不得不再感嘆一下,策略模式在SpringSecurity中用的地方太多了!
? SecurityContextHolder, to provide access to the SecurityContext.
? SecurityContext, to hold the Authentication and possibly request-specific security
information.
? Authentication, to represent the principal in a Spring Security-specific manner.
? GrantedAuthority, to reflect the application-wide permissions granted to a principal.
? UserDetails, to provide the necessary information to build an Authentication object from your
application's DAOs or other source source of security data.
? UserDetailsService, to create a UserDetails when passed in a String-based username
(or certificate ID or the like).
(以上是從文檔里面抄出來的!)
這就是權限的核心了!!(持續修改中。。。。。。)