The basic principle of Spring Security - filter chain

Language 2023-04-16 18:14:59 views: null

foreword

We explained the introductory case earlier. After reading it, many friends probably don’t know how he achieved the interception. Next, let's take a look at the basic principles of Spring Security?

Nature

In fact, Spring Security is essentially a filter chain. At startup, the filter chain can be obtained. (If you are not familiar with this piece of filters, it is recommended to read the relevant content of javaWeb)

Filter chain:

rg.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFil ter org.springframework.security.web.context.SecurityContextPersistenceFilter org.springframework.security.web.header.HeaderWriterFilter org.springframework.security.web.csrf.CsrfFilter org.springframework.security.web.authentication.logout.LogoutFilter org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter org.springframework.security.web.savedrequest.RequestCacheAwareFilter org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter org.springframework.security.web.authentication.AnonymousAuthenticationFilter org.springframework.security.web.session.SessionManagementFilter org.springframework.security.web.access.ExceptionTranslationFilter org.springframework.security.web.access.intercept.FilterSecurityInterceptor

Let's pick a few filters from them and take a look at their content through the source code:

FilterSecurityInterceptor

As a method-level permission filter, it is basically at the bottom of the filter chain.

From the doFilter of the filter ride, we can see that he calls the invoke method. Let's take a look at how he implements it next.

 In the above code, we can clearly see that

super.beforeInvocation(filterInvocation); This code means: check whether the previous filter is passed before invocation.

After all pass, fi.getChain().doFilter(fi.getRequest(), fi.getResponse()); will be called to indicate the real call to the background service.

LogoutFilter

Logout filter, the filter for the logout interface we configured, so that it can perform post-logout processing operations on authenticated users

ExceptionTranslationFilter

Exception filter, used to handle exceptions thrown during the authentication and authorization process

 The content of the filter chain will be explained here first.

Welcome everyone to click on the card below to pay attention to "coder trainees"

Guess you like

Origin blog.csdn.net/ybb_ymm/article/details/130080520
Recommended
Ranking
springcloud + nacos - version selection
tensorflow2.1 MNIST handwritten digit recognition dataset
ACWING58. The minimum number of arrays arranged (the offer to prove safety)
What is the station station
Linux Ubuntu installation common services (7) Elasticsearch
LeetCode | 0994. Rotting Oranges rotten oranges [Python]
Close source line removal console Vue
sql tutorial
Egret 2D(6)--collision detection and text
SpringCloud-Introduction to Zuul
Daily
More
2024-07-24(0)
2024-07-23(0)
2024-07-22(0)
2024-07-21(0)
2024-07-20(0)
2024-07-19(0)
2024-07-18(0)
2024-07-17(0)
2024-07-16(0)
2024-07-15(0)

Code World

© 2018 codetd.com