Security的配置文件中有一个<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">Spring知道filterSecurityInterceptor的objectDefinitionSource属性的类型为FilterInvocationDefinitionSource,查找该类型的编辑器FilterInvocationDefinitionSourceEditor
我看了一下FilterInvocationDefinitionSourceEditor的源代码.其中只有一个方法public void setAsText(String s) throws IllegalArgumentException
这个参数S便是<property name="objectDefinitionSource">中<value>的值.其中 BufferedReader br = new BufferedReader(new StringReader(s));
String line;
line = br.readLine();
他把配置的value逐行的读出来.然后把地址和权限逐个截取set到相应的类中
一下是我的配置文件
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/clickstreams.jsp*=admin
/flushCache.*=admin,teacher
/passwordHint.html*=ROLE_ANONYMOUS,admin,teacher,student
/reload.*=admin,teacher
/signup.html*=ROLE_ANONYMOUS,admin,teacher,student
/users.html*=admin,dataManager
/**/*.html*=admin,teacher,student,dataManager,counsellor,leader,superleader
/semesters.html*=admin,dataManager
/departments.html*=admin,dataManager
/majors.html*=admin,dataManager
/grades.html*=admin,dataManager
/classTables.html*=admin,dataManager
/students.html*=admin,dataManager
/teachers.html*=admin,dataManager
/academicYears.html*=admin,dataManager
/courses.html*=admin,dataManager
/courseSelects.html*=admin,dataManager
/classCourses.html*=admin,dataManager
/courseTransfers.html*=admin,dataManager
/importData.html*=admin,dataManager
/PYPStudentTimes.html*=admin,superleader
/PYPStudengtWeek.html*=admin,superleader
/PYPStudentMonth.html*=admin,superleader
/PYPStudentTerm.html*=admin,superleader
/PYPClassTimes.html*=admin,superleader
//PYPClassWeek.html*=admin,superleader
/PYPClassMonth.html*=admin,superleader
/PYPClassTerm.html*=admin,superleader
/PYPGradeTimes.html*=admin,superleader
/PYPGradeWeek.html*=admin,superleader
/PYPGradeMonth.html*=admin,superleader
/PYPGradeTerm.html*=admin,superleader
/PYPDepartmentTimes.html*=admin,superleader
/PYPDepartmentWeek.html*=admin,superleader
/PYPDepartmentMonth.html*=admin,superleader
/PYPDepartmentTerm.html*=admin,superleader
/fastPYPStudentToday.html*=admin,superleader
/fastPYPStudentWeek.html*=admin,superleader
/fastPYPStudentMonth.html*=admin,superleader
/fastPYPStudentTerm.html*=admin,superleader
/leaderTimes.html*=leader,counsellor
/leaderWeek.html*=leader,counsellor
/leaderMonth.html*=leader,counsellor
/leaderTerm.html*=leader,counsellor
/fastLeaderToday.html*=leader,counsellor
/fastLeaderWeek.html*=leader,counsellor
/fastLeaderMonth.html*=leader,counsellor
/fastLeaderTerm.html*=leader,counsellor
/teacherTerm.html*=teacher
/teacherMonth.html*=teacher
/teacherWeek.html*=teacher
/teacherTimes.html*=teacher
/fastTeacherTerm.html*=teacher
/fastTeacherMonth.html*=teacher
/fastTeacherWeek.html*=teacher
/fastTeacherToday.html*=teacher
/studentTerm.html*=student
/studentMonth.html*=student
/studentWeek.html*=student
/studentTimes.html*=student
/fastStudentTerm.html*=student
/fastStudentMonth.html*=student
/fastStudentWeek.html*=student
/fastStudentToday.html*=student
/userCourse.html*=teacher,student
</value>
</property>不知道为什么现在只能截取到第7行为止.如果没有具有相应权限的角色都可以任意进入第7行一下的任何一个地址
我看了一下FilterInvocationDefinitionSourceEditor的源代码.其中只有一个方法public void setAsText(String s) throws IllegalArgumentException
这个参数S便是<property name="objectDefinitionSource">中<value>的值.其中 BufferedReader br = new BufferedReader(new StringReader(s));
String line;
line = br.readLine();
他把配置的value逐行的读出来.然后把地址和权限逐个截取set到相应的类中
一下是我的配置文件
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
/clickstreams.jsp*=admin
/flushCache.*=admin,teacher
/passwordHint.html*=ROLE_ANONYMOUS,admin,teacher,student
/reload.*=admin,teacher
/signup.html*=ROLE_ANONYMOUS,admin,teacher,student
/users.html*=admin,dataManager
/**/*.html*=admin,teacher,student,dataManager,counsellor,leader,superleader
/semesters.html*=admin,dataManager
/departments.html*=admin,dataManager
/majors.html*=admin,dataManager
/grades.html*=admin,dataManager
/classTables.html*=admin,dataManager
/students.html*=admin,dataManager
/teachers.html*=admin,dataManager
/academicYears.html*=admin,dataManager
/courses.html*=admin,dataManager
/courseSelects.html*=admin,dataManager
/classCourses.html*=admin,dataManager
/courseTransfers.html*=admin,dataManager
/importData.html*=admin,dataManager
/PYPStudentTimes.html*=admin,superleader
/PYPStudengtWeek.html*=admin,superleader
/PYPStudentMonth.html*=admin,superleader
/PYPStudentTerm.html*=admin,superleader
/PYPClassTimes.html*=admin,superleader
//PYPClassWeek.html*=admin,superleader
/PYPClassMonth.html*=admin,superleader
/PYPClassTerm.html*=admin,superleader
/PYPGradeTimes.html*=admin,superleader
/PYPGradeWeek.html*=admin,superleader
/PYPGradeMonth.html*=admin,superleader
/PYPGradeTerm.html*=admin,superleader
/PYPDepartmentTimes.html*=admin,superleader
/PYPDepartmentWeek.html*=admin,superleader
/PYPDepartmentMonth.html*=admin,superleader
/PYPDepartmentTerm.html*=admin,superleader
/fastPYPStudentToday.html*=admin,superleader
/fastPYPStudentWeek.html*=admin,superleader
/fastPYPStudentMonth.html*=admin,superleader
/fastPYPStudentTerm.html*=admin,superleader
/leaderTimes.html*=leader,counsellor
/leaderWeek.html*=leader,counsellor
/leaderMonth.html*=leader,counsellor
/leaderTerm.html*=leader,counsellor
/fastLeaderToday.html*=leader,counsellor
/fastLeaderWeek.html*=leader,counsellor
/fastLeaderMonth.html*=leader,counsellor
/fastLeaderTerm.html*=leader,counsellor
/teacherTerm.html*=teacher
/teacherMonth.html*=teacher
/teacherWeek.html*=teacher
/teacherTimes.html*=teacher
/fastTeacherTerm.html*=teacher
/fastTeacherMonth.html*=teacher
/fastTeacherWeek.html*=teacher
/fastTeacherToday.html*=teacher
/studentTerm.html*=student
/studentMonth.html*=student
/studentWeek.html*=student
/studentTimes.html*=student
/fastStudentTerm.html*=student
/fastStudentMonth.html*=student
/fastStudentWeek.html*=student
/fastStudentToday.html*=student
/userCourse.html*=teacher,student
</value>
</property>不知道为什么现在只能截取到第7行为止.如果没有具有相应权限的角色都可以任意进入第7行一下的任何一个地址
好向在acgcei 使用的这个要放在最后/**/*.html* 因为这个是把所有的Html页面权限定义好在这里,就会截至以后的定义,你再好好看他的api,2.0的配置不用这么 麻烦吧