zoukankan      html  css  js  c++  java

  • spring security原理

    spring security通过一系列过滤器实现其功能,入口过滤器如下(web.xml):

    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    其他过滤器调用顺序:

    然后通过org.springframework.security.web.FilterChainProxy过滤器获取以下过滤器列表:

    org.springframework.security.web.context.SecurityContextPersistenceFilter@4976abb4

    org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@3ea61bd9

    org.springframework.security.web.authentication.logout.LogoutFilter@469ddd58

    org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@443b70fc

    org.springframework.security.web.savedrequest.RequestCacheAwareFilter@386c58c4

    org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@361af4c3

    org.springframework.security.web.authentication.AnonymousAuthenticationFilter@1ec59845

    org.springframework.security.web.session.SessionManagementFilter@1e6a7f1

    org.springframework.security.web.access.ExceptionTranslationFilter@5b167571

    org.springframework.security.web.access.intercept.FilterSecurityInterceptor@3a4b2e3c

    然后由内部类 VirtualFilterChain 依次调用这些过滤器实现其认证、授权等功能 (org.springframework.security.web.FilterChainProxy$VirtualFilterChain)

    细节可参考某大牛的文章:

    http://dead-knight.iteye.com/category/220917
  • 相关阅读:
    团队冲刺--第二阶段(五)
    团队冲刺--第二阶段(四)
    团队冲刺--第二阶段(三)
    团队冲刺--第二阶段(二)
    团队冲刺--第二阶段(一)
    第一阶段意见评论
    人月神话阅读笔记02
    基础-定位
    基础-颜色
    标准文档流
  • 原文地址:https://www.cnblogs.com/fsqsec/p/5231224.html
Copyright © 2011-2022 走看看