spring security原理
delegatingFilterProxy和ApplicationFilterChain
delegatingFilterProxy:连接tomcat和spring,tomcat自带filter对request进行过滤,delegatingFilterProxy是spring定义的,ApplicationFilterChain是tomcat中管理filter的类,ApplicationFilterChain会再初始化http连接等操作后采用pos机制调用所有filter
接着,delegatingFilterProxy中持有FilterChainProxy对象,它也是一个Filter,FilterChainProxy中以数组的形式保存了用户定义的filterChain,然后根据request和用户定义的match规则,找到需要校验的filter,之后调用doFilte进行过滤