实现了角色和资源从数据库中加载

src/main/java/com/ctrip/fun/admin/service/system/AdminResourcesService.java

+/**
+ * Copyright 2014 CTRIP Co.,Ltd. All rights reserved.
+ * DTM PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
+ */
+package com.ctrip.fun.admin.service.system;
+import java.util.HashMap;
+import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.core.ParameterizedTypeReference;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpMethod;
+import com.ctrip.fun.admin.service.BaseService;
+import com.ctrip.fun.common.vo.PagedResponseBean;
+import com.ctrip.fun.common.vo.Request;
+import com.ctrip.fun.common.vo.Response;
+import com.ctrip.fun.common.vo.ResponseStatusEnum;
+import com.ctrip.fun.common.vo.adminUser.AdminResourcesBean;
+import com.ctrip.fun.common.vo.adminUser.AdminResourcesQuery;
+
+
+/**
+ * @author gswang
+ * @version 2014年8月25日
+ */
+public class AdminResourcesService extends BaseService {
+
+    private final static Logger logger = LoggerFactory.getLogger(AdminResourcesService.class);
+
+
+    /*
+     * 资源查询
+     */
+    public PagedResponseBean<AdminResourcesBean> list(String userId, AdminResourcesQuery query) {
+        String uri = super.getServiceUri("uri.adminResources.list");
+        PagedResponseBean<AdminResourcesBean> pageResponseBean = null;
+
+        Request<AdminResourcesQuery> request = new Request<AdminResourcesQuery>();
+        request.setUserId(userId);
+        request.setBody(query);
+        HttpEntity<Request<AdminResourcesQuery>> httpEntity = new HttpEntity<Request<AdminResourcesQuery>>(
+                request);
+        Response<PagedResponseBean<AdminResourcesBean>> response = super.exchange(uri, HttpMethod.POST,
+                httpEntity,
+                new ParameterizedTypeReference<Response<PagedResponseBean<AdminResourcesBean>>>() {
+                }).getBody();
+        if (response.getStatus() == ResponseStatusEnum.SUCCESS.getValue()) {
+            pageResponseBean = response.getBody();
+        } else {
+            Map<String, String> tags = new HashMap<String, String>();
+            tags.put("userId", userId);
+            tags.put("query", query.toString());
+            logger.error(
+                    "用户list异常",
+                    String.format("status: %d, msg: %s", response.getStatus(),
+                            response.getMessage()), tags);
+        }
+        return pageResponseBean;
+    }
+}

src/main/java/com/ctrip/fun/admin/service/system/MyInvocationSecurityMetadataSource.java

@@ -3,41 +3,49 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Iterator;
+import java.util.List;
 import java.util.Map;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
+
 import com.ctrip.fun.admin.service.system.AntUrlPathMatcher;
 import com.ctrip.fun.admin.service.system.UrlMatcher;
+import com.ctrip.fun.common.vo.adminUser.AdminResourcesBean;
+import com.ctrip.fun.common.vo.adminUser.AdminResourcesQuery;
  
 public class MyInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource { 
 	private UrlMatcher urlMatcher = new AntUrlPathMatcher(); 
 	private static Map<String, Collection<ConfigAttribute>> resourceMap = null;
 	
+	private AdminResourcesService adminResourcesService; 
+	
 	//tomcat启动时实例化一次
 	public MyInvocationSecurityMetadataSource() {
-		loadResourceDefine();  
-		}   
+		
+	}   
 	//tomcat开启时加载一次，加载所有url和权限（或角色）的对应关系
 	private void loadResourceDefine() {
-		resourceMap = new HashMap<String, Collection<ConfigAttribute>>(); 
-		Collection<ConfigAttribute> atts = new ArrayList<ConfigAttribute>(); 
-		ConfigAttribute ca = new SecurityConfig("ROLE_USER");
-		atts.add(ca); 
-		ConfigAttribute ca1 = new SecurityConfig("ROLE_AAAA");
-		atts.add(ca1); 
-		ConfigAttribute ca2 = new SecurityConfig("ROLE_BBBB");
-		atts.add(ca2); 
-		resourceMap.put("/index.jsp", atts);  
-		Collection<ConfigAttribute> attsno =new ArrayList<ConfigAttribute>();
-		ConfigAttribute cano = new SecurityConfig("ROLE_NO");
-		attsno.add(cano);
-		resourceMap.put("/order/**", attsno);   
-		}  
-	
+		if (resourceMap == null) {
+			resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
+			List<AdminResourcesBean> resources = new ArrayList<AdminResourcesBean>();
+			AdminResourcesQuery query = new AdminResourcesQuery();
+			query.setPagerOffset(0);
+			query.setPagerPerPage(Integer.MAX_VALUE);
+			query.setSortField("id");	
+			resources = (List<AdminResourcesBean>)adminResourcesService.list("", query).getResult();
+			for (AdminResourcesBean resource : resources) {
+				Collection<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();
+				ConfigAttribute configAttribute = new SecurityConfig("ROLE_" + resource.getResKey());
+				configAttributes.add(configAttribute);
+				resourceMap.put(resource.getResUrl(), configAttributes);
+			}
+		}
+	}  
 	//参数是要访问的url，返回这个url对于的所有权限（或角色）
 	public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException { 
+		this.loadResourceDefine();
 		// 将参数转为url    
 		String url = ((FilterInvocation)object).getRequestUrl();   
 		Iterator<String>ite = resourceMap.keySet().iterator(); 
@@ -55,4 +63,13 @@ public class MyInvocationSecurityMetadataSource implements FilterInvocationSecur
 	public Collection<ConfigAttribute> getAllConfigAttributes() { 
 		return null;  
 		}
+	
+	
+	public AdminResourcesService getAdminResourcesService() {
+		return adminResourcesService;
 	}
+	public void setAdminResourcesService(AdminResourcesService adminResourcesService) {
+		this.adminResourcesService = adminResourcesService;
+	}
+	
+}

src/main/java/com/ctrip/fun/admin/service/system/UserDetailsService.java

@@ -65,7 +65,7 @@ public final class UserDetailsService extends BaseService implements org.springf
 				if (adminUserBean.getAuthoritys() != null) {
 					Set<GrantedAuthority> dbAuthsSet = new HashSet<GrantedAuthority>();
 					for (String authority : adminUserBean.getAuthoritys()) {
-						SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(authority);
+						SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority("ROLE_"+authority);
 						dbAuthsSet.add(simpleGrantedAuthority);
 					}
 					dbAuths = new ArrayList<GrantedAuthority>(dbAuthsSet);

src/main/resources/config/spring-security.xml

@@ -36,28 +36,31 @@
 	</b:bean>
 	<!--验证配置，认证管理器，实现用户认证的入口，主要实现UserDetailsService接口即可 -->
 	<authentication-manager alias="authenticationManager">
-		<authentication-provider user-service-ref="myUserDetailService">
-			<!--如果用户的密码采用加密的话 <password-encoder hash="md5" /> -->
-		</authentication-provider>
+		<authentication-provider ref="authenticationProvider" />
 	</authentication-manager>
+	
+	
+	<b:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
+		<b:property name="passwordEncoder" ref="passwordEncoder" />
+		<b:property name="userDetailsService" ref="myUserDetailService"></b:property>
+	</b:bean>
+	<b:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
+	
 	<!--在这个类中，你就可以从数据库中读入用户的密码，角色信息，是否锁定，账号是否过期等 -->
-	<b:bean id="myUserDetailService" class="com.ctrip.fun.admin.service.system.MyUserDetailService" />
+	<!-- 通过rest访问远程服务得到用户信息 -->
+	<b:bean id="myUserDetailService" class="com.ctrip.fun.admin.service.system.UserDetailsService" parent="baseService">
+		<b:property name="sipPhoneService" ref="sipPhoneService"></b:property>
+	</b:bean>
+	<b:bean id="sipPhoneService" class="com.ctrip.fun.admin.service.callcenter.SipPhoneService" />	
 	<!--访问决策器，决定某个用户具有的角色，是否有足够的权限去访问某个资源 -->
 	<b:bean id="myAccessDecisionManagerBean"
 		class="com.ctrip.fun.admin.service.system.MyAccessDecisionManager">
 	</b:bean>
 	<!--资源源数据定义，将所有的资源和权限对应关系建立起来，即定义某一资源可以被哪些角色访问 -->
-	<b:bean id="securityMetadataSource"
-		class="com.ctrip.fun.admin.service.system.MyInvocationSecurityMetadataSource" /> 
-		
-		
-
-
-	<b:bean id="sipPhoneService" class="com.ctrip.fun.admin.service.callcenter.SipPhoneService" />
-	<!-- 通过rest访问远程服务得到用户信息 -->
-	<b:bean id="userDetailsService" class="com.ctrip.fun.admin.service.system.UserDetailsService" parent="baseService">
-		<b:property name="sipPhoneService" ref="sipPhoneService"></b:property>
+	<b:bean id="securityMetadataSource" class="com.ctrip.fun.admin.service.system.MyInvocationSecurityMetadataSource" > 
+		<b:property name="adminResourcesService" ref="adminResourcesService"></b:property>
 	</b:bean>
+
           
  </b:beans>
 

src/main/resources/config/spring-service.xml

@@ -88,6 +88,8 @@
 		class="com.ctrip.fun.admin.service.basic.RecommendCodeService" parent="baseService" />
 	<bean name="userService" class="com.ctrip.fun.admin.service.system.UserService"
 		parent="baseService" />
+	<bean name="adminResourcesService" class="com.ctrip.fun.admin.service.system.AdminResourcesService"
+		parent="baseService" />
 	<bean name="adService" class="com.ctrip.fun.admin.service.golf.AdvertisementService"
 		parent="baseService" />
 	<bean name="friendService" class="com.ctrip.fun.admin.service.friend.FriendService"

src/main/resources/properties/service.properties

@@ -27,6 +27,7 @@ uri.voucher.exportVoucherExcel=/fun-golf-service/Voucher/exportVoucherExcel
 uri.adminUser.userDetail=/fun-golf-service/adminUser/userDetail
 uri.adminUser.updatePassword=/fun-golf-service/adminUser/update
 uri.adminUser.communeAdmUserList = /fun-golf-service/adminUser/communeAdmUserList
+uri.adminResources.list=/fun-golf-service/adminResources/list
 
 # order
 uri.order.placeOrder=/fun-golf-service/{orderType}/placeOrder