0
点赞
收藏
分享

微信扫一扫

spring security的核心过滤器

飞鸟不急 2021-09-29 阅读 40
技术博客

spring security的核心过滤器

spring security 加载时会初始化 DefaultSecurityFilterChain

public final class DefaultSecurityFilterChain implements SecurityFilterChain {
    private static final Log logger = LogFactory.getLog(DefaultSecurityFilterChain.class);
    private final RequestMatcher requestMatcher;
    private final List<Filter> filters;

    public DefaultSecurityFilterChain(RequestMatcher requestMatcher, List<Filter> filters) {
        logger.info("Creating filter chain: " + requestMatcher + ", " + filters);
        this.requestMatcher = requestMatcher;
        this.filters = new ArrayList<Filter>(filters);
    }
    ...
}

debug可以看到启动时加载的过滤器,其中 JwtAuthenticationTokenFilter 是我们项目当中自定义的 jwt 登录的过滤器,MyFilterSecurityInterceptor 是我们项目中用来做url权限匹配的过滤器。

spring security主要的过滤器有以下这些:

  • WebAsyncManagerIntegrationFilter
  • SecurityContextPersistenceFilter
  • HeaderWriterFilter
  • CsrfFilter
  • CorsFilter
  • LogoutFilter
  • UsernamePasswordAuthenticationFilter
  • RequestCacheAwareFilter
  • SecurityContextHolderAwareRequestFilter
  • AnonymousAuthenticationFilter
  • SessionManagementFilter
  • ExceptionTranslationFilter
  • FilterSecurityInterceptor

SecurityContextPersistenceFilter

WebAsyncManagerIntegrationFilter

HeaderWriterFilter

CsrfFilter

CorsFilter

LogoutFilter

UsernamePasswordAuthenticationFilter

RequestCacheAwareFilter

SecurityContextHolderAwareRequestFilter

AnonymousAuthenticationFilter

SessionManagementFilter

ExceptionTranslationFilter

FilterSecurityInterceptor

举报

相关推荐

0 条评论