spring security 源码记录

今天简单记录一下security执行

1. org.springframework.web.filter.DelegatingFilterProxy.doFilter()
2. org.springframework.security.web.FilterChainProxy.doFilter()
3. org.springframework.security.web.SecurityFilterChain.matches()
3.1 org.springframework.security.web.util.RequestMatcher.matches()
4 org.springframework.security.web.SecurityFilterChain.getFilters() #返回方法链

5. VirtualFilterChain.doFilter() #循环执行方法链8个
5.1 org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter()
5.2 org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter()
5.3 org.springframework.security.web.session.SessionManagementFilter.doFilter()

5.x ....

6.org.springframework.web.servlet.FrameworkServlet.doGet()

7.org.springframework.web.servlet.DispatcherServlet.doDispatch()

spring security 方法链一般的写法：

if (currentPosition == size) {
    return //结束

}else{
    currentPosition++;
    Filter nextFilter = additionalFilters.get(currentPosition - 1);
    nextFilter.doFilter(request, response, this);
}