The class PassThruAuthenticationFilter is a final implementation class, it implements the onAccessDenied method, and the implementation is very simple
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { if (isLoginRequest(request, response)) { return true; } else { saveRequestAndRedirectToLogin(request, response); return false; } }
The isAccessAllowed method of AuthenticationFilter needs to be called before , which judges whether to log in, so this class ( PassThruAuthenticationFilter ) is suitable for those operations that need to be logged in and can be implemented after logging in.