执行顺序从上往下
Security filter chain: [
WebAsyncManagerIntegrationFilter
SecurityContextPersistenceFilter
HeaderWriterFilter
CsrfFilter
LogoutFilter
UsernamePasswordAuthenticationFilter
DefaultLoginPageGeneratingFilter
DefaultLogoutPageGeneratingFilter
BasicAuthenticationFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
FilterSecurityInterceptor
]
过滤器 | 过滤器作用 |
---|---|
WebAsyncManagerIntegrationFilter | 将 WebAsyncManger 与 SpringSecurity 上下文进行集成 |
SecurityContextPersistenceFilter | 在处理请求之前,将安全信息加载到 SecurityContextHolder 中 |
HeaderWriterFilter | 处理头信息加入响应中 |
CsrfFilter | 处理 CSRF 攻击 |
LogoutFilter | 处理注销登录 |
UsernamePasswordAuthenticationFilter | 处理表单登录 |
DefaultLoginPageGeneratingFilter | 配置默认登录页面 |
DefaultLogoutPageGeneratingFilter | 配置默认注销页面 |
BasicAuthenticationFilter | 处理 HttpBasic 登录 |
RequestCacheAwareFilter | 处理请求缓存 |
SecurityContextHolderAwareRequestFilter | 包装原始请求 |
AnonymousAuthenticationFilter | 配置匿名认证 |
SessionManagementFilter | 处理 session 并发问题 |
ExceptionTranslationFilter | 处理认证/授权中的异常 |
FilterSecurityInterceptor | 处理授权相关 |