Filter
Spring Security’s Servlet 基于 Servlet Filters.
客户端发送一个请求到application,容器(tomcat)创造了FilterChaain
(包含Filter
和Servlet
)来处理请求(HttpServletRequest).在SpringMVC中servlet
就是DispatcherServlet
.
最多一个Servlet
处理一个请求和相应.,而可以有多个filter
来:
1)阻止访问下游(downstream)的fitler
或servlet
,可以直接返回响应
2)更新下游的 HttpServletRequest 或 HttpServletResponse(在返回时更新response)
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
// do something before the rest of the application
chain.doFilter(request, response); // invoke the rest of the application
// do something after the rest of the application
}
DelegatingFilterProxy
1)Filter
的代理,用来连接Servlet容器和Spring的ApplicationContext.比如将FIlter注册为Bean.
2)另外一个是可以延迟加载,在之前,容器启动前就必须注册好Filter,而该代理可以通过监听器ContextLoaderListener
来注册.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
// Lazily get Filter that was registered as a Spring Bean
// For the example in DelegatingFilterProxy delegate is an instance of Bean Filter0
Filter delegate = getFilterBean(someBeanName);
// delegate work to the Spring Bean
delegate.doFilter(request, response);
}
参考:
https://docs.spring.io/spring-security/site/docs/5.4.5/reference/html5/#servlet-architecture