Resource resource = getResource();
// if (resource.getEntities().isEmpty()) { return Collections.emptyList(); }
// List<Restriction> realms = restrictionMap.get(resource.getId());
// User user = entityDao.get(User.class, getUserId());
// if (null == realms) {
UserProfile profile = getUserProfile();
List<Restriction> holders = restrictionService.getRestrictions(profile, resource);
// restrictionMap.put(resource.getId(), realms);
// }
// 没有权限就报错
if (holders.isEmpty()) { throw new AccessDeniedException(SecurityContextHolder.getContext()