* 1)检查是否是属于公有资源<br>
* 2)检查用户组权限<br>
*/
public boolean isAuthorized(Authentication auth, Object resource) {
loadResourceNecessary();
FilterInvocation fi = (FilterInvocation) resource;
String resourceName = resourceExtractor.extract(fi.getHttpRequest());
if (publicResources.contains(resourceName)) { return true; }
if (AnonymousAuthentication.class.isAssignableFrom(auth.getClass())) { return false; }
if (protectedResources.contains(resourceName)) { return true; }
GrantedAuthority[] groups = auth.getAuthorities();
if (null == groups) { return false; }