SpringSecurity源码分析(二) SpringBoot集成SpringSecurity即Spring安全框架的执行过程

已于 2023-02-23 20:54:12 修改
阅读量399 收藏 1
点赞数
分类专栏: SpringSecurity 文章标签: spring boot spring java
于 2023-02-23 20:26:05 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/xl649138628/article/details/129110340
版权

    在上一篇文章中我们描述了SpringSecurity的执行过程。我们我们了解到了以下内容

在SpringSecurity框架中有三个非常核心的类和接口,分别是

            1.SecurityFilterChain接口

            2.FilterChainProxy类

            3.DelegatingFilterProxy类

springboot项目中,客户端向Tomcat 服务器发起请求。因为Tomcat的源码不再本次文章的讨论范围之内。以下部分内容复制了其他老师的流程图

四大容器的作用:

Engine:可以处理Tomcat所接收到所有请求,不管这些请求是请求哪个应用或哪个Servlet的。

Host:可以处理某个特定域名的所有请求

Context:可以处理某个应用的所有请求

Wrapper:可以处理某个Servlet的所有请求

在这里插入图片描述

 在上面的流程图中我们从Wrapper包装器开发分析。

该Wrapper类实际上是StandardWrapperValve类。在请求的执行过程中调用了StandardWrapperValve类中的invoke方法。

在该方法内部

    public final void invoke(Request request, Response response)
        throws IOException, ServletException {

        // Initialize local variables we may need
        boolean unavailable = false;
        Throwable throwable = null;
        // This should be a Request attribute...
        long t1=System.currentTimeMillis();
        requestCount.incrementAndGet();
        StandardWrapper wrapper = (StandardWrapper) getContainer();
        Servlet servlet = null;
        Context context = (Context) wrapper.getParent();

        // Check for the application being marked unavailable
        if (!context.getState().isAvailable()) {
            response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE,
                           sm.getString("standardContext.isUnavailable"));
            unavailable = true;
        }

        // Check for the servlet being marked unavailable
        if (!unavailable && wrapper.isUnavailable()) {
            container.getLogger().info(sm.getString("standardWrapper.isUnavailable",
                    wrapper.getName()));
            long available = wrapper.getAvailable();
            if ((available > 0L) && (available < Long.MAX_VALUE)) {
                response.setDateHeader("Retry-After", available);
                response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE,
                        sm.getString("standardWrapper.isUnavailable",
                                wrapper.getName()));
            } else if (available == Long.MAX_VALUE) {
                response.sendError(HttpServletResponse.SC_NOT_FOUND,
                        sm.getString("standardWrapper.notFound",
                                wrapper.getName()));
            }
            unavailable = true;
        }

        // Allocate a servlet instance to process this request
        try {
            if (!unavailable) {
                //获取servlet,实际上获取到的是DispatcherServlet
                servlet = wrapper.allocate();
            }
        } catch (UnavailableException e) {
            container.getLogger().error(
                    sm.getString("standardWrapper.allocateException",
                            wrapper.getName()), e);
            long available = wrapper.getAvailable();
            if ((available > 0L) && (available < Long.MAX_VALUE)) {
                response.setDateHeader("Retry-After", available);
                response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE,
                           sm.getString("standardWrapper.isUnavailable",
                                        wrapper.getName()));
            } else if (available == Long.MAX_VALUE) {
                response.sendError(HttpServletResponse.SC_NOT_FOUND,
                           sm.getString("standardWrapper.notFound",
                                        wrapper.getName()));
            }
        } catch (ServletException e) {
            container.getLogger().error(sm.getString("standardWrapper.allocateException",
                             wrapper.getName()), StandardWrapper.getRootCause(e));
            throwable = e;
            exception(request, response, e);
        } catch (Throwable e) {
            ExceptionUtils.handleThrowable(e);
            container.getLogger().error(sm.getString("standardWrapper.allocateException",
                             wrapper.getName()), e);
            throwable = e;
            exception(request, response, e);
            servlet = null;
        }

        MessageBytes requestPathMB = request.getRequestPathMB();
        DispatcherType dispatcherType = DispatcherType.REQUEST;
        if (request.getDispatcherType()==DispatcherType.ASYNC) dispatcherType = DispatcherType.ASYNC;
        request.setAttribute(Globals.DISPATCHER_TYPE_ATTR,dispatcherType);
        request.setAttribute(Globals.DISPATCHER_REQUEST_PATH_ATTR,
                requestPathMB);
        // Create the filter chain for this request
        //创建请求的过滤器链
        ApplicationFilterChain filterChain =
                ApplicationFilterFactory.createFilterChain(request, wrapper, servlet);

        // Call the filter chain for this request
        // NOTE: This also calls the servlet's service() method
        try {
            if ((servlet != null) && (filterChain != null)) {
                // Swallow output if needed
                if (context.getSwallowOutput()) {
                    try {
                        SystemLogHandler.startCapture();
                        if (request.isAsyncDispatching()) {
                            request.getAsyncContextInternal().doInternalDispatch();
                        } else {
                            filterChain.doFilter(request.getRequest(),
                                    response.getResponse());
                        }
                    } finally {
                        String log = SystemLogHandler.stopCapture();
                        if (log != null && log.length() > 0) {
                            context.getLogger().info(log);
                        }
                    }
                } else {
                    if (request.isAsyncDispatching()) {
                        request.getAsyncContextInternal().doInternalDispatch();
                    } else {
                        filterChain.doFilter
                            (request.getRequest(), response.getResponse());
                    }
                }

            }
        } catch (ClientAbortException e) {
            throwable = e;
            exception(request, response, e);
        } catch (IOException e) {
            container.getLogger().error(sm.getString(
                    "standardWrapper.serviceException", wrapper.getName(),
                    context.getName()), e);
            throwable = e;
            exception(request, response, e);
        } catch (UnavailableException e) {
            container.getLogger().error(sm.getString(
                    "standardWrapper.serviceException", wrapper.getName(),
                    context.getName()), e);
            //            throwable = e;
            //            exception(request, response, e);
            wrapper.unavailable(e);
            long available = wrapper.getAvailable();
            if ((available > 0L) && (available < Long.MAX_VALUE)) {
                response.setDateHeader("Retry-After", available);
                response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE,
                           sm.getString("standardWrapper.isUnavailable",
                                        wrapper.getName()));
            } else if (available == Long.MAX_VALUE) {
                response.sendError(HttpServletResponse.SC_NOT_FOUND,
                            sm.getString("standardWrapper.notFound",
                                        wrapper.getName()));
            }
            // Do not save exception in 'throwable', because we
            // do not want to do exception(request, response, e) processing
        } catch (ServletException e) {
            Throwable rootCause = StandardWrapper.getRootCause(e);
            if (!(rootCause instanceof ClientAbortException)) {
                container.getLogger().error(sm.getString(
                        "standardWrapper.serviceExceptionRoot",
                        wrapper.getName(), context.getName(), e.getMessage()),
                        rootCause);
            }
            throwable = e;
            exception(request, response, e);
        } catch (Throwable e) {
            ExceptionUtils.handleThrowable(e);
            container.getLogger().error(sm.getString(
                    "standardWrapper.serviceException", wrapper.getName(),
                    context.getName()), e);
            throwable = e;
            exception(request, response, e);
        }

        // Release the filter chain (if any) for this request
        if (filterChain != null) {
            filterChain.release();
        }

        // Deallocate the allocated servlet instance
        try {
            if (servlet != null) {
                wrapper.deallocate(servlet);
            }
        } catch (Throwable e) {
            ExceptionUtils.handleThrowable(e);
            container.getLogger().error(sm.getString("standardWrapper.deallocateException",
                             wrapper.getName()), e);
            if (throwable == null) {
                throwable = e;
                exception(request, response, e);
            }
        }

创建拦截器链

    public static ApplicationFilterChain createFilterChain(ServletRequest request,
            Wrapper wrapper, Servlet servlet) {

        // If there is no servlet to execute, return null
        if (servlet == null)
            return null;

        // Create and initialize a filter chain object
        ApplicationFilterChain filterChain = null;
        if (request instanceof Request) {
            Request req = (Request) request;
            if (Globals.IS_SECURITY_ENABLED) {
                // Security: Do not recycle
                filterChain = new ApplicationFilterChain();
            } else {
                filterChain = (ApplicationFilterChain) req.getFilterChain();
                if (filterChain == null) {
                    filterChain = new ApplicationFilterChain();
                    req.setFilterChain(filterChain);
                }
            }
        } else {
            // Request dispatcher in use
            filterChain = new ApplicationFilterChain();
        }

        filterChain.setServlet(servlet);
        filterChain.setServletSupportsAsync(wrapper.isAsyncSupported());

        // Acquire the filter mappings for this Context
        StandardContext context = (StandardContext) wrapper.getParent();
        //重点关注此处,获取在上一篇文章中的filterMaps属性
        FilterMap filterMaps[] = context.findFilterMaps();

        // If there are no filter mappings, we are done
        if ((filterMaps == null) || (filterMaps.length == 0))
            return (filterChain);

        // Acquire the information we will need to match filter mappings
        DispatcherType dispatcher =
                (DispatcherType) request.getAttribute(Globals.DISPATCHER_TYPE_ATTR);

        String requestPath = null;
        Object attribute = request.getAttribute(Globals.DISPATCHER_REQUEST_PATH_ATTR);
        if (attribute != null){
            requestPath = attribute.toString();
        }

        String servletName = wrapper.getName();

        // Add the relevant path-mapped filters to this filter chain
        for (int i = 0; i < filterMaps.length; i++) {
            if (!matchDispatcher(filterMaps[i] ,dispatcher)) {
                continue;
            }
            if (!matchFiltersURL(filterMaps[i], requestPath))
                continue;
            //获取拦截器配置,重点关注此处
            ApplicationFilterConfig filterConfig = (ApplicationFilterConfig)
                context.findFilterConfig(filterMaps[i].getFilterName());
            if (filterConfig == null) {
                // FIXME - log configuration problem
                continue;
            }
            filterChain.addFilter(filterConfig);
        }

        // Add filters that match on servlet name second
        for (int i = 0; i < filterMaps.length; i++) {
            if (!matchDispatcher(filterMaps[i] ,dispatcher)) {
                continue;
            }
            if (!matchFiltersServlet(filterMaps[i], servletName))
                continue;
            ApplicationFilterConfig filterConfig = (ApplicationFilterConfig)
                context.findFilterConfig(filterMaps[i].getFilterName());
            if (filterConfig == null) {
                // FIXME - log configuration problem
                continue;
            }
            filterChain.addFilter(filterConfig);
        }

        // Return the completed filter chain
        return filterChain;
    }

 在上面的代码中分析ApplicationFilterConfig filterConfig = (ApplicationFilterConfig)
                context.findFilterConfig(filterMaps[i].getFilterName());

在该代码中获取filterConfigs属性中的值,该属性中的值实在StandardContext中startInternal方法中调用的filterStart方法赋值进去的,该该方法中循环filterDefs属性(上一篇有交代其赋值过程),

生成ApplicationFilterConfig对象并对filterConfigs赋值,赋值的内容是name = "springSecurityFilterChain",value为ApplicationFilterConfig且其filter属性是DelegatingFilterProxyRegistrationBean类型的对象。

public boolean filterStart() {

        if (getLogger().isDebugEnabled()) {
            getLogger().debug("Starting filters");
        }
        // Instantiate and record a FilterConfig for each defined filter
        boolean ok = true;
        synchronized (filterConfigs) {
            filterConfigs.clear();
            for (Entry<String,FilterDef> entry : filterDefs.entrySet()) {
                String name = entry.getKey();
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug(" Starting filter '" + name + "'");
                }
                try {
                    ApplicationFilterConfig filterConfig =
                            new ApplicationFilterConfig(this, entry.getValue());
                    //重点关注此处
                    filterConfigs.put(name, filterConfig);
                } catch (Throwable t) {
                    t = ExceptionUtils.unwrapInvocationTargetException(t);
                    ExceptionUtils.handleThrowable(t);
                    getLogger().error(sm.getString(
                            "standardContext.filterStart", name), t);
                    ok = false;
                }
            }
        }

        return ok;
    }

    ApplicationFilterConfig(Context context, FilterDef filterDef)
            throws ClassCastException, ClassNotFoundException, IllegalAccessException,
            InstantiationException, ServletException, InvocationTargetException, NamingException,
            IllegalArgumentException, NoSuchMethodException, SecurityException {

        super();

        this.context = context;
        this.filterDef = filterDef;
        // Allocate a new filter instance if necessary
        if (filterDef.getFilter() == null) {
            getFilter();
        } else {
            this.filter = filterDef.getFilter();
            getInstanceManager().newInstance(filter);
            initFilter();
        }
    }

通过以下方法filterChain.doFilter (request.getRequest(), response.getResponse());调用拦截器。

    @Override
    public void doFilter(ServletRequest request, ServletResponse response)
        throws IOException, ServletException {

        if( Globals.IS_SECURITY_ENABLED ) {
            final ServletRequest req = request;
            final ServletResponse res = response;
            try {
                java.security.AccessController.doPrivileged(
                    new java.security.PrivilegedExceptionAction<Void>() {
                        @Override
                        public Void run()
                            throws ServletException, IOException {
                            internalDoFilter(req,res);
                            return null;
                        }
                    }
                );
            } catch( PrivilegedActionException pe) {
                Exception e = pe.getException();
                if (e instanceof ServletException)
                    throw (ServletException) e;
                else if (e instanceof IOException)
                    throw (IOException) e;
                else if (e instanceof RuntimeException)
                    throw (RuntimeException) e;
                else
                    throw new ServletException(e.getMessage(), e);
            }
        } else {
            internalDoFilter(request,response);
        }
    }

 分析其调用的internalDoFilter方法。在该方法中可以看到

1.Filter filter = filterConfig.getFilter(); 获取拦截器

2.filter.doFilter(request, response, this);调用拦截器

3.servlet.service(request, response);执行DispatcherServlet的service方法,真正的请求调用。

在方法1中filterConfig.getFilter()获取到的过滤器,

    private void internalDoFilter(ServletRequest request,
                                  ServletResponse response)
        throws IOException, ServletException {

        // Call the next filter if there is one
        if (pos < n) {
            ApplicationFilterConfig filterConfig = filters[pos++];
            try {
                Filter filter = filterConfig.getFilter();

                if (request.isAsyncSupported() && "false".equalsIgnoreCase(
                        filterConfig.getFilterDef().getAsyncSupported())) {
                    request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR, Boolean.FALSE);
                }
                if( Globals.IS_SECURITY_ENABLED ) {
                    final ServletRequest req = request;
                    final ServletResponse res = response;
                    Principal principal =
                        ((HttpServletRequest) req).getUserPrincipal();

                    Object[] args = new Object[]{req, res, this};
                    SecurityUtil.doAsPrivilege ("doFilter", filter, classType, args, principal);
                } else {
                    filter.doFilter(request, response, this);
                }
            } catch (IOException | ServletException | RuntimeException e) {
                throw e;
            } catch (Throwable e) {
                e = ExceptionUtils.unwrapInvocationTargetException(e);
                ExceptionUtils.handleThrowable(e);
                throw new ServletException(sm.getString("filterChain.filter"), e);
            }
            return;
        }

        // We fell off the end of the chain -- call the servlet instance
        try {
            if (ApplicationDispatcher.WRAP_SAME_OBJECT) {
                lastServicedRequest.set(request);
                lastServicedResponse.set(response);
            }

            if (request.isAsyncSupported() && !servletSupportsAsync) {
                request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR,
                        Boolean.FALSE);
            }
            // Use potentially wrapped request from this point
            if ((request instanceof HttpServletRequest) &&
                    (response instanceof HttpServletResponse) &&
                    Globals.IS_SECURITY_ENABLED ) {
                final ServletRequest req = request;
                final ServletResponse res = response;
                Principal principal =
                    ((HttpServletRequest) req).getUserPrincipal();
                Object[] args = new Object[]{req, res};
                SecurityUtil.doAsPrivilege("service",
                                           servlet,
                                           classTypeUsedInService,
                                           args,
                                           principal);
            } else {
                servlet.service(request, response);
            }
        } catch (IOException | ServletException | RuntimeException e) {
            throw e;
        } catch (Throwable e) {
            e = ExceptionUtils.unwrapInvocationTargetException(e);
            ExceptionUtils.handleThrowable(e);
            throw new ServletException(sm.getString("filterChain.servlet"), e);
        } finally {
            if (ApplicationDispatcher.WRAP_SAME_OBJECT) {
                lastServicedRequest.set(null);
                lastServicedResponse.set(null);
            }
        }
    }

在该方法中通过filterDef.getFilterClass()获取到上一篇中设置的filterClass即springSecurityFilterChain,又通过newInstance的到

    Filter getFilter() throws ClassCastException, ClassNotFoundException, IllegalAccessException,
            InstantiationException, ServletException, InvocationTargetException, NamingException,
            IllegalArgumentException, NoSuchMethodException, SecurityException {

        // Return the existing filter instance, if any
        if (this.filter != null)
            return (this.filter);

        // Identify the class loader we will be using
        String filterClass = filterDef.getFilterClass();
        this.filter = (Filter) getInstanceManager().newInstance(filterClass);

        initFilter();

        return (this.filter);

    }

在下面的源码中获取FilterChainProxy对象并调用该对象的里的doFIlter方法。

	public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
			throws ServletException, IOException {

		// Lazily initialize the delegate if necessary.
		Filter delegateToUse = this.delegate;
		if (delegateToUse == null) {
			synchronized (this.delegateMonitor) {
				delegateToUse = this.delegate;
				if (delegateToUse == null) {
					WebApplicationContext wac = findWebApplicationContext();
					if (wac == null) {
						throw new IllegalStateException("No WebApplicationContext found: " +
								"no ContextLoaderListener or DispatcherServlet registered?");
					}
					delegateToUse = initDelegate(wac);
				}
				this.delegate = delegateToUse;
			}
		}

		// Let the delegate perform the actual doFilter operation.
		invokeDelegate(delegateToUse, request, response, filterChain);
	}

 该段代码通过targetBeanName 获取到bean对象,targetName是springSecurityFilterChain,该beanName对应的类型是FilterChainProxy 。

	protected Filter initDelegate(WebApplicationContext wac) throws ServletException {
		String targetBeanName = getTargetBeanName();
		Assert.state(targetBeanName != null, "No target bean name set");
		Filter delegate = wac.getBean(targetBeanName, Filter.class);
		if (isTargetFilterLifecycle()) {
			delegate.init(getFilterConfig());
		}
		return delegate;
	}

调用doFilter方法

	protected void invokeDelegate(
			Filter delegate, ServletRequest request, ServletResponse response, FilterChain filterChain)
			throws ServletException, IOException {

		delegate.doFilter(request, response, filterChain);
	}

 以下是FilterChainProxy类里的doFilter方法。

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		boolean clearContext = request.getAttribute(FILTER_APPLIED) == null;
		if (clearContext) {
			try {
				request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
				doFilterInternal(request, response, chain);
			}
			finally {
				SecurityContextHolder.clearContext();
				request.removeAttribute(FILTER_APPLIED);
			}
		}
		else {
            //重点关注此处代码
			doFilterInternal(request, response, chain);
		}
	}
	private void doFilterInternal(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {

		FirewalledRequest fwRequest = firewall
				.getFirewalledRequest((HttpServletRequest) request);
		HttpServletResponse fwResponse = firewall
				.getFirewalledResponse((HttpServletResponse) response);

		List<Filter> filters = getFilters(fwRequest);

		if (filters == null || filters.size() == 0) {
			if (logger.isDebugEnabled()) {
				logger.debug(UrlUtils.buildRequestUrl(fwRequest)
						+ (filters == null ? " has no matching filters"
								: " has an empty filter list"));
			}

			fwRequest.reset();

			chain.doFilter(fwRequest, fwResponse);

			return;
		}

		VirtualFilterChain vfc = new VirtualFilterChain(fwRequest, chain, filters);
		vfc.doFilter(fwRequest, fwResponse);
	}

分析上面的doFilterInternal里的源码。

 在List<Filter> filters = getFilters(fwRequest),源码见下面,该方法的作用是

 1.获取到了filterChains属性,该属性是在上文分析在performBuild里的通过FilterChainProxy filterChainProxy = new FilterChainProxy(securityFilterChains);方法获取的所有的继承了WebSecurityConfigurerAdapter类的类。

2.循环filterChains属性,通过chain.getFilters()获取到了WebSecurityConfigurerAdapter通过addFilter addFilterBefore addFilterAfter添加的客户自定义的过滤器

	private List<Filter> getFilters(HttpServletRequest request) {
		for (SecurityFilterChain chain : filterChains) {
			if (chain.matches(request)) {
				return chain.getFilters();
			}
		}

		return null;
	}

调用VirtualFilterChain类里的doFilter方法。nextFilter.doFilter(request, response, this);方法调用了下一个过滤器的doFilter方法。这样就重复调用VirtualFilterChain里的doFilter方法直至所有的过滤器方法执行完成。

		public void doFilter(ServletRequest request, ServletResponse response)
				throws IOException, ServletException {
			if (currentPosition == size) {
				if (logger.isDebugEnabled()) {
					logger.debug(UrlUtils.buildRequestUrl(firewalledRequest)
							+ " reached end of additional filter chain; proceeding with original chain");
				}

				// Deactivate path stripping as we exit the security filter chain
				this.firewalledRequest.reset();

				originalChain.doFilter(request, response);
			}
			else {
				currentPosition++;

				Filter nextFilter = additionalFilters.get(currentPosition - 1);

				if (logger.isDebugEnabled()) {
					logger.debug(UrlUtils.buildRequestUrl(firewalledRequest)
							+ " at position " + currentPosition + " of " + size
							+ " in additional filter chain; firing Filter: '"
							+ nextFilter.getClass().getSimpleName() + "'");
				}

				nextFilter.doFilter(request, response, this);
			}
		}
	}

xl649138628
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
spring-boot-study:SpringBoot框架源码实战(已更新到springboot2版本实现)〜基本用法,Rest,Controller,事件监听,连接数据库MySQL,jpa,redis集成,mybatis集成(声明式与xml两种方式〜对应的添删查改功能),日志处理,devtools配置,拦截器用法,资源配置读取,测试集成,网络层实现请求映射,安全安全验证,rabbitMq集成,kafka集成,分布式id生成器等。实战:https:github.comhemin1003yfax-pare
01-29
如何与springboot集成 如何建立连接,发送不同消息数据类型 如何订阅,且消费不同消息数据类型 场景案例分析 介绍Springboot2【@scheduled定时器】的用法: 定时器计划用法介绍 开启并行多线程任务两种方式 场景案例...
基于 Spring Boot 框架的人事管理系统的设计与实现 完整论文 +代码+毕设 +ppt
02-03
本设计在技术方面采用了较前沿的技术,应用端基于 Java EE 体系中开源应用框架 Spring Boot(集成 IOC, MVC, ORM),Spring Security (安全框架),内嵌 Tomcat 服务器;前端基于 JavaScript 的渐进式框架 Vue.js;页面设计...
spring security-源码流程分析
luoxiaomei999的博客
03-28 1467
spring security经常在项目中用到,但是平常只是简单的使用肯定是不够的,我们需要了解深层次的东西,才能在使用的过程中不畏惧,本次打算从demo入手,跟踪源码,剖析security内在 一、过滤器链的加载过程 上一篇文章跟踪源码流程,我们看到创建了httpSecurty,本文重点关注过滤器的加入过程 1、http.csrf() 2、addFilter(new WebAsyncManagerIntegrationFilter()) 直接添加过滤器 。。。 加载的所有配置通过下面方法进行过滤.
SpringSecurity 依据用户请求过程进行源码解析
weixin_34352005的博客
09-25 104
SpringSecurity实现安全管理主要通过滤器(filter)、验证器(AuthenticationManager)、用户数据提供器(ProviderManager)、授权器(accessDecisionManager)、投票器(AccessDecisionVoter)这几个基本模块协作完成的。大概分为两个部分 用户验证 和授权 这个两个部分。这个部分主要在Authenticatio...
SpringBoot整合SpringSecurity(附源码
Nicer_feng's blog
10-20 599
在前几篇博客里,我们对于SpringBoot框架的项目中的认证还是采用最朴素的拦截器来实现的,那SpringBoot这么高级,就没有什么成熟的解决方案吗?有的,Spring Security,今天我们就来认识Spring Security,再配上一个demo加深理解。
SpringSecurity源码分析(一) SpringBoot集成SpringSecuritySpring安全框架的加载过程
xl649138628的专栏
02-19 1303
SpringSecurity源码学习,本文主要讲述Spring安全框架的加载过程
tomcat 9.0源码分析之NioEndpoint(三)——CoyoteAdapter调用HttpServlet的流程
lzf的博客
07-10 603
CoyoteAdapter调用container,将请求传入servlet容器中 public void service(org.apache.coyote.Request req, org.apache.coyote.Response res) throws Exception { Request request = (Request) re...
SpringSecurity请求分发执行流程源码深入刨析
户伟伟的博客
09-21 78
SpringSecurity请求发过来先到哪里?具体怎么处理的?一文搞清楚。
SpringSecurity源码解析
zjl1638908711的博客
10-21 1421
SpringSecurity源码浅解析
SpringSecurity异常处理源码解析
HHoao的博客
05-03 713
SpringSecurity异常处理源码解析 异常处理主要是由ExceptionTranslationFilter完成的,而ExceptionTranslationFilter是由ExceptionHandlingConfigurer配置的,所以我们从ExceptionHandlingConfigurer开始解析 我们首先看ExceptionHandlingConfigurer的configure(Httpsecurity security)方法: @Override public void configu
Java毕业设计-基于VUE和SpringBoot的前后端分离药房商品后台管理系统+前台售卖系统(源码+数据库).zip文件
01-14
基于Spring Boot的药店药品销售管理系统可以包含...在实现过程中,你可以使用Spring Boot框架提供的特性和库,如Spring Security实现用户认证和授权,Spring Data JPA实现数据访问层,Thymeleaf实现前端页面渲染等。
SpringBoot项目基于SpringBoot的CSGO赛事管理系统.zip
04-15
系统采用模块化设计,以SpringBoot作为核心框架,结合了Spring MVC、Spring Data JPA、Spring Security等子项目,实现了数据的快速处理安全控制。前端界面可能采用了AngularJS、React或Vue.js等现代JavaScript框架...
SpringBoot项目基于springboot搭建的疫情管理系统.zip
04-14
系统还可能整合Spring Security来实现安全认证和授权。 为了提高系统的可用性和性能,可能会采用微服务架构、容器化部署(如Docker)、负载均衡、缓存策略等先进的技术手段。同时,系统还可能集成第三方服务,例如...
Spring Boot应用部署 - JAR包Docker部署
闫小甲的专栏
04-28 784
要使用Docker部署Spring Boot应用,需要创建一个Dockerfile来定义如何构建Docker镜像,并且可能还需要在Maven构建脚本中集成Docker插件以简化构建过程
基于 Spring Boot 博客系统开发(五)
呆萌很的博客
04-29 1040
接下来,你需要在Spring MVC的配置中注册这个拦截器。如果你使用的是Java配置,可以通过实现WebMvcConfigurer接口来完成。在这个类中,你可以重写preHandle方法来执行登录检查。修改 header 登录、退出、后台管理的访问 URL,这里需要工具类 LoginUtils 处理登录和退出是否显示。是Spring MVC提供的一种机制,它允许你在请求处理之前或之后执行一些逻辑,比如检查用户是否已登录。登录成功可以访问后台首页,控制器AdminController.java
Spring MVC、Spring BootSpring Cloud 三者区别和联系
qq_40664711的博客
04-29 995
近期在做系统重构的项目工作,在跟开发沟通对接过程中,经常听到他们讲开发框架Spring MVC、Spring BootSpring Cloud,故对这三者进行一些学习了解,下面我针对由来、作用与关联等方面,来总结一下我学习成果。
Spring Boot 统一数据返回格式:优化前后端开发协作的利器
良月柒
04-29 487
通过本文的介绍,我们了解了Spring Boot中统一数据返回格式的重要性,以及如何设计和处理统一的数据返回格式。统一的数据返回格式可以使得接口返回的数据格式规范、统一、易于理解和处理,提高了前后端开发的效率和协作效果。希望本文能够帮助你更好地理解和应用Spring Boot中的统一数据返回格式。
Spring Boot的热部署工具“AND”Swagger测试工具
最新发布
闲来垂钓碧溪上的博客
04-30 350
指的是在项目无需重启的情况下,只需要刷新页面,即可获得已经修改的样式或功能。要注意该工具一般用于开发环境,在生产环境中最好不要添加这个工具。对于无需重启便可刷新这么方便的工具,在项目中该如何使用:在spring boot 项目中使用工具的方法就是引入相关依赖,热部署工具的依赖如下:
基于Spring Boot的外卖点餐系统设计与实现
wudixiuluo的博客
04-29 1204
随着科学技术的飞速发展,各行各业都在努力与现代先进技术接轨,通过科技手段提高自身的优势社会的发展和科学技术的进步,互联网技术越来越受欢迎。网络计算机的生活方式逐渐受到广大人民群众的喜爱,也逐渐进入了每个用户的使用。互联网具有便利性,速度快,效率高,成本低等优点。因此,构建符合自己要求的操作系统是非常有意义的。本文从用户的功能要求出发,建立了外卖点餐系统 ,系统中的功能模块主要是实现管理员;
springboot集成springSecurity
05-10
Spring Security 是一个基于 Spring安全框架,提供了一组完整的安全性功能,包括身份验证、授权、防止 CSRF 攻击等等。Spring Boot 基于 Spring,自然也集成Spring Security。下面是 Spring Boot 集成 Spring ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值