今天我们讲的filter是SecurityContextPersistenceFilter,通过其名字,就能大概猜出来这个过滤器的作用,就是用来持久化SecurityContext实例用的,也是spring security filter 核心的过滤器之一。
接下去我们将根据其源码分析一下其作用,先看看doFilter这个方法
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)res;
if (request.getAttribute("__spring_security_scpf_applied") != null) {
chain.doFilter(request, response);
} else {
boolean debug = this.logger.isDebugEnabled();
request.setAttribute("__spring_security_scpf_applied", Boolean.TRUE);
if (this.forceEagerSessionCreation) {
HttpSession session = request.getSession();
if (debug && session.isNew()) {
this.logger.debug("Eagerly created session: " + session.getId());
}
}
// 包装 request ,response
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
// 从session中获取安全上下文信息
SecurityContext contextBeforeChainExecution = this.repo.loadC