关于spring security权限控制

spring-security.xml 文件：

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans 
  http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.0.xsd">







login-page="/auth/login" 
authentication-failure-url="/auth/login?error=true" 
default-target-url="/main/common"/>

invalidate-session="true" 
logout-success-url="/auth/login" 
logout-url="/auth/logout"/>





       
       
       

web.xml 

xmlns="http://java.sun.com/xml/ns/j2ee" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">



springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy




springSecurityFilterChain
/*




contextConfigLocation

/WEB-INF/spring-security.xml
/WEB-INF/applicationContext.xml





spring
org.springframework.web.servlet.DispatcherServlet
1




spring
/




org.springframework.web.context.ContextLoaderListener

package org.liukai.tutorial.service;


import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;


import org.liukai.tutorial.dao.UserDao;
import org.liukai.tutorial.domain.DbUser;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;


public class CustomUserDetailsService implements UserDetailsService {


private UserDao userDAO = new UserDao();


public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {


UserDetails user = null;


try {


DbUser dbUser = userDAO.getDatabase(username);


user = new User(dbUser.getUsername(), dbUser.getPassword()
.toLowerCase(), true, true, true, true,
getAuthorities(dbUser.getAccess()));


} catch (Exception e) {

throw new UsernameNotFoundException("Error in retrieving user");
}


return user;
}








public Collection getAuthorities(Integer access) {


List authList = new ArrayList();

String value=  getMaps1().get(access);
      String[] str=value.split(",");
     
for(String s :str){
authList.add(new GrantedAuthorityImpl(getMaps2().get(s)));

}





// if (access.compareTo(1) == 0) {
// authList.add(new GrantedAuthorityImpl("ROLE_ADMIN"));
//         }
// if(access.compareTo(3)==0){
//
// authList.add(new GrantedAuthorityImpl("ROLE_CH"));
// }
//
// if (access.compareTo(2) == 0) {
// authList.add(new GrantedAuthorityImpl("ROLE_USER"));
// }




return authList;
}


public static   Map getMaps1(){

Map map=new HashMap();

map.put(1, "1,2,3");
map.put(2, "2,3");
map.put(3, "1,2,3");


return map;
}

public static   Map getMaps2(){

Map map=new HashMap();

map.put("1", "ROLE_ADMIN");
map.put("2", "ROLE_USER");
map.put("3", "ROLE_CH");



return map;
}

}