• spring security梳理


    核心服务:AuthenticationManagerUserDetailsServiceAccessDecisionManager

    The AuthenticationManager, ProviderManager and AuthenticationProvider

    AuthenticationManager是一个接口,它默认的实现类是ProviderManager,ProviderManager 并不是自己直接对请求进行验证,而是将其委派给一个AuthenticationProvider 列表。

    spring-security.xml中配置

    Web应用程序的安全性

    The Security Filter Chain

    在web.xml配置DelegatingFilterProxy。

        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy
            </filter-class>
        </filter>
    
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>

    DelegatingFilterProxy这个类本身与springsecurity无关。它的作用是充当代理,将Spring应用程序上下文中的bean委托给servlet 容器中的filter,将其关联起来。

    DelegatingFilterProxy类继承于抽象类GenericFilterBean,间接地implement 了javax.servlet.Filter接口。

    Servlet容器在启动时,首先会调用Filter的init方法。

    GenericFilterBean的作用主要是可以把Filter的初始化参数自动地set到继承于GenericFilterBean类的Filter中去。

    标准过滤器别名和顺序
    AliasFilter ClassNamespace Element or Attribute

    CHANNEL_FILTER

    ChannelProcessingFilter

    http/intercept-url@requires-channel

    SECURITY_CONTEXT_FILTER

    SecurityContextPersistenceFilter

    http

    CONCURRENT_SESSION_FILTER

    ConcurrentSessionFilter

    session-management/concurrency-control

    HEADERS_FILTER

    HeaderWriterFilter

    http/headers

    CSRF_FILTER

    CsrfFilter

    http/csrf

    LOGOUT_FILTER

    LogoutFilter

    http/logout

    X509_FILTER

    X509AuthenticationFilter

    http/x509

    PRE_AUTH_FILTER

    AbstractPreAuthenticatedProcessingFilterSubclasses

    N/A

    CAS_FILTER

    CasAuthenticationFilter

    N/A

    FORM_LOGIN_FILTER

    UsernamePasswordAuthenticationFilter

    http/form-login

    BASIC_AUTH_FILTER

    BasicAuthenticationFilter

    http/http-basic

    SERVLET_API_SUPPORT_FILTER

    SecurityContextHolderAwareRequestFilter

    http/@servlet-api-provision

    JAAS_API_SUPPORT_FILTER

    JaasApiIntegrationFilter

    http/@jaas-api-provision

    REMEMBER_ME_FILTER

    RememberMeAuthenticationFilter

    http/remember-me

    ANONYMOUS_FILTER

    AnonymousAuthenticationFilter

    http/anonymous

    SESSION_MANAGEMENT_FILTER

    SessionManagementFilter

    session-management

    EXCEPTION_TRANSLATION_FILTER

    ExceptionTranslationFilter

    http

    FILTER_SECURITY_INTERCEPTOR

    FilterSecurityInterceptor

    http

    SWITCH_USER_FILTER

    SwitchUserFilter

    N/A

  • 相关阅读:
    Windows10打印mumu模拟器日志
    简析快速排序
    数字转换为W,K,结尾,并可指定长度(仅供参考,个人测试使用。)
    简析选择排序
    简析冒泡排序
    NX二次开发 工程图创建孔表功能
    NX二次开发 建模座标和工程图座标映射
    NXOpen绝对座标值转为WCS座标值
    NX二次开发 结合包容盒快速创建WCS
    NX二次开发 数值转NXString字符
  • 原文地址:https://www.cnblogs.com/amunamuna/p/9578679.html
Copyright © 2020-2023  润新知