Spring Security3.0升级至3.2.4版本注意事项

配置Spring Security实现用户-角色-权限-资源四层管理，从3.0版本，升级到3.2.4版本时需要注意如下：

1、配置文件修改，样式改为http://www.springframework.org/schema/security/spring-security-3.2.xsd

2、代码修改，在3.2.4版本中没有UrlMatcher和AntUrlPathMatcher，自定义类LssrcFilterInvocationSecurityMetadataSourceImpl需要使用RequestMatcher和AntPathRequestMatcher作为替代。

3.0版

org.springframework.security.web.util.AntUrlPathMatcher;

org.springframework.security.web.util.UrlMatcher;

private UrlMatcher urlMatcher = new AntUrlPathMatcher();

String url = ((FilterInvocation) object).getRequestUrl();

int firstQuestionMarkIndex = url.indexOf("?");

if (firstQuestionMarkIndex != -1) {

    url = url.substring(0, firstQuestionMarkIndex);

}

Iterator<String> ite = resourceMap.keySet().iterator();

while (ite.hasNext()) {

    String resURL = ite.next();

    if (urlMatcher.pathMatchesUrl(url, resURL)) {

        return resourceMap.get(resURL);

    }

}

3.2版

org.springframework.security.web.util.matcher.RequestMatcher;

org.springframework.security.web.util.matcher.AntPathRequestMatcher;

FilterInvocation filterInvocation = (FilterInvocation) object;

Iterator<String> ite = resourceMap.keySet().iterator();

while (ite.hasNext()) {

    String requestURL = ite.next();

    RequestMatcher requestMatcher = new AntPathRequestMatcher(requestURL);

    if(requestMatcher.matches(filterInvocation.getHttpRequest())) {

        return resourceMap.get(requestURL);

    }

}

return null;