• spring security梳理


    核心服务:AuthenticationManagerUserDetailsServiceAccessDecisionManager

    The AuthenticationManager, ProviderManager and AuthenticationProvider

    AuthenticationManager是一个接口,它默认的实现类是ProviderManager,ProviderManager 并不是自己直接对请求进行验证,而是将其委派给一个AuthenticationProvider 列表。

    spring-security.xml中配置

    Web应用程序的安全性

    The Security Filter Chain

    在web.xml配置DelegatingFilterProxy。

        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy
            </filter-class>
        </filter>
    
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>

    DelegatingFilterProxy这个类本身与springsecurity无关。它的作用是充当代理,将Spring应用程序上下文中的bean委托给servlet 容器中的filter,将其关联起来。

    DelegatingFilterProxy类继承于抽象类GenericFilterBean,间接地implement 了javax.servlet.Filter接口。

    Servlet容器在启动时,首先会调用Filter的init方法。

    GenericFilterBean的作用主要是可以把Filter的初始化参数自动地set到继承于GenericFilterBean类的Filter中去。

    标准过滤器别名和顺序
    AliasFilter ClassNamespace Element or Attribute

    CHANNEL_FILTER

    ChannelProcessingFilter

    http/intercept-url@requires-channel

    SECURITY_CONTEXT_FILTER

    SecurityContextPersistenceFilter

    http

    CONCURRENT_SESSION_FILTER

    ConcurrentSessionFilter

    session-management/concurrency-control

    HEADERS_FILTER

    HeaderWriterFilter

    http/headers

    CSRF_FILTER

    CsrfFilter

    http/csrf

    LOGOUT_FILTER

    LogoutFilter

    http/logout

    X509_FILTER

    X509AuthenticationFilter

    http/x509

    PRE_AUTH_FILTER

    AbstractPreAuthenticatedProcessingFilterSubclasses

    N/A

    CAS_FILTER

    CasAuthenticationFilter

    N/A

    FORM_LOGIN_FILTER

    UsernamePasswordAuthenticationFilter

    http/form-login

    BASIC_AUTH_FILTER

    BasicAuthenticationFilter

    http/http-basic

    SERVLET_API_SUPPORT_FILTER

    SecurityContextHolderAwareRequestFilter

    http/@servlet-api-provision

    JAAS_API_SUPPORT_FILTER

    JaasApiIntegrationFilter

    http/@jaas-api-provision

    REMEMBER_ME_FILTER

    RememberMeAuthenticationFilter

    http/remember-me

    ANONYMOUS_FILTER

    AnonymousAuthenticationFilter

    http/anonymous

    SESSION_MANAGEMENT_FILTER

    SessionManagementFilter

    session-management

    EXCEPTION_TRANSLATION_FILTER

    ExceptionTranslationFilter

    http

    FILTER_SECURITY_INTERCEPTOR

    FilterSecurityInterceptor

    http

    SWITCH_USER_FILTER

    SwitchUserFilter

    N/A

  • 相关阅读:
    C#项目完成PDF文件增加印章操作可指定印章位置
    webBrowser1加载本地文件
    转义示例
    动态调用WebService服务
    C#调用WSDL接口
    VS 控件命名规范
    正则判断是否是数字
    怎么让 arcgis 4 弹出窗 漂亮 支持多个弹出窗 支持vue或者react
    关于arcgis 会主动添加https头的问题
    arcgis 4 整合 d3 实现动画
  • 原文地址:https://www.cnblogs.com/amunamuna/p/9578679.html
Copyright © 2020-2023  润新知