zoukankan      html  css  js  c++  java
  • spring security原理图及其解释



    用户发出订单修改页面的请求,Access Decision Manager进行拦截,然后对比用户的授权和次页面需要的授权是不是有重合的部分,如果有重合的部分,那面页面就授权成功,如果失败就通知用户。 

    We can see that a component called the access decision manager is responsible for determining whether a principal has the appropriate level of access, based on the match between the authority possessed by the principal and the authority requested by the resource. 


    Adding the Spring DelegatingFilterProxy to your web.xml file 

    The o.s.web.filter.DelegatingFilterProxy is a servlet filter that allows Spring Security to wrap all application requests and ensure that they are appropriately secured. 


    Comprehending the overall flow of web requests and how they move through the chain of responsibility is crucial to our success with advanced topics in Spring Security. Keep in mind the basic concepts of authentication and authorization as they fit into the overall architecture of our protected system. 



    How requests are processed? 

    The Spring Security architecture relies heavily on the use of delegates and servlet filters to provide layers of functionality around the context of a web application request. 

    Servlet Filters (classes that implement the javax.servlet.Filter interface) are used to intercept user requests and perform pre-or post-processing, or redirect the request altogether, depending on the function of the servlet filter. The final destination servlet is the Spring MVC dispatcher servlet, in the case of the JBCP Pets online store, but in theory, it could represent any web servlet. The following 

     

    diagram illustrates how a servlet filter wraps a user's web request: 

    The automatic configuration attribute in the Spring Security XML configuration file sets up a series of ten servlet filters, which are applied in a sequence through the use of a Java EE servlet filter chain. The filter chain is a Java EE Servlet API concept specified by the javax.servlet.FilterChain interface that allows a web application to direct that a chain of servlet filters should apply to any given request. 

    Similar to a physical chain made from metal links, each servlet filter represents a link in the chain of method calls used to process the user's request. Requests travel along the chain, being processed by each filter in turn. 


     


    The automatic configuration option sets up 10 Spring Security filters for you. Understanding what these default filters do, and where and how they are configured, is critical to advanced work with Spring Security. 

    These filters, and the order in which they are applied, are described in the following table. Most of these filters will be described again as we proceed through our work on the JBCP Pets online store, so don't worry if you don't understand exactly what they do now. 







    You may wonder how the DelegatingFilterProxy is able to locate the filter chain that's configured by Spring Security. Recall that we needed to give the DelegatingFilterProxy a filter name in the web.xml file: 

        springSecurityFilterChain 
        
            org.springframework.web.filter.DelegatingFilterProxy 
        

    The name of this filter is no coincidence, and in fact is expected for Spring Security to wire itself to the DelegatingFilterProxy appropriately. Unless explicitly configured, the DelegatingFilterProxy will look for a configured bean in the Spring WebApplicationContext of the same name (as specified in the filter-name element). More detail on the configurability of the DelegatingFilterProxy is available in the Javadoc for the class.

  • 相关阅读:
    qemu进程页表和EPT的同步问题
    Linux进程虚拟地址空间管理2
    qemu-kvm内存虚拟化1
    LInux进程虚拟地址空间的管理
    Linux下的文件系统2
    LInux中的文件系统1
    Linux IPC之管道通信
    操作系统中的特权级检查
    Linux下的信号机制
    进程的挂起、阻塞和睡眠
  • 原文地址:https://www.cnblogs.com/haore147/p/5215782.html
Copyright © 2011-2022 走看看