In the Spring Boot project, we introduce the Spring Security dependency and do nothing. When the project Spring Security is started, it will take effect. The access request is intercepted.
Spring Boot provides an automated configuration solution for Spring Security, which allows you to use Spring Security with less configuration.
So how does this filter chain load and implement interception?
When the Spring Boot project is started, theSecurityFilterAutoConfigurationclass TheDelegatingFilterProxyRegistrationBeanregistration filter will be loaded, with the namespringSecurityFilterChain.
Note: The name of springSecurityFilterChain is fixed.
DelegatingFilterProxyRegistrationBeanAfter successful registration, the filter is loaded into the register. Then call the getFilter() method to generate theDelegatingFilterProxyproxy object and register it inIOC.
When we access the project, we will enter thedoFiltermethod of theDelegatingFilterProxyclass .
The DelegatingFilterProxy class is essentially a Filter, which indirectly implements the Filter interface, but in doFilter, it actually calls the implementation class of the proxy Filter obtained from the Spring container.
The returnedFilterChainProxyobject.
It can be seen that theDelegatingFilterProxyclass gets aFilterChainProxyfilter through the namespringSecurityFilterChain, and this filter is ultimately executed.doFiltermethod.
Verify that the springSecurityFilterChain noun cannot be modified
View the initDelegate method.
FilterChainProxyclass is essentially a Filter, so view thedoFiltermethod. Pay attention to the properties in this class.
public class FilterChainProxy extends GenericFilterBean { private static final Log logger = LogFactory.getLog(FilterChainProxy.class); private static final String FILTER_APPLIED = FilterChainProxy.class.getName().concat(".APPLIED"); // 过滤器链 private List filterChains; private FilterChainProxy.FilterChainValidator filterChainValidator; private HttpFirewall firewall;
Are you surprised? All 15 filters are here!
It turns out that these filters are encapsulated into SecurityFilterChain objects.
SecurityFilterChainclass is an interface, and there is only one implementation classDefaultSecurityFilterChainclass.
DefaultSecurityFilterChainThe constructor method of the class initializes the List filters, which are put in by passing parameters.
Spring SecurityThe filter chain is handed over toSpring bootfor automatic configuration bySpringBootWebSecurityConfigurationClass creation injection.
WebSecurityConfigurerAdapterclass.
Use OrderedFilter for proxy and set the order attribute.
After the addition is completed, encapsulate these filters into DefaultSecurityFilterChain objects.
Finally load springSecurityFilterChain through WebSecurityConfiguration configuration. The securityFilterChains attribute is maintained in WebSecurityConfiguration and will store all filters in the filter chain.
The above is the detailed content of What is the execution process of SpringBoot integrating Spring Security filter chain loading?. For more information, please follow other related articles on the PHP Chinese website!
SpringBoot project building steps
What is the difference between j2ee and springboot
What are the definitions of arrays?
Is it difficult to learn Java by yourself?
Introduction to the meaning of invalid password
What to do if the web page cannot be accessed
How to connect to database with sqlplus
minidump blue screen
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
