SpringBoot 分析 @EnableGlobalMethodSecurity注解 GlobalMethodSecurityConfiguration源码
GlobalMethodSecurityConfiguration
实例字段
private DefaultMethodSecurityExpressionHandler defaultMethodExpressionHandler = new DefaultMethodSecurityExpressionHandler();
private AuthenticationManager authenticationManager;
private AuthenticationManagerBuilder auth;
private boolean disableAuthenticationRegistry;
private AnnotationAttributes enableMethodSecurity;
private BeanFactory context;
private MethodSecurityExpressionHandler expressionHandler;
private MethodSecurityInterceptor methodSecurityInterceptor;
MethodSecurityInterceptor
public class MethodSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor { 省略...}
实例字段
private MethodSecurityMetadataSource securityMetadataSource;
org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource
final 修饰,包裹了一层缓存
实际执行类
org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource
实现类 MethodInterceptor
方法拦截器,拦截的入口。
继承类 AbstractSecurityInterceptor
具体拦截执行方法
子类 AspectJMethodSecurityInterceptor
org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor
唯一的一个子类,并且final 修饰。
MethodSecurityExpressionHandler
DefaultMethodSecurityExpressionHandler
总结
阅读源码的过程中发现大量使用一种代码编写模式
有知道模式名称请在评论内回复
抽象类
public abstract class AbstractSecurityInterceptor implements InitializingBean,ApplicationEventPublisherAware,MessageSourceAware
接口
public interface MethodInterceptor
实现类
public class MethodSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor
未完… 去写代码了。仿照源码逻辑实现注解 SpEL 表达式