在使用xml配置spring security时经常会看到下面类似的配置:
<security:http entry-point-ref="multipleAuthenticationLoginEntry" servlet-api-provision="true">
<!--
<security:session-management invalid-session-url="/loginRedirect.jtl">
<security:concurrency-control error-if-maximum-exceeded="false" max-sessions="1" expired-url="/loginRedirect.jtl"/>
</security:session-management>
-->
<!--使用表单登录-->
<security:remember-me key="xx"/>
<security:logout logout-url="/logout" logout-success-url="/loginRedirect.jtl"/>
<security:custom-filter ref="xxFilter" after="FORM_LOGIN_FILTER" />
<security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="xx1Filter" />
<security:access-denied-handler ref="xxHandler"/>
<security:custom-filter position="SWITCH_USER_FILTER" ref="xx2Filter"/>
</security:http>
那么上面标红部分配置在哪里呢,笔者将相关部门摘抄下来,分享至此:
Alias | Filter Class | Namespace Element or Attribute |
---|---|---|
CHANNEL_FILTER |
|
|
SECURITY_CONTEXT_FILTER |
|
|
CONCURRENT_SESSION_FILTER |
|
|
HEADERS_FILTER |
|
|
CSRF_FILTER |
|
|
LOGOUT_FILTER |
|
|
X509_FILTER |
|
|
PRE_AUTH_FILTER |
| N/A |
CAS_FILTER |
| N/A |
FORM_LOGIN_FILTER |
|
|
BASIC_AUTH_FILTER |
|
|
SERVLET_API_SUPPORT_FILTER |
|
|
JAAS_API_SUPPORT_FILTER |
|
|
REMEMBER_ME_FILTER |
|
|
ANONYMOUS_FILTER |
|
|
SESSION_MANAGEMENT_FILTER |
|
|
EXCEPTION_TRANSLATION_FILTER |
|
|
FILTER_SECURITY_INTERCEPTOR |
|
|
SWITCH_USER_FILTER |
| N/A |
根据上面这个对照表,可以进一步分析以及作为使用参考。