使用过spring-security的对下面的配置一定不会陌生, 1.web.xml相关配置 springSecurityFilterChain...org.springframework.web.filter.DelegatingFilterProxy springSecurityFilterChain..."/> 为什么在web.xml中会使用springSecurityFilterChain...BeanIds.SPRING_SECURITY_FILTER_CHAIN); //public static final String SPRING_SECURITY_FILTER_CHAIN = "springSecurityFilterChain..."; } 4.有了上面的讲解,详细小伙伴应该知道springSecurityFilterChain这个别名的来历了
(四)--核心过滤器源码分析》 中我们分析了 SpringSecurityFilterChain 的构成,但还有很多疑问可能没有解开: 这个 SpringSecurityFilterChain 是怎么注册到...有读者发出这样的疑问:”SpringSecurityFilterChain 的实现类到底是什么,我知道它是一个 Filter,但是在很多配置类中看到了 BeanName=SpringSecurityFilterChain...“ 我们貌似一直在配置 WebSecurity ,但没有对 SpringSecurityFilterChain 进行什么配置,WebSecurity 相关配置是怎么和 SpringSecurityFilterChain...那么本文就主要围绕 SpringSecurityFilterChain 展开我们的探索。 6.1 SpringSecurityFilterChain是怎么注册的?...的新特性,动态注册springSecurityFilterChain(实际上注册的是springSecurityFilterChain代理类) private final void registerFilter
Creates a servlet Filter as a bean named springSecurityFilterChain....Registers the Filter with a bean named springSecurityFilterChain with the Servlet container for every...不使用Spring Boot的情况下,就需要自己在web.xml文件中定义springSecurityFilterChain。... springSecurityFilterChain <...被命名为springSecurityFilterChain的FilterChainProxy会从spring context中被找出来并设置到DelegatingFilterProxy的delegate
public static final String DEFAULT_FILTER_NAME = "springSecurityFilterChain"; ......DelegatingFilterProxy对应的filterName String filterName = DEFAULT_FILTER_NAME; DelegatingFilterProxy springSecurityFilterChain...= null) { springSecurityFilterChain.setContextAttribute(contextAttribute); } //插入过滤器 registerFilter...(servletContext, true, filterName, springSecurityFilterChain); } ......) public Filter springSecurityFilterChain() throws Exception { boolean hasConfigurers = webSecurityConfigurers
@Configuration public class WebSecurityConfiguration { //DEFAULT_FILTER_NAME = "springSecurityFilterChain..." @Bean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME) public Filter springSecurityFilterChain...() throws Exception { ... } } 在未使用springboot之前,大多数人都应该对“springSecurityFilterChain”这个名词不会陌生...-- Spring Security --> springSecurityFilterChain...WebSecurityConfiguration中完成了声明springSecurityFilterChain的作用,并且最终交给DelegatingFilterProxy这个代理类,负责拦截请求(注意
-- 配置过滤器链 springSecurityFilterChain 名称固定 --> springSecurityFilterChain</filter-name...targetBeanName==null if (this.targetBeanName == null) { // targetBeanName = '<em>springSecurityFilterChain</em>...targetBeanName==null if (this.targetBeanName == null) { // targetBeanName = 'springSecurityFilterChain...} }}protected Filter initDelegate(WebApplicationContext wac) throws ServletException { // springSecurityFilterChain...= null, "No target bean name set"); // 从IoC容器中获取 springSecurityFilterChain的类型为Filter的对象 Filter
这个配置创建了一个Servlet过滤器被称为springSecurityFilterChain,它负责你的应用中所有的安全问题(保护应用程序的url,验证提交的用户名和密码,重定向到登录表单等等)。...HttpServletRequest.html#login(java.lang.String, java.lang.String) HttpServletRequest.html#logout() 下一步是注册springSecurityFilterChain...毫无疑问的是,Spring Security提供一个基类AbstractSecurityWebApplicationInitializer 确保springSecurityFilterChain被注册,...你可以在下面找到一个例子: 这个SecurityWebApplicationInitializer将做到下面这些事情: 自动为你的应用中的每个URL注册springSecurityFilterChain...例如,如果我们使用Spring MVC我们的SecurityWebApplicationInitializer可能会像下面这样: 它很简单的为我们应用中的每个URL注册了springSecurityFilterChain
-- 配置过滤器链 springSecurityFilterChain 名称固定 --> springSecurityFilterChain springSecurityFilterChain...targetBeanName==null if (this.targetBeanName == null) { // targetBeanName = 'springSecurityFilterChain...} } protected Filter initDelegate(WebApplicationContext wac) throws ServletException { // springSecurityFilterChain...= null, "No target bean name set"); // 从IoC容器中获取 springSecurityFilterChain的类型为Filter的对象 Filter
然后创建SpringSecurityFilterChain对象,并且name 等于常量 "springSecurityFilterChain" 其中springSecurityFilterChain的类型是
java FilterChainProxy chain = (FilterChainProxy) ApplicationContextHolder.getContext().getBean("springSecurityFilterChain...ApplicationContext applicationContext) throws BeansException { ctx = applicationContext; } } springSecurityFilterChain
的工作原理就会变得比较好理解了:3.1 注册DelegatingFilterProxy在非Spring Boot环境可以通过web.xml进行注册,配置如下: springSecurityFilterChain...方法时,实际上都是交给FilterChainProxy来执行,它是由Spring容器托管的bean对象,通过下面WebSecurityConfiguration配置类源码可以看到,其中定义了一个名称为“springSecurityFilterChain...@Bean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME) // "springSecurityFilterChain"public...Filter springSecurityFilterChain() throws Exception { ......WebApplicationContext wac) throws ServletException { String targetBeanName = getTargetBeanName(); // "springSecurityFilterChain
Filter的filterName,从List-8中看出,当targetBeanName为null时,会用filterName进行赋值,按List-7中的配置的话,这个targetBeanName的值就是springSecurityFilterChain...List-7 springSecurityFilterChain springSecurityFilterChain
SecurityFilterChain ,然后通过 WebSecurity 注入到 FilterChainProxy 中去,接着 FilterChainProxy 又在 WebSecurityConfiguration 中以 springSecurityFilterChain...实际上还有一个隐藏层 DelegatingFilterProxy 代理了 springSecurityFilterChain 注入到最后整个 Servlet 过滤器链中。简单画了个图; ?
--springSecurityFilterChain名词不能修改--> springSecurityFilterChain springSecurityFilterChain
这个FilterChainProxy的名称就是 WebSecurityEnablerConfiguration上的 BeanIds.SPRING_SECURITY_FILTER_CHAIN 也就是 springSecurityFilterChain...@Bean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME) public Filter springSecurityFilterChain...对于 SecurityFilterAutoConfiguration,来讲,这个被代理的Filter bean的名字为 springSecurityFilterChain , 也就是我们上面提到过的 Spring...SecurityFilterAutoConfiguration { // 要注册到 Servlet 容器的 DelegatingFilterProxy Filter的 // 目标代理Filter bean的名称 :springSecurityFilterChain...该 DelegatingFilterProxy Filter 其实是一个代理过滤器,它被 Servlet 容器用于匹配特定URL模式的请求, // 而它会将任务委托给指定给自己的名字为 springSecurityFilterChain
-- 集成Spring Security框架 --> springSecurityFilterChain springSecurityFilterChain
springSecurityFilterChain org.springframework.web.filter.DelegatingFilterProxy
而 WebSecurity 是基于 Servlet Filter 用来配置 springSecurityFilterChain 。...而 springSecurityFilterChain 又被委托给了 Spring Security 核心过滤器 Bean DelegatingFilterProxy 。
系统就跑不起来,报错如下: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain...org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain...org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain
领取专属 10元无门槛券
手把手带您无忧上云