SecurityContextPersistenceFilter(安全上下文持久化)
默认到Session里面搂数据,搂到数据再塞入SecurityContextHolder,
此时SecurityContextHolder里面有数据,再调用filterchain内部的其他filter,其他filter也会处理这个SecurityContextHolder
数据存入SecurityContextHolder是一次性的,本次请求结束SecurityContextHolder里面的数据就会丢失,
所以本filter在filterchain执行结束之后,会从SecurityContextHolder对应的threadLocal里面取出context,存入httpsession,同时清空threadLocal(防内存泄漏)
httpsession默认是会持久化(有超时时间),所以只要浏览器cookie里面有jsessionid,哪怕服务器重启,登陆状态也不会丢失
//doFilter方法
if (request.getAttribute(FILTER_APPLIED) != null) {
// ensure that filter is only applied once per request
chain.doFilter(request, response);
return;
}
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,response);
//获取安全上下文
SecurityContext contextBeforeChainExecution = repo.loadContext(ho