跳至主要內容

Spring Security

zzz小于 1 分钟后端SpringSpring Security

介绍

针对spring3.x以xml方式集成security

配置文件

<sec:http access-decision-manager-ref="accessDecisionManager" auto-config="true" entry-point-ref="authenticationEntryPoint">
		<sec:logout />
		<sec:anonymous granted-authority="A_ANONYMOUS" />
		<sec:custom-filter ref="authenticationFilter" before="FORM_LOGIN_FILTER"/>
		<sec:custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR"/>
		<sec:custom-filter ref="switchRoleProcessingFilter" before="SWITCH_USER_FILTER"/>
		<sec:form-login login-processing-url="/j_spring_security_login"/>	
</sec:http>

过滤器初始化

Security的过滤器是在项目启动时进行BeanDefinition加载的过程中,由HttpSecurityBeanDefinitionParser的parse方法完成。

createFilterChain方法会获取三种过滤器,然后根据OrderComparator进行排序

public BeanDefinition parse(Element element, ParserContext pc) {
	CompositeComponentDefinition compositeDef =
		new CompositeComponentDefinition(element.getTagName(), pc.extractSource(element));
	pc.pushContainingComponent(compositeDef);

	registerFilterChainProxyIfNecessary(pc, pc.extractSource(element));

	// Obtain the filter chains and add the new chain to it
	BeanDefinition listFactoryBean = pc.getRegistry().getBeanDefinition(BeanIds.FILTER_CHAINS);
	List<BeanReference> filterChains = (List<BeanReference>)
			listFactoryBean.getPropertyValues().getPropertyValue("sourceList").getValue();
	// 初始化过滤器
	filterChains.add(createFilterChain(element, pc));

	pc.popAndRegisterContainingComponent();
	return null;
}


private BeanReference createFilterChain(Element element, ParserContext pc) {
	
	省略

	List<OrderDecorator> unorderedFilterChain = new ArrayList<OrderDecorator>();

	unorderedFilterChain.addAll(httpBldr.getFilters());
	unorderedFilterChain.addAll(authBldr.getFilters());
	unorderedFilterChain.addAll(buildCustomFilterList(element, pc));

	Collections.sort(unorderedFilterChain, new OrderComparator());
	checkFilterChainOrder(unorderedFilterChain, pc, pc.extractSource(element));

	// The list of filter beans
	List<BeanMetadataElement> filterChain = new ManagedList<BeanMetadataElement>();

	for (OrderDecorator od : unorderedFilterChain) {
		filterChain.add(od.bean);
	}

	return createSecurityFilterChainBean(element, pc, filterChain);
}
Never say die
Copyright © 2024 zzz