foreword
We explained the introductory case earlier. After reading it, many friends probably don’t know how he achieved the interception. Next, let's take a look at the basic principles of Spring Security?
Nature
In fact, Spring Security is essentially a filter chain. At startup, the filter chain can be obtained. (If you are not familiar with this piece of filters, it is recommended to read the relevant content of javaWeb)
Filter chain:
rg.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFil ter org.springframework.security.web.context.SecurityContextPersistenceFilter org.springframework.security.web.header.HeaderWriterFilter org.springframework.security.web.csrf.CsrfFilter org.springframework.security.web.authentication.logout.LogoutFilter org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter org.springframework.security.web.savedrequest.RequestCacheAwareFilter org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter org.springframework.security.web.authentication.AnonymousAuthenticationFilter org.springframework.security.web.session.SessionManagementFilter org.springframework.security.web.access.ExceptionTranslationFilter org.springframework.security.web.access.intercept.FilterSecurityInterceptor
Let's pick a few filters from them and take a look at their content through the source code:
FilterSecurityInterceptor
As a method-level permission filter, it is basically at the bottom of the filter chain.
From the doFilter of the filter ride, we can see that he calls the invoke method. Let's take a look at how he implements it next.
In the above code, we can clearly see that
super.beforeInvocation(filterInvocation); This code means: check whether the previous filter is passed before invocation.
After all pass, fi.getChain().doFilter(fi.getRequest(), fi.getResponse()); will be called to indicate the real call to the background service.
LogoutFilter
Logout filter, the filter for the logout interface we configured, so that it can perform post-logout processing operations on authenticated users
ExceptionTranslationFilter
Exception filter, used to handle exceptions thrown during the authentication and authorization process
The content of the filter chain will be explained here first.
Welcome everyone to click on the card below to pay attention to "coder trainees"