不得不再感叹一下,策略模式在SpringSecurity中用的地方太多了!
? SecurityContextHolder, to provide access to the SecurityContext.
? SecurityContext, to hold the Authentication and possibly request-specific security
information.
? Authentication, to represent the principal in a Spring Security-specific manner.
? GrantedAuthority, to reflect the application-wide permissions granted to a principal.
? UserDetails, to provide the necessary information to build an Authentication object from your
application's DAOs or other source source of security data.
? UserDetailsService, to create a UserDetails when passed in a String-based username
(or certificate ID or the like).
(以上是从文档里面抄出来的!)
这就是权限的核心了!!(持续修改中。。。。。。)