean class="org.springframework.security.vote.AuthenticatedVoter" /> 			</list> 		</property> 	</bean> </beans> 

springside具体代码参照这里
http://www.springside.org.cn/