filters预览
那么spring security有哪些filter呢?
SecurityFilters.java定义了默认的filter及其顺序:
FIRST (Integer.MIN_VALUE), CHANNEL_FILTER, SECURITY_CONTEXT_FILTER, CONCURRENT_SESSION_FILTER, /** {@link WebAsyncManagerIntegrationFilter} */ WEB_ASYNC_MANAGER_FILTER, HEADERS_FILTER, CSRF_FILTER, LOGOUT_FILTER, X509_FILTER, PRE_AUTH_FILTER, CAS_FILTER, FORM_LOGIN_FILTER, OPENID_FILTER, LOGIN_PAGE_FILTER, DIGEST_AUTH_FILTER, BASIC_AUTH_FILTER, REQUEST_CACHE_FILTER, SERVLET_API_SUPPORT_FILTER, JAAS_API_SUPPORT_FILTER, REMEMBER_ME_FILTER, ANONYMOUS_FILTER, SESSION_MANAGEMENT_FILTER, EXCEPTION_TRANSLATION_FILTER, FILTER_SECURITY_INTERCEPTOR, SWITCH_USER_FILTER, LAST (Integer.MAX_VALUE); private static final int INTERVAL = 100;
附上默认的过滤器顺序列表
order 过滤器名称
100
ChannelProcessingFilter200
ConcurrentSessionFilter300
SecurityContextPersistenceFilter400
LogoutFilter500
X509AuthenticationFilter600
RequestHeaderAuthenticationFilter700
CasAuthenticationFilter800
UsernamePasswordAuthenticationFilter900
OpenIDAuthenticationFilter1000
DefaultLoginPageGeneratingFilter1100
DigestAuthenticationFilter1200
BasicAuthenticationFilter1300
RequestCacheAwareFilter1400
SecurityContextHolderAwareRequestFilter1500
RememberMeAuthenticationFilter1600
AnonymousAuthenticationFilter1700
SessionManagementFilter1800
ExceptionTranslationFilter1900
FilterSecurityInterceptor2000
SwitchUserFilter
默认filter的创建
有三个重要的与排序相关的类及枚举,分别是OrderDecorator、OrderComparator以及SecurityFilters枚举
OrderComparator类的路径是org.springframework.core.OrderComparator,实际上是spring core包的一个比较器。
1.由SecurityFilters维持位置order
2.由OrderDecorator维持filter与order的对应关系
3.由OrderComparator负责比较OrderDecorator的先后顺序