SpringSecurity之基本原理
1 启动情况
SpringSecurity 本质
是一个过滤器链
: 从启动是可以获取到过滤器链
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFil ter
org.springframework.security.web.context.SecurityContextPersistenceFilter
org.springframework.security.web.header.HeaderWriterFilter
org.springframework.security.web.csrf.CsrfFilter
org.springframework.security.web.authentication.logout.LogoutFilter
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
org.springframework.security.web.savedrequest.RequestCacheAwareFilter
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
org.springframework.security.web.authentication.AnonymousAuthenticationFilter
org.springframework.security.web.session.SessionManagementFilter
org.springframework.security.web.access.ExceptionTranslationFilter
org.springframework.security.web.access.intercept.FilterSecurityInterceptor
2 代码底层流程
主要是三个过滤器
-
FilterSecurityInterceptor
是一个
方法级的权限过滤器
, 基本位于过滤链的最底部
-
ExceptionTranslationFilter
是个异常过滤器,用来处理在认证授权过程中抛出的异常
-
UsernamePasswordAuthenticationFilter
对/login的POST请求做拦截,
校验表单中用户 名,密码
版权声明:本文为hcyxsh原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。