SpringSecurity基本原理
一、基本认证流程
SpringSecurity 本质是一个过滤器链:
从启动是可以获取到过滤器链:
org.springframework.security.web.下的:
context.request.async.WebAsyncManagerIntegrationFilter
context.SecurityContextPersistenceFilter
header.HeaderWriterFilter
csrf.CsrfFilter
authentication.logout.LogoutFilter
authentication.UsernamePasswordAuthenticationFilter
authentication.ui.DefaultLoginPageGeneratingFilter
authentication.ui.DefaultLogoutPageGeneratingFilter
savedrequest.RequestCacheAwareFilter
servletapi.SecurityContextHolderAwareRequestFilter
authentication.AnonymousAuthenticationFilter
session.SessionManagementFilter
access.ExceptionTranslationFilter
access.intercept.FilterSecurityInterceptor
二、三个重要的过滤器
代码底层流程,重点看三个过滤器: