基于RDBC简单设计了一下数据库，具体的SQL如下：

/*==============================================================*//* DBMS name:      ORACLE Version 11g                           *//* Created on:     2016/10/17 15:44:34                          *//*==============================================================*/--alter table R_ROLE_AUTHORITY drop constraint FK_R_ROLE_A_REFERENCE_T_ROLE_I;--alter table R_ROLE_AUTHORITY drop constraint FK_R_ROLE_A_REFERENCE_T_AUTHOR;--alter table R_USER_ROLE drop constraint FK_R_USER_R_REFERENCE_T_USER_I;--alter table R_USER_ROLE drop constraint FK_R_USER_R_REFERENCE_T_ROLE_I;--drop table R_ROLE_AUTHORITY cascade constraints;--drop table R_USER_ROLE cascade constraints;--drop table T_AUTHORITY_INFO cascade constraints;--drop table T_ROLE_INFO cascade constraints;--drop table T_USER_INFO cascade constraints;/*==============================================================*//* Table: R_ROLE_AUTHORITY                                      *//*==============================================================*/create table R_ROLE_AUTHORITY (   ID                   INTEGER              not null,   AUTHORITYID          INTEGER              not null,   ROLEID               INTEGER              not null,   CREATETIME           DATE                 not null,   UPDATETIME           DATE                 not null,   constraint PK_R_ROLE_AUTHORITY primary key (ID));comment on column R_ROLE_AUTHORITY.AUTHORITYID is'�û����';comment on column R_ROLE_AUTHORITY.ROLEID is'��ɫ���';/*==============================================================*//* Table: R_USER_ROLE                                           *//*==============================================================*/create table R_USER_ROLE (   ID                   INTEGER              not null,   USERID               INTEGER              not null,   ROLEID               INTEGER              not null,   CREATETIME           DATE                 not null,   UPDATETIME           DATE                 not null,   constraint PK_R_USER_ROLE primary key (ID));comment on column R_USER_ROLE.USERID is'�û����';comment on column R_USER_ROLE.ROLEID is'��ɫ���';/*==============================================================*//* Table: T_AUTHORITY_INFO                                      *//*==============================================================*/create table T_AUTHORITY_INFO (   ID                   INTEGER              not null,   AUTHORITYNAME        VARCHAR(50)          not null,   COMM                 VARCHAR(200),   CREATETIME           DATE                 not null,   UPDATETIME           DATE                 not null,   constraint PK_T_AUTHORITY_INFO primary key (ID));/*==============================================================*//* Table: T_ROLE_INFO                                           *//*==============================================================*/create table T_ROLE_INFO (   ID                   INTEGER              not null,   ROLENAME             VARCHAR2(30 CHAR)    not null,   DESCRIBE             VARCHAR2(60 CHAR)    not null,   CREATETIME           DATE                 not null,   UPDATETIME           DATE                 not null,   constraint PK_T_ROLE_INFO primary key (ID));comment on column T_ROLE_INFO.ID is'���';comment on column T_ROLE_INFO.ROLENAME is'�û���';comment on column T_ROLE_INFO.DESCRIBE is'����';comment on column T_ROLE_INFO.CREATETIME is'����ʱ��';comment on column T_ROLE_INFO.UPDATETIME is'����ʱ��';/*==============================================================*//* Table: T_USER_INFO                                           *//*==============================================================*/create table T_USER_INFO (   ID                   INTEGER              not null,   USERNAME             VARCHAR2(30 CHAR)    not null,   TELEPHONE            VARCHAR2(15 CHAR)    not null,   CREATETIME           DATE                 not null,   UPDATETIME           DATE                 not null,   ISENABLE             NUMBER(1)            not null,   constraint PK_T_USER_INFO primary key (ID));comment on column T_USER_INFO.ID is'���';comment on column T_USER_INFO.USERNAME is'�û���';comment on column T_USER_INFO.TELEPHONE is'��ϵ�绰';comment on column T_USER_INFO.CREATETIME is'����ʱ��';comment on column T_USER_INFO.UPDATETIME is'����ʱ��';comment on column T_USER_INFO.ISENABLE is'�Ƿ�����,0����,1����';ALTER TABLE T_USER_INFOADD ( PASSWORD VARCHAR2(256 CHAR) DEFAULT ''  NOT NULL  ) ;COMMENT ON COLUMN T_USER_INFO.PASSWORD IS '�û���¼����';alter table R_ROLE_AUTHORITY   add constraint FK_R_ROLE_A_REFERENCE_T_ROLE_I foreign key (ROLEID)      references T_ROLE_INFO (ID);alter table R_ROLE_AUTHORITY   add constraint FK_R_ROLE_A_REFERENCE_T_AUTHOR foreign key (AUTHORITYID)      references T_AUTHORITY_INFO (ID);alter table R_USER_ROLE   add constraint FK_R_USER_R_REFERENCE_T_USER_I foreign key (USERID)      references T_USER_INFO (ID);alter table R_USER_ROLE   add constraint FK_R_USER_R_REFERENCE_T_ROLE_I foreign key (ROLEID)      references T_ROLE_INFO (ID);	  --��������CREATE SEQUENCE TUI_SEQ MINVALUE 1 NOMAXVALUE START WITH 1 INCREMENT BY 1 NOCACHE;--����������CREATE OR REPLACE TRIGGER TUI_TRIBEFORE INSERT ON T_USER_INFO FOR EACH ROWBEGIN	SELECT		TUI_SEQ.nextval INTO :NEW.ID	FROM		DUAL;END ;--����Ȩ�ޱ�--END-------------------------------------------------------------------��������CREATE SEQUENCE TRI_SEQ MINVALUE 1 NOMAXVALUE START WITH 1 INCREMENT BY 1 NOCACHE;--����������CREATE OR REPLACE TRIGGER TRI_TRIBEFORE INSERT ON T_ROLE_INFO FOR EACH ROWBEGIN	SELECT		TRI_SEQ.nextval INTO :NEW.ID	FROM		DUAL;END ;--����Ȩ�ޱ�--END-------------------------------------------------------------------��������CREATE SEQUENCE TAI_SEQ MINVALUE 1 NOMAXVALUE START WITH 1 INCREMENT BY 1 NOCACHE;--����������CREATE OR REPLACE TRIGGER TAI_TRIBEFORE INSERT ON T_AUTHORITY_INFO FOR EACH ROWBEGIN	SELECT		TAI_SEQ.nextval INTO :NEW.ID	FROM		DUAL;END ;--����Ȩ�ޱ�--END-------------------------------------------------------------------��������CREATE SEQUENCE RRA_SEQ MINVALUE 1 NOMAXVALUE START WITH 1 INCREMENT BY 1 NOCACHE;--����������CREATE OR REPLACE TRIGGER RRA_TRIBEFORE INSERT ON R_ROLE_AUTHORITY FOR EACH ROWBEGIN	SELECT		RRA_SEQ.nextval INTO :NEW.ID	FROM		DUAL;END ;--����Ȩ�ޱ�--END-------------------------------------------------------------------��������CREATE SEQUENCE RUR_SEQ MINVALUE 1 NOMAXVALUE START WITH 1 INCREMENT BY 1 NOCACHE;--����������CREATE OR REPLACE TRIGGER RUR_TRIBEFORE INSERT ON R_USER_ROLE FOR EACH ROWBEGIN	SELECT		RUR_SEQ.nextval INTO :NEW.ID	FROM		DUAL;END ;--����Ȩ�ޱ�--END-----------------------------------------------------------------ALTER TABLE T_ROLE_INFO ADD CONSTRAINT U_ROLENAME UNIQUE (ROLENAME);ALTER TABLE T_USER_INFO ADD CONSTRAINT U_USERNAME UNIQUE (USERNAME);ALTER TABLE R_ROLE_AUTHORITY ADD CONSTRAINT U_AUTH_ROLE UNIQUE (AUTHORITYID, ROLEID);ALTER TABLE R_USER_ROLE ADD CONSTRAINT U_USER_ROLE UNIQUE (USERID, ROLEID);ALTER TABLE T_AUTHORITY_INFOADD ( INTERCEPTURL VARCHAR2(200 CHAR) DEFAULT ''  NOT NULL  ) ADD ( ACCESSAUTH VARCHAR2(60 CHAR) DEFAULT 'IS_AUTHENTICATED_ANONYMOUSLY'  NOT NULL  ) ;COMMENT ON COLUMN T_AUTHORITY_INFO.INTERCEPTURL IS '拦截URL';COMMENT ON COLUMN T_AUTHORITY_INFO.ACCESSAUTH IS '访问权限';

上一篇博客满满的都是配置文件，这篇来些干货

package com.raze.security;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.beans.factory.annotation.Qualifier;import org.springframework.security.access.SecurityMetadataSource;import org.springframework.security.access.intercept.AbstractSecurityInterceptor;import org.springframework.security.access.intercept.InterceptorStatusToken;import org.springframework.security.web.FilterInvocation;import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;/** * Copyright: Copyright (c) 2016 DJM *  * @ClassName: MyUserDetailService.java * @Description: 自定义过滤器 * * @version: v1.0.0 * @author: DJM * @date: 2016-09-18 下午15:25:17 */public class MyFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {		@Autowired	@Qualifier("mySecurityMetadataSource")	private FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource;		@Override	public void doFilter(ServletRequest request, ServletResponse response,			FilterChain chain) throws IOException, ServletException {		FilterInvocation fi = new FilterInvocation( request, response, chain );  		invoke(fi);  	}	@Override	public Class
     getSecureObjectClass() {		return FilterInvocation.class;	}	public void invoke(FilterInvocation fi) throws IOException, ServletException {  		InterceptorStatusToken  token = super.beforeInvocation(fi);  	    try{  	    	fi.getChain().doFilter(fi.getRequest(), fi.getResponse());  	    }finally{  	    	super.afterInvocation(token, null);  	    }  	}	@Override	public void init(FilterConfig filterConfig) throws ServletException {	}	@Override	public void destroy() {	}	@Override	public SecurityMetadataSource obtainSecurityMetadataSource() {		return this.filterInvocationSecurityMetadataSource;	}	}

package com.raze.security;import java.util.Collection;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;import org.springframework.stereotype.Service;import com.raze.domain.UserInfo;import com.raze.service.IUserService;/** * Copyright: Copyright (c) 2016 DJM *  * @ClassName: MyUserDetailService.java * @Description: 实现用户查询服务,用于用户验证信息 * * @version: v1.0.0 * @author: DJM * @date: 2016-09-18 下午15:25:17 */@Servicepublic class MyUserDetailsService implements UserDetailsService {		@Autowired	private IUserService  userService;		@Override	public UserDetails loadUserByUsername(String username)			throws UsernameNotFoundException {		UserInfo userDetailsImpl = userService.obtainUserInfoByUserName(username);		if(userDetailsImpl!=null){			Collection
     collection = userService.obtainAuthorityCollentionByUserName(username);			userDetailsImpl.setCollection(collection);		}		return userDetailsImpl;	}}

package com.raze.security;import java.util.Collection;import java.util.Iterator;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.security.access.AccessDecisionManager;import org.springframework.security.access.AccessDeniedException;import org.springframework.security.access.ConfigAttribute;import org.springframework.security.authentication.InsufficientAuthenticationException;import org.springframework.security.core.Authentication;import org.springframework.security.core.GrantedAuthority;import org.springframework.stereotype.Service;/** * Copyright: Copyright (c) 2016 DJM *  * @ClassName: MyUserDetailService.java * @Description: 自定义决策管理区,判断当前用户是否拥有访问该资源的权限 * * @version: v1.0.0 * @author: DJM * @date: 2016-09-18 下午15:25:17 */@Servicepublic class MyAccessDecisionManager implements AccessDecisionManager {		private static final Logger logger = LoggerFactory.getLogger(MyAccessDecisionManager.class);	@Override	public void decide(Authentication authentication, Object object,			Collection
    
      configAttributes)			throws AccessDeniedException, InsufficientAuthenticationException {		if(null==configAttributes){			return;		}		logger.info("The parameter of object {} is a URL.", object);        Iterator
     
       iterator = configAttributes.iterator();        while (iterator.hasNext()) {            ConfigAttribute configAttribute = iterator.next();            // 访问所请求资源所需要的权限            String needPermission = configAttribute.getAttribute();            logger.info("Access request resource requires permission {}.", needPermission);            // 用户所拥有的权限authentication            for (GrantedAuthority granted : authentication.getAuthorities()) {                if (needPermission.equals(granted.getAuthority())) {                    return;                }            }        }        // 没有权限        throw new AccessDeniedException(" 没有权限访问！ ");	}	@Override	public boolean supports(ConfigAttribute attribute) {		return true;	}	@Override	public boolean supports(Class
       clazz) {		return true;	}}
     
    

package com.raze.security;import java.util.ArrayList;import java.util.Collection;import java.util.HashMap;import java.util.HashSet;import java.util.Map;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.access.ConfigAttribute;import org.springframework.security.access.SecurityConfig;import org.springframework.security.web.FilterInvocation;import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;import org.springframework.stereotype.Service;import com.raze.service.IUserService;/** * Copyright: Copyright (c) 2016 DJM *  * @ClassName: MyUserDetailService.java * @Description: 自定义资源源数据,将所有的资源和权限对应关系建立起来,即定义某一资源可以被哪些角色访问 * * @version: v1.0.0 * @author: DJM * @date: 2016-09-18 下午15:25:17 */@Servicepublic class MySecurityMetadataSource implements FilterInvocationSecurityMetadataSource {		@Autowired	private IUserService userService;		/**	 * 加载所有的资源以及与权限关联的权限	 */	public Map
    
     > initResourceDefine() {		// 存储所有的资源和权限的映射		Map
     
      > resourceMap = new HashMap
      
       >();				//存储所有资源		Collection
       
         resourcesSet = new HashSet
        
         ();				//读取所有的资源以及与权限关联的权限		Collection