类名称 | Namespace Element or Attribute |
ChannelProcessingFilter | http/intercept-url@requires-channel |
SecurityContextPersistenceFilter | http |
ConcurrentSessionFilter | session-management/concurrency-control |
HeaderWriterFilter | http/headers |
CsrfFilter | http/csrf |
LogoutFilter | http/logout |
XAuthenticationFilter | http/X509 |
AbstractPerAuthenticatedProcessingFilter | N/A |
CasAuthenticationFilter | N/A |
UsernamePasswordAuthenticationFilter | http/from-login |
BasicAuthenticationFIlter | http/from-basic |
SecurityContextHolderAwareRequestFilter | http/@servlet-api-provision |
JaasAoilntegrationFilter | http/@jaas-api-provision |
RememberMeAuthenticationFilter | http/remeber-me |
AnonymousAuthenticationFilter | http/anonymous |
SessionManagementFilter | session-management |
ExceptionTranslationFilter | http |
FilterSecurityInterceptor | http |
SwitchUserFIlter | N/A |
*****************过滤器的顺序从上到下
自定义过滤器方法:
public class BeforLoginFilter extends GenericFilterBean{
public void doFilter(ServletRequest servletRequest,ServletResponse servletResponse,FilterChain filterChain) throws IOException ServletException{
//调用Filter 链 .....
filter.doFilter(servletRequest,servletResponse);
}
}
配置自定义过滤器Filter在Spring Security 过滤链中的位置
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/user/**").hasRole("USER")
.and()
.formLogin().loginPage("/login").defaultSuccessUrl("/user")
.and()
.logout().logoutUrl("/logout").logoutSuccessUrl("/login");
// 在 UsernamePasswordAuthenticationFilter 前添加 BeforeLoginFilter
http.addFilterBefore(new BeforeLoginFilter(), UsernamePasswordAuthenticationFilter.class);
// 在 CsrfFilter 后添加 AfterCsrfFilter
http.addFilterAfter(new AfterCsrfFilter(), CsrfFilter.class);
}
HttpSecurity有三个常用方法来定义Filter
- addFilterBefore(Filter filter,CLass<? extends Filter> beforeFilter) 在beforeFilter之前添加filter
- addFilterAfter(Filter filter,Class<? extends Filter> afterFilter) 在 afterFilter 之后添加filter
- addFilterAt(Filter filter, Class<? extends Filter> atFilter) 在atFilter相同的位置添加FIlter ,此Filter 不覆盖Filter