spring security
hudongdongjava
这个作者很懒,什么都没留下…
展开
-
14、spring security拦截器之FilterSecurityInterceptor
FilterSecurityInterceptor:对需要认证的请求进行拦截,通过调用accessDecisionManager.decide(Authentication authentication, Object object,Collection configAttributes)来判断是否可以有相应的访问权限public void doFilter(ServletRequest request, ServletResponse response, FilterChain ch原创 2021-06-26 12:35:26 · 580 阅读 · 0 评论 -
13、spring security拦截器之ExceptionTranslationFilter
ExceptionTranslationFilter:异常处理,对AuthenticationException和AccessDeniedException进行处理public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletR原创 2021-06-26 12:33:12 · 557 阅读 · 0 评论 -
12、spring security拦截器之AnonymousAuthenticationFilter
AnonymousAuthenticationFilter:如果当前安全上下文的Authentication为空,则创建一个匿名的Authentication用户public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException //判断SecurityContext中的Authentication是否为空 i原创 2021-06-26 09:21:37 · 917 阅读 · 0 评论 -
11、spring security拦截器之RequestCacheAwareFilter
RequestCacheAwareFilter:从session中获取SavedRequest,如果当前请求信息和SaveRequest信息一致(一般是登录成功后重定向),则返回SavedRequestAwareWrapper的HttpServletRequest包装类,这样的话,可以获取认证失败前的请求参数等信息//获取包装类SavedRequestAwareWrapper,如果当前的request和session中SavedRequest//是一致的话,返回SavedRequestAwareWr原创 2021-06-26 09:19:47 · 800 阅读 · 0 评论 -
10、spring security拦截器之UsernamePasswordAuthenticationFilter
UsernamePasswordAuthenticationFilter:登录验证在SecurityConfig中对应:http.formLogin() //表单登录 .loginPage("/login.html") //登录页面 .loginProcessingUrl("/login") //登录的url,默认:/login .usernameParameter("username") //用户名参数名称,默认:username原创 2021-06-24 20:31:05 · 928 阅读 · 0 评论 -
9、spring security拦截器之LogoutFilter
LogoutFilter:注销过滤器,默认的url是logoutpublic void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (Ht原创 2021-06-24 20:29:22 · 473 阅读 · 0 评论 -
8、spring security拦截器之HeaderWriterFilter
HeaderWriterFilter:在请求前后写入一些header信息@Overrideprotected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { //shouldWriteHeadersEagerly:为true,则在请原创 2021-06-24 20:28:13 · 824 阅读 · 0 评论 -
7、spring security拦截器之SecurityContextPersistenceFilter
SecurityContextPersistenceFilter:创建空SecurityContext并设置到SecurityContextHolderpublic void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest原创 2021-06-24 20:27:09 · 236 阅读 · 0 评论 -
6、spring security拦截器之WebAsyncManagerIntegrationFilter
WebAsyncManagerIntegrationFilter:主要是设置了SecurityContextCallableProcessingInterceptor拦截器。该拦截器是在处理前后设置或清除SecurityContext@Overrideprotected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)原创 2021-06-24 20:26:01 · 332 阅读 · 0 评论 -
5、spring security拦截器之FilterChainProxy
FilterChainProxy是一个拦截器链路代理,它会递归去调用里面的拦截器。@Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { boolean clearContext = request.getAttribute(FILTER_APPLIED) == n原创 2021-06-24 20:24:51 · 582 阅读 · 0 评论 -
4、spring security流程解读之Filter
从第三节中我们可以知道,spring security拦截器的主入口是FilterChainProxy,默认配置的过滤器有:FilterChainProxyWebAsyncManagerIntegrationFilterSecurityContextPersistenceFilterHeaderWriterFilterLogoutFilterUsernamePasswordAuthenticationFilterRequestCacheAwareFilterSecurityC原创 2021-06-24 20:23:32 · 133 阅读 · 0 评论 -
3、spring security流程解读之WebSecurityConfiguration
使用WebSecurity创建了FilterChainProxy拦截的链路代理类,对请求进行拦截。可以通过继承WebSecurityConfigurerAdapter对其进行任意的配置@Bean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)public Filter springSecurityFilterChain() throws Exception { //判断是否有WebSecurityCo原创 2021-06-24 20:19:55 · 778 阅读 · 1 评论 -
2、spring security流程解读之自动配置类
在上一节我们介绍了怎么去使用spring security及相关配置的使用。接下来我们来看一下spring security的整个运行流程。我们使用的是springboot项目,那么springboot的特点是配置自动加载。所以我们第一步是先找到对应的spring security的自动配置类。找到spring-boot-autoconfigure jar包,查看META-INF/spring.factories文件,发现有3个和security servlet相关的自动配置 ,下面对这3个配置类进原创 2021-06-24 20:16:03 · 318 阅读 · 1 评论 -
1、简单使用
什么是spring security它是一个功能强大且高度可定制的身份认证和访问框架。简单框架搭建1、创建项目,并引入spring security依赖<parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.2.4原创 2021-06-24 20:10:40 · 177 阅读 · 0 评论